e-Passport Security and Testing Joint Research Centre by jianghongl

VIEWS: 27 PAGES: 29

									  UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                    1




e-Passport Security and Testing
Dr Pravir Chawdhry

Institute for the Protection and Security of the Citizen
Joint Research Centre
European Commission
Ispra (VA) Italy

Pravir.Chawdhry@jrc.it




  UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                    2




Joint Research Centre

  Institute for the Protection and Security of the Citizen
  (One of the 7 Institutes of the JRC)


  Mission:
         “To provide research-based, systems-oriented support to EU
            policies for the protection of the citizen … against economic and
            technological risk.”

         Border Security is a principal concern




                                                                                    1
 UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                 3




ePassports in the Big Picture

EU Council Decision on the introduction of ePassports
European Commission - DG-JLS set out the policy on introducing
   ePassports
ICAO set out specifications for Machine Readable Travel
   Documents (MRTD)
Member States began issuing ePassports latest by August 2006
EC Joint Research Centre provides technical support &
   coordination for interoperability of EU wide ePassports
IPSC of JRC is responsible for this support
   SERAC Unit: Sensors, Radar Technologies & Cybersecurity
        Border Security Action:
                 ePassport Test Laboratory




                                              Border Security – Challenge
 UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                 4




        Analyze and assess infrastructures and technologies
          across Member States with a view to integrated border
          management concept from the points of view of
          people.
        Key issues:
                 –    Interoperability,
                 –    Surveillance / monitoring of borders
                 –    Identification (including e-identity)
                 –    Detection
                 –    Standardization




                                                                                2
 UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                5




       Biometrics and ePassport

        Why?
        • Large scale introduction of biometrics requires multi-disciplinary
          expertise
        • Based on the political decision about its introduction, immediate
          action at European level is required
        How?
        • Development of commonly agreed test and evaluation
          methodologies with other relevant stakeholders
        • Evaluation and conceptual study of new biometric technologies (in
          particular face recognition and cognitive vision)




 UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                6




The European Electronic Passport


Yesterday
• Machine readable passports
  with MRZ
Today (first generation) – primary biometrics
• Electronic passports with
  digital photograph
Tomorrow (second generation) – secondary biometrics
• From 2009 passports with fingerprints




                                                                               3
 UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                            7




        Electronic passport

        • Classical passport booklet + passive contactless smartcard
        • Chip & antenna integrated in a page or cover
        • Technical specification standardized by ICAO
                – Standard 9303, 6th edition
                – References many ISO standards
        • The communication is based on ISO 14443 & 7816
        • Data is organised in 16 data groups and 2-3 meta files
                – DG1-DG16, EF.COM, EF.SOD, EF.CVCA




 UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                            8




The European Electronic Passport

• Council decision of 13 December 2004 (Regulation (EC)
  2252/2004):
      – The facial image will be required at the latest 18 months,
      – the fingerprints will be mandatory at the latest 36 months
  after the date of adoption of technical specifications necessary
  for the implementation of the Regulation
• Facial images:
      – C(2005) 409 on 28 February 2005, deadline 28 August 2006
• Fingerprints:
      – C(2006) 2909 on 28 June 2006, deadline 28 June 2009
• Participants: all MS except UK, IRL + NOR, ICL




                                                                           4
  UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                 9




Passports of the first generation (BAC)

 • Electronic passport
         – Classical passport booklet + passive contactless smartcard
         – Chip & antenna integrated in a page or cover
 • Technical specification standardized by ICAO
         – Standard 9303, 6th edition
         – References many ISO standards
 • Data is organised in 16 data groups (DG) and 2 meta files
         – DG1-DG16, EF.COM, EF.SOD
         – Mandatory is DG1 (MRZ), DG2 (photo), EF.COM and EF.SOD (passive
           authentication)




  UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                 10




 Passports of the second generation (EAC)

• Only in the European Union
• Introduction deadline: June 2009
• 2 fingerprints (index fingers) stored as images (WSQ) in DG3
     – If fingerprints can be enrolled
• Fingerprints readable only by authorized border authorities
     – Relatively heavy PKI behind
     – Protection mechanism is called Extended Access Control (EAC)




                                                                                  5
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                        11




EAC Timeline

• EAC specification document
       –    Version 1.0 in February 2006
       –    Version 1.01 in November 2006
       –    Version 1.1 in August 2007
       –    Version 1.1.1 will be the ‘final’ version
• EAC conformity test specification document
       –    Version 0.3 in April 2007 (a merge of BSI and AFNOR docs)
       –    14 working versions in Spring/Summer 2007
       –    Version 1.0 in July 2007 (based on EAC 1.01)
       –    Version 1.1 (based on EAC 1.1) to be ready for the next BIG meeting




UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                        12




Part 2


Authentication of ePassport




                                                                                       6
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                               13




Authentication of ePassports


    • ICAO Mandatory
             – Passive authentication (authenticity of data)
    • ICAO Optional
             – Basic Access Control (limits remote readability)
             – Active Authentication (authenticity of chip)
    • European Extended Access Control
             – Chip Authentication (authenticity of chip)
             – Terminal Authentication (authorization to read biometric data)
    • Holder Authentication
             – Facial image, Fingerprint, Iris
             – Signature




                                                                     CSCA
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                               14

                                                               DS1              DS2
Passive Authentication
                                                    ePassport 1   ePassport 2    ePassport 3



       • The list of the hashes (SHA-1/2) of all present data groups is digitally signed
         by the issuing organisation (Document Signer)
          – State printer
          – Embassy
          – Etc.
       • The X.509 certificate of the Document Signed issued by the CA of the issuing
         country (Country Signing CA – e.g. the ministry of interior) is included.
       • The CSCA certificates must be exchanged bilaterally.
       • A central ICAO directory for CRLs and DS certificates is planned.
       • Passive authentication is a mandatory security feature of all ePassports.




                                                                                               7
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                                              15




Passive Authentication – the Details


       • The file EF.SOD contains a CMS (PKCS#7) SignedData structure (file is read
         and validated by inspection system)
          – The signed data is the list of hashes of the data groups
          – The DS certificate is included (ICAO optional, EU mandatory)
          – Data is signed by the DS
          – Interoperability problems: hash algorithm mismatch, the order of RDNs of Issuer
       • Signature algorithms
          – RSA with PKCS#1 v1.5 padding
          – RSA with PSS padding
          – DSA (not standardized for key lengths > 1024)
          – ECDSA (domain parameters must be specified)
       • Message Digest algorithms
          – SHA-1 and all SHA-2 algorithms




UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                             x        ePassport
                                                                                                        16

                                                                     Reader
Active Authentication                                                                Sig(x)
                                                                        PK
      • Active authentication verifies whether the chip is authentic (not cloned)
      • Asymmetric key pair is stored in the chip
         – The public key is accessible in DG15 (i.e. integrity protected by PA)
         – The private key does not leave the chip, no way to read the key, but possible
            to verify whether the chip can access the private key
      • Reader generates a random number and send to chip to sign
         – The signature is verified using the public key from DG15
      • AA is an optional feature of electronic passports (chip must support
        cryptographic operations)
      • In practice only RSA implementations (DSA and ECDSA theoretically
        permitted as well)
      • ISO 9796-2 scheme 1
                       • A4 “Signature production function” vs. A6 “Alternative signature production
                         function”




                                                                                                             8
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                              17




       Basic Access Control (BAC)
       • Contactless interface is both advantage and disadvantage
       • BAC allows to read the data only after the reader (in fact mutual)
         authentication
               – The reader must prove the knowledge of the MRZ of the passport
       • BAC is ICAO optional (recommended) feature, in EU mandatory
       • The authentication key is derived from document#, DoB, DoE
               – Low entropy (3DES max 112b, BAC max 56/74b, in practice 30-50b)
       • Interoperability issues
               – Modification of the derivation of the static key rejected by ICAO in
                 order not to break interoperability
               – How to find out the passport is BAC-protected → try & error




UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                              18




Extended Access Control (EAC)


       • Fingerprints (DG3) in the EU passports will be protected by additional
         mechanism
       • Reading is allowed only by those who got authorisation of the issuing country
       • Authorisation is based on two-level PKI and challenge-response protocol
          – So called Terminal Authentication
          – CV certificates (encapsulation in 7F21 tag, coding of integers,…)
       • EAC specification also introduces chip authentication, which replaces AA (and
         restarts SM with stronger keys)
          – DH and ECDH, public key stored in DG14
          – Format of DG14 - to enable worldwide interoperability (DG14 is not specific to
             European EAC)




                                                                                             9
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                                         19




Biometric Data

        • Biometric authentication of the passport holder
                – Facial image (DG2, ISO 19794-5 [facial image])
                        •   JPEG or JPEG2000 image
                        •   Basic, Full Frontal, Token Image
                        •   Feature points (e.g. eyes)
                        •   Coding of some values changed between CD and FDIS
                – Fingerprint (DG3, ISO 19794-1 [finger image])
                        • Uncompressed, WSQ, PNG, JPEG or JPEG2000
                        • How to indicate the fingerprint cannot be enrolled (no DG3, empty DG3,
                          no template), how to store 2 fingerprints (2 images, 2 templates)
                – Iris image (DG4, ISO 19794-6 [iris image])
        • Quality of biometric data




UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                                         20




      General authentication aspects I
       • Maximal effort to use existing communication protocols and data
         formats (ISO & ANSI standards and RFCs)
               – Biometric formats
               – Cryptography (X.509, CMS, SM)
       • Format of data groups specific to ePassports
       • Passive and active authentication similar to static and dynamic
         data authentication in EMV (banking).
       • ePassport specifications (ICAO and EU EAC) define
               – The properties of the passport from the verification point of view
               – The inspection procedures (recommendations)
       • Passport personalization issues are not covered
               – Enrollment procedures (interviews, ID cards, national databases)




                                                                                                        10
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                          21




General authentication aspects II

      • Remote authentication (web etc.)
              – Passive authentication only proves such a person/passport
                exists [existed at the time of issue] (not that it is yours etc.)
              – Active authentication proves you have physical access to
                passport (incl. proxy attacks)
                       • AA can be used for computer logon like other smartcards
              – Remote biometric authentication is not secure
      • ePassport specs can be reused for national IDs and 3rd
        country nationals residency permits




Conclusions
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                          22




       • Authentication is ubiquitous in ePassport environment
       • Worldwide interoperability is essential
               – After a few tests the current status looks good
       • Maximum effort to reuse existing standards
       • The ePassport specs can be used for other IDs
       • ePassport is not suitable for web authentication




                                                                                         11
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                                           23




Part 3


Interoperability of ePassport




UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                                           24




General scope and definition


• Interoperability is the ability of products, systems, or
  business processes to work together to accomplish a
  common task. The term can be defined in a technical way or
  in a broad way, taking into account social, political and
  organizational factors.

                                             See as well: http://en.wikipedia.org/wiki/Interoperability




                                                                                                          12
 UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007         25




The decision process for interoperability of
ePassport in the EU

 • Article 6 committee of DG-JLS
 • BIG (Brussels Interoperability Group)
 • Working subgroups of BIG
        – Certification policy
        – EAC test specification
 • Test Events




 UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007         26




Worldwide e-passport interoperability test events

• 2 / 2004 Canberra
• 7 / 2004 Morgantown
• 9 / 2004 Sydney
• 12 / 2004 Baltimore
• 3 / 2005 Tsukuba
• 11 / 2005 Singapore
• 5 / 2006 Berlin
• 9 / 2008 Prague (?)




                                                         13
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                     27




Interoperability testing

• Conformity testing
   – Conformity to ICAO Doc 9303 and ISO standards
   – Based on ICAO technical reports (7 ISO/OSI layers)
   – Identifies non-compliant behaviour of passports

• Crossover testing
   – Various readers vs. various electronic passports
   – Identifies problematic combinations
   – Detailed analyses necessary to find the problem (passport or reader)




                                             Conformity and Interoperability
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                     28




       Conformity testing to ISO 14443
       • layer 1 to 4
             > analog and protocol test
       • layer 6 and 7
              > application test

       Interoperability
       • #N Passports against #M readers
       • “Golden Reader” Software




                                                                                    14
 UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                                      29




Conformity testing
• Passports
     – Layer 1,2,3,4 (physical parameters and low level communication)
             • ICAO technical report: RF protocol and application test standard for e-passport –
               part 2: Tests for air interface, initialisation, anticollission and transport protocol
             • 3 tests on L1, 4 tests on L2, 10 groups of tests on L3 and L4 (about 200 test cases)
     – Layer 6 (high level communication) and 7 (data structure)
             • ICAO technical report: RF protocol and application test standard for e-passport –
               part 3: Tests for application protocol and logical data structure
             • 165 test cases on L6 and 38 test cases on L7
• Readers
     – Layers 2,3,4 (low level communication)
             • ICAO technical report: RF protocol and application test standard for e-passport –
               part 4: E-passport reader tests for air interface, initialisation, anticollision and
               transport protocol




 UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                                      30




An example of a conformity test for BAC protected
passport
 •        The test verifies the enforcement of Secure Messaging while basic
          access is granted (test case 7816_B_40 on L6)
 •        Verifies whether the passport denies to send data in an
          unencrypted way
        1.       BAC is established, file DG2 is selected and read using SM
                 ‘0C B0 82 00 0D 97 01 06 8E 08 <checksum> 00’
                                                                                               Reader
        2.       The passport must return 90 00 using SM
                                                                                                 2
        3.       Then an unprotected reading command is sent
                 ‘00 B0 00 00 00’
        4.       The passport MUST return an ISO checking error         Reader
                                                                                               ePassport

                 67 XX – 6F XX                                            1




                                                                                                           15
  UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                             31




 Interoperability is not only readability

• The need of CSCA certificates and CRLs to verify the digital signature of
  the e-passport content
     – Bilateral exchange of CSCA certificates
     – ICAO PKD (DS certificates, CRLs, CSCA cross certificates)
• Active authentication not tested in ICAO conformity tests
• Basic structure of files is tested in ICAO conformity tests on L7
• Quality of biometric data (facial images)
     – ICAO Doc 9303 requirements (ISO 19794-5)
             • Basic, Frontal, Full Frontal, Token
     – Scanned photographs are more problematic
• OCR of MRZ not tested in ICAO conformity tests




  UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                             32




 EAC: technical interoperability

 • Conformity tests
         – Lisbon, May 2007 (small subset of test cases only)
         – Paris, Oct 2007 (all test cases, 6 independent testers)
 • Crossover tests
         – Ispra, Dec 2006
         – Prague, March 2007
         – Paris, Oct 2007




                                                                              16
  UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007   33




EAC Crossover tests
in Paris

 • Registered
    – 33 passports
    – 16 inspection
      systems
 • Tested
       – Readability
       – Passive authentication
       – Chip authentication
       – Terminal
         authentication
       – Display data




  UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007   34




EAC Conformity tests
in PARIS

• 29 passports registered
• 6 testing teams

• Results used as a bases
  for discussions about the
  EAC test specification
      – Some test cases will be
        modified




                                                    17
  UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                       35




EAC interoperability is not only a technical issue

 • To be able to read fingerprints the inspection system at the
   border will need:
       – IS certificate issued by the DV CA and the IS private key
       – DV certificate issued by CV CA of the country which issued the
         passport
       – LINK certificates (updating the trust point in passport)
 • When the CV CA issues certificates to foreigner DV CA it
   needs to know how the fingerprints will be used
       – A common minimal and mandatory European Certification
         Policy is being developed to simplify the process of certification




  UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                       36




 Conclusions

 • Interoperability is improving
 • Effort has to be made in the design of the border control system to
   guarantee interoperability
 • The need of exchange of CSCA certificates

 • EAC technical interoperability and PKI interoperability addressed by
   BIG
         – EAC conformity tests and Certification Policy still under development




                                                                                        18
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                                          37




Part 4




ePassport Interoperability Tests at Ispra




                                    BIG Interoperability Tests at Ispra
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                                          38




     Brussels Interoperability Group (BIG)
            Considers all issues relating to the introduction by EU Member States of electronic
            machine readable travel documents to ensure that Member States achieve
            uniformity for their respective electronic passports, identity cards used for travel, and
            other MRTDs.
     • Informal test of e-passports at JRC (Ispra, 15-16 May 2006)
            - 13 states present,
            - 80 passports read,
            - 7 reader models
     • Interoperability test of e-passports of the 1st Generation (Ispra, 5
       Dec 2006)
            - 9 EU countries; 2 non EU countries present
            - 85 passports tested
     • Interoperability test of e-passports of the 2nd Generation (Ispra, 6-7
       Dec 2006)




                                                                                                         19
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                  39




Participants

       • 12 countries
               – Spain, France, Czech Republic, Italy, Slovenia, Switzerland,
                 Belgium, Poland, Norway, Portugal, Sweden, UK
       • 85 passports
       • Not all passports tested by all stations, not equal number of
         passports per country. Any statistics therefore not really
         representative.




                                             Test Process
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                  40




                                                                                 20
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                  41




Conformity tests


       •     A1: Reading passports with Golden Reader Tool
       •     A2: Analysis of some basic ISO 14443 parameters of the chips
       •     B1: ICAO L6 and L7 with JRC test suite (TR version 0.96)
       •     B2: Reading passports with JRC enhanced reader
       •     C: ICAO L6 and L7 with Soliatis test suite (TR version 0.95)
       •     D: ICAO L3 and L4 with Soliatis test suite (TR version 0.95)
       •     E: subset of ISO 10373-6 L2 test




UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                  42




A1: Reading passports with Golden Reader Tool


       • GRT 2.8 with Pegoda MF RD 700/Gemprox V5.65
       • all passports read (except for passport #6 – EAC)
       • Passports #1-5 used the “Facial Image Type” value of 0003
         (not permitted by the final version of ISO 19794-5)
       • Digital signature verification failed for passport number 6
               – just a company sample, no real personalization
       • Data size: AVG 23088, MIN 16992, MAX 43294 bytes




                                                                                 21
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                    43




A2: Analysis of some ISO 14443 parameters of the chips

       • Type A chips (31 tested): UID, ATQA, SAK and ATS
       • Type B chips (11 tested): ATQB and ATTRIB answer
       • Passports #6 and #11 (type B) used the value CRC_B_AID of F3
         E5 instead of F3 5E
       • AFI of E1 indicated: 23 × Yes, 19 × No
       • FSC (type A): 25 × 256 B, 6 × 128 B
       • UID (type A): 29 × random, 2 × fixed
       • FSC (type B): 9 × 256 B, 2 × 128 B
       • Supported speeds: 8 × 848 kbps, 33 × 424 kbps, 1 × asymmetric




UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                    44




B1: ICAO L6 and L7 with JRC test suite (TR v. 0.96)

     • Tests LDS_D_01 to LDS_D_07 not performed
     • 16 passports passed (out of 42 tested)
     • Failures:
             – 7816_C_16/2 - when Secure Messaging (SM) is active, a non-SM
               command must end the SM session
             – LDS_C_13/1 – wrong face image type
             – LDS_A_05/4 – EF.COM cannot list EF.COM and EF.SOD
             – LDS_A_03/4 – current LDS version must be 1.7
             – 7816_C_18/1 , 7816_C_13/1, 7816_C_14/1, 7816_C_19/1, 7816_A_2/6b,
               7816_D_2/1, 7816_D_3/2, 7816_D_4/2, 7816_D_5/2 – wrong error codes
             – LDS_A_04/4 –current Unicode version must be 4.0.0




                                                                                    22
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                                             45




B2: Reading passports with JRC enhanced reader


       •           For statistics see the detailed results (CIRCA)
       •           ICAO header version (DG2):
               –        28x not specified
               –        7x 01.01
               –        5x 01.00
       •           Unusual image size (DG2) for passports #24,#88
       •           SOD OID: 44x 2.23.136.1.1.1 (mentioned in 9303 edition 6)
               –        5x 1.3.27.1.1.1
               –        3x 1.2.528.1.1006.1.20.1
               –        1x 1.2.840.113549.1.7.1
       •           DS cert time validity within CSCA cert: 22x OK, 2x FAIL (passports #47,#50)
       •           Algorithm mismatch – passport #56
               –        Message Digest algorithm: 2.16.840.1.101.3.4.2.3 (SHA-512)
               –        Message Digest & Encryption algorithm: 1.2.840.113549.1.1.5 (SHA-1WithRSAEncryption)




UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                                             46




  C: ICAO L6 and L7 with Soliatis test suite (TR v. 0.95)


  • Results similar to JRC L6&L7 test
  • 7816_C_3, 7816_C_4, 7816_C_6, 7816_C_12 , 7816_C_17
    – wrong error codes (later allowed in 0.96)
  • 7816_C_19 - Passport #51 returns 90 00 (error expected)
  • 7816_E_03 - Passport #49 returns 90 00 (error expected)
  • LSD_C_8 - Passport #7, the length of the 'format type' value
    must be 02 (found length: 01)




                                                                                                               23
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                                                         47




  D: ICAO L3 and L4 with Soliatis test suite (TR v. 0.95)

 • Chips do not change their states correctly
    – Passports #6 and #53 don’t go in HALT state after DESELECT command
      (Scenario 34)
 • Chips do not respond when they should
    – Passports #51 and #53 failed: no response to RATS after RATS (Scenario 15)
 • Chips are too permissive
    – Passports #8, #13, #35 and #64 send no error to PPS after unreceived PPS
      (Scenario 19)
 • Wrong timing
    – Passport #8, #13 and #64 respond with a wrong Frame Delay Time to some AC
      commands (Scenario 13)




UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                                                         48




    E: Subset of ISO 10373-6 L2 – Load modulation amplitude
                                                                                                           001
                                                       Load modulation amplitude - Lower side band         002
                                                                                                           006
                                                                                                           008
                                        50                                                                 009
                                                                                                           010
                                                                                                           012
                                        45                                                                 013
                                                                                                           014
                                                                                                           015
                                                                                                           016
                                        40                                                                 017
                                                                                                           018
                                                                                                           019
                                        35                                                                 020
                                                                                                           021
                                                                                                           022
                                                                                                           032
                                        30
                       Amplitude (mV)




                                                                                                           033
                                                                                                           034
                                                                                                           042
                                        25                                                                 043
                                                                                                           044
                                                                                                           045
                                                                                                           046
                                        20
                                                                                                           047
                                                                                                           050
                                                                                                           052
                                        15                                                                 053
                                                                                                           054
                                                                                                           055
                                        10                                                                 056
                                                                                                           057
                                                                                                           058
                                                                                                           064
                                         5                                                                 066
                                                                                                           067
                                                                                                           088
                                         0                                                                 089
                                                                                                           Limit
                                             1   1.5                              2.5
                                                              2Field strength (A/m)            3     3.5




                                                                                                                        24
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                    49




Conclusions

• Conformity testing based on drafts of TRs.
• Really accurate results would require additional information (like
  optional commands and the position of the antenna) and sufficient
  time spent on each passport.
• No single tested electronic passport was perfect, passing all the
  performed tests.
• Majority of the problems identified are not critical for the
  interoperability, but some issues may cause difficulties in practice
  (e.g. in multichip environments or at low operating field).
• Testing passports vs. testing test suites...




                                     Interoperability – 2nd Generation
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                    50




 • 1st Interoperability test of e-passports with finger prints protected by
   the extended access control on the 6. and 7. of December 2006

                   - 10 e-pass readers tested
                   (G&D, Gemalto, Sagem, ASK, Oberthur,
                   Atmel, Cryptomathic, RTE, SDU, Gep)

                   - 11 passports with extended access
                             control tested,
                   - 75 participants from 17 countries,




                                                                                   25
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                             51




Part 5



Biopass Case study on Field Trials at Airport Borders




                                        Field Trials – BIOPASS Study
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                             52




       Study on automated biometric border crossing systems for
         registered passenger at European airports
       • Privium project at the Amsterdam Airport Schiphol in the
         Netherlands,
       • Automated and Biometrics-Supported Border Controls at
         the Frankfurt Airport,
       • The PEGASE project at the Charles de Gaulle Airport in
         Paris,
       • The Iris Recognition Immigration System IRIS at London
         Heathrow, Gatwick, Manchester and Birmingham.




                                                                            26
                                             Amsterdam Airport
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                              53




• Privium project
• Owned by the Schiphol Group,
• Started in October 23rd 2001 as a 1 year trial
• In operation since October 23rd 2002
• Iris scan technology satisfies all
  security requirements.
• There is no intention to end
  this program as maturity
  of the system is final.




                                                Frankfurt Airport
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                              54




 • In February 2004 Germany launched a new biometric border control
   system based on iris scanning at Frankfurt airport.
 • This pilot project is foreseen to run until the middle of August 2007.
 • Evaluation of the results has begun in January 2007,
 • The aim of the project is defined as:
    (1) fast crossing,
    (2) secure system,
    (3) saving personnel resources-in
    the longer run.
 • Fully automated
   iris recognition system.




                                                                             27
                                             PEGASE – CDG Paris
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                                        55



•      The PEGASE project was awarded to the company SAGEM défence sécurité (now part of the
       SAFRAN Group) after the tender in August 2004.

•      The system was open for public in June 2005 as a trial for one year (and has been in the
       experimental stage already since March 2005).

•      The initial maximum number of participants was
       set to 5 000 volunteers. Later the trial has been
       extended until the end of May 2007 and the
       maximum of 10 000 participants.

•      This maximum of participants
       reached in 01 / 2007

•      The system will be dismantled
       and the database will be
       destroyed in June 2007.

•      Finger print based,




                                             Heathrow - The IRIS system
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                                        56




       • IRIS allows the eligible person who pre-registers his or
         her iris patterns is able to use automated barriers to pass
         through the immigration control on arrival in the United
         Kingdom.
       • The main purpose IRIS system is to provide fast and
         secure clearance trough the UK immigration control for
         bona fide travellers.
       • IRIS is a final system that
         is in work since June 2005




                                                                                                       28
UNIVERSITY OF MAGDEBURG – 12 DECEMBER 2007                                                         57




                                                   Summary

           System                            Privium    Frankfurt      PEGASE               IRIS

          Modality                   Iris              Iris           Fingerprint    Iris
         Biometric                   Verification      Verification   Verification   Identification
           mode
          Token                      Contact           Passport       Contactless None
                                     smartcard                        smartcard
         Biometric                   LG                OKI            SAGEM       Panasonic/
            HW                                                                    SAGEM




                                                                                                        29

								
To top