Security mechanism and testing of the hottest e-pa

E-passport security mechanism and testing

after the September 11 incident, machine-readable travel document technology aiming at security anti-counterfeiting, aviation security and entry-exit control continues to develop, and e-passport is one of them. At present, security measures have been taken to cover chip manufacturing, production printing, issuance and use. While electronization brings convenience, it also brings new topics of security, anti-counterfeiting and anti attack. As a standardized product, changing the security configuration item means systematic upgrading and transformation. What kind of security mechanism is suitable for the current situation, how to verify whether the security mechanism meets the initial design expectations, and how to be compatible with future technological development are becoming the focus. Combined with various security mechanisms of e-passport, this paper analyzes its advantages and disadvantages, and gives a solution for system security testing and verification, which provides a reference basis for the testing and acceptance, generation by generation launch and upgrading of e-passport products

e-passport security mechanism

in the standard doc9303 formulated by ICAO, two types of security mechanisms are defined, namely, data authentication mechanism and access control mechanism. The data authentication mechanism includes passive authentication (PA) and active authentication (AA); Access control mechanisms include basic access control (BAC) and extended access control (EAC). Recently, sac (supplementary access control) specification has been formulated as a supplement to BAC based on pace (password authenticated connection establishment) protocol. In the ICAO standard, pa/aa/bac/sac are clearly defined and detailed test standards are formulated. In the European BSI standard, EAC related standards are formulated, which are EAC v1.11 and EAC v2.0 respectively. In addition, the test standard EAC v1.12 for v1.11 is formulated. EAC has been used as an optional safety option in Netherlands, Belgium, Finland and other countries, "This football is made of polyurethane raw materials of impanil series, which have not been used in the United States, Britain and Japan, and accept cloning fraud by default.

based on the above security mechanism, the e-passport can be divided into four generations. The first generation is clear text, and only the glass surface appearance can remain unchanged for a long time. The second generation supports bac/aa; the third generation supports sac; and the fourth generation supports EAC. The first generation realizes electronization, but the security and accuracy are controlled by the inspection department System (is) to ensure that plaintext communication is easy to eavesdrop and clone; The second generation adds BAC or AA. BAC realizes line protection based on DES and hash, and AA realizes chip authenticity verification, which can prevent eavesdropping cloning; The introduction of sac in the third generation enhances the low entropy characteristics of BAC line protection, and establishes a stronger line protection based on dh/ecdh algorithm; The fourth generation is EAC, which realizes the verification of chip identity and verifies the identity of the inspection system based on asymmetric algorithm. At present, the actual issuing countries mostly use the second generation BAC, while the fourth generation EAC is mostly used in European countries. The third generation sac has just appeared, and it is expected to gradually replace the second generation BAC

limitations of e-passport security mechanism

in security and anti-counterfeiting technology, there are three requirements: identity authentication, data confidentiality, and data integrity (see Table 1)

bac is realized by challenge response protocol, that is, using the hash value of MRZ as the seed to disperse the key to obtain the basic access key pair (kenc, Kmac), and then realizing the challenge response protocol through getchallenge and mutual authentication instructions, establishing the session key and combining the message sequence counter containing random numbers to protect the line based on the symmetric key algorithm. The disadvantage of BAC is that the shared key is generated by the certificate number, date of birth and expiration date in MRZ, which has limited randomness and is based on the symmetric key algorithm. The improvement methods include: MRZ requires OCR to read the two-dimensional barcode rather than visual; Increase the private key calculation length

sac establishes a stronger session key independent of password based on pace protocol technology and by introducing asymmetric algorithm. When the card supports both pace and BAC, pace must be used, and the customs clearance inspection system must have pace function. DH or ecdh algorithm is used in the pace protocol, and this algorithm is also used in the Ca (chip authentication) of EAC. It can be considered that sac was introduced by ICAO through the form of the pace protocol. This technology is still based on chip computing (need to support AES), so this function has requirements for chip computing function in the promotion of e-passport. Sac is characterized by the use of key exchange algorithm, whose effectiveness depends on the difficulty of calculating discrete logarithms. It needs to prevent replay attacks and man in the middle attacks. The measures taken by sac are to negotiate a temporary global parameter through random numbers to prevent replay attacks, and authentication tokens to prevent man in the middle attacks

eac is characterized by adding the certificate period and managing it, including two steps: chip authentication (CA) and terminal authentication (TA). CA is a technology similar to AA, which is used to verify the authenticity of the chip in the e-passport. The supported algorithms include DH algorithm and ecdh algorithm. It needs to read the public key information in dg14 and generate the key pair for the new encryption channel (kenc, Kmac) through the key exchange algorithm

ta is used to authenticate the external terminal and check whether the authority can access sensitive data. When authenticating the external terminal, it is authenticated through the certificate chain of cvca->dv->is (where cvca= national inspection CA --> issue DV certificate, dv= certificate inspection agency --> issue is certificate, is= automatic border inspection system --> read the data of passport chip and do customs clearance). Some information in the chip may be updated during the authentication process, such as the latest date The trust point in CA even switches the algorithm type. The supported algorithms include RSA, rsa-pss, ECDSA, etc. TA needs the support of external certificate PKI system and even ICAO PKD. This function is used to authenticate the legitimacy of customs clearance inspection system or card reading equipment, and realizes a complete two-way trust evaluation mechanism

e-passport security mechanism test

at present, e-passport authentication test still relies on foreign third-party institutions, and with the development of CPU technology, the time required to crack the key is getting shorter and shorter, and the passport validity is up to 5 or 10 years, the security mechanism and test still need further research and upgrading. In addition, the characteristics of countries' post deployment support are different. Some only support the first generation PA, while others support the second generation BAC or even the fourth generation EAC. This difference also causes security vulnerabilities

20 ~ 77hr45n the test system given in this paper is composed of RFID e-passport reading system, test platform software and test suite. See Figure 4 for details. The test suite is divided into security anti attack test, consistency test and compatibility test

security anti attack test includes: near-field hidden scanning caused by RFID technology; Hidden tracking caused by RFID technology; 14443 protocol level anti attack test; Anti cloning and anti skimming test; Anti eavesdropping test; Security vulnerabilities caused by the disclosure of biometric data of the holder; Vulnerability test of security algorithm itself

this part of the test is not involved in the conformance test suite. Unlike the chip attack test, this part is based on the security mechanism and the security vulnerability after experience sharing. It is for applications, while the chip attack test is based on hardware, using technologies such as spa/dpa, sema/dema, DFA, time analysis attack/differential time-consuming attack, etc

conformance test is the protocol compliance test. Different security mechanisms adopt different security test standards. BAC conformance test is defined in detail in ICAO test specification, which mainly includes: (1) the two minimum command set instructions of select and read binary (2) the test of reading 16 LDS files using these two instructions in BAC protected mode and BAC unprotected mode respectively. The other two basic instructions used in establishing BAC session keys are get challenge and external authentication. Sac has not yet defined the test specification. Please refer to the CA test part of EAC. The following focuses on EAC testing

as shown in Figure 5, the implementation of EAC is composed of several parts: PKD, national e-passport issuing authority, national e-passport verification authority, and e-passport supporting EAC function. EAC test is divided into EAC conformance test, EAC passport and is compatibility test, and PKD interoperability test. EAC itself cannot prevent accurate copying and chip replacement. Chips with asymmetric algorithm operation function provide authentication operation, while all other facilities only provide certificate management and use. The highest level certificate is a self signed certificate issued by the national issuance and verification authority, and it is the starting point of trust or the highest end of the certificate chain in the receiving country

see Figure 5 for the EAC consistency test architecture implemented under the PKD architecture, which realizes the testing of licensing -> domestic customs (customs clearance) -> foreign customs (customs entry) -> foreign customs (customs clearance) -> domestic customs (customs entry) and other operations. Country B issues an e-passport, which passes through the certificate chain (CVCA (country B) －> domestic DV －> is) contained in the corresponding is inspection system to verify the EAC and complete the security inspection of face fingerprint or iris. To country a, it verifies the EAC based on the certificate chain (CVCA (country B) －> foreign DV －> is) of the is inspection system of country a, and completes the security inspection of face fingerprint or iris. It is similar to returning to China. ICAO PKD plays the role of storage sharing

the EAC conformance test given by BSI combines the test points of EAC sub process ca/ta, certificate chain, access rights, date trust point update and so on to test the compliance of the security mechanism. The basis is the test standard EAC v1.12, which mainly includes the following parts (Table 2)

the test system gives the test of security mechanism from different angles. Compatibility test focuses on card machine compatibility, security anti attack test focuses on security vulnerabilities, and consistency test focuses on protocol compliance. The test system needs to be continuously improved with the continuous updating of technology. A continuously improved system is of positive significance to the stability and safety of products

summary of this article

as another heavyweight identity recognition product after the second-generation ID card, e-passport must undergo different stages of evolution, especially the security mechanism. Based on the second-generation BAC is a mature technology, the newly introduced sac, as the third generation, is also more mature in implementation, and will be promoted in time, The European standard EAC, as the fourth generation and a more complex security mechanism, will attract attention and affect the development and upgrading of e-passports