Fifteenth Meeting of the Technical Advisory Group on Machine Readable Travel Documents (TAG-MRTD/15)

1
Securing Data in ePassports Policy Issues
ICAO/NTWG
2
John Davies Director of Systems, UK Passport
Service Chairman NTWG PKI Task Force
ICAO/NTWG
3
The presentation will address

• Why secure electronic data?
• Why use PKI/encryption?
• How a globally interoperable PKI could work for
  passports

ICAO/NTWG
4
Why secure electronic data?

• To ensure the electronic data was loaded by the
  appropriate passport issuing authority
• To ensure the electronic data has not been
  overwritten or amended in any way.
• To protect inappropriate access to data by
  unauthorised persons or organisations.

ICAO/NTWG
5
e-Passports will initially contain the following
electronic data

• Biometric information
• Portrait Data (mandatory)
• Finger print and iris data (optional)
• Personal details from the passport biodata page (
  name, date of birth, passport number, etc.)

ICAO/NTWG
6

• e-Passport specifications will offer read only
  access to the electronic data and will not
  initially offer any updating facility.
• This limitation will facilitate a simple form of
  security implementation in the first instance.

ICAO/NTWG
7

• There is a tension between
• Ensuring the electronic data is secure from
  inappropriate access
• Ensuring the electronic data can be accessed
  easily by immigration authorities.

ICAO/NTWG
8
The PKI scheme is based on open access but allows
individual states to choose optional additional
security methods to protect personal data.
ICAO/NTWG
9
Why use a public key infrastructure (PKI)?

• PKI is a well established method of protecting
  and authenticating data held on computer chips.
• No other scheme offers equivalent security for
  chip technology.

ICAO/NTWG
10
Why use encryption?

• The proposals do not include encryption for basic
  personal data or the facial biometric.
• Encryption of fingerprint or iris data could be
  considered by states who choose to use these
  forms of biometric, but encryption specifications
  have not been developed.

ICAO/NTWG
11
The PKI scheme proposes

• A peer-based environment with each state
  independent and autonomous with respect to
  passport security.
• An agreed means of sharing and updating public
  keys.

ICAO/NTWG
12
Responsibilities for states issuing e- passports

• Generate key sets and protect from unauthorised
  access.
• Manage distribution of country signing
  certificates using bilateral secure diplomatic
  means.
• Manage certificate revocations when a key is
  compromised.
• Facilitate dissemination of information about
  public keys via ICAO public key directory .

ICAO/NTWG
13
The PKI specifications recognise many individual
states already have a PKI infrastructure

• RSA or DSA or elliptic curve and related hashing
  algorithms are included in the specifications.

ICAO/NTWG
14
PK1 responsibilities for states reading
e-Passports

• Maintain up to date information about public keys
  and certificate revocations on their systems.
• Provide suitable reader infrastructures.

ICAO/NTWG
15
ICAO Responsibilities

• To provide an efficient and reliable public key
  directory
• Ensure the directory is only updated by member
  states.
• Provide open access to public key information to
  participating states and organisations .

ICAO/NTWG
16
The PKI Technical report

• Aimed at specialists familiar with PKI.
• Proposes a technical framework and guidelines to
  enable each country to develop secure e-Passports.

ICAO/NTWG
17
The technical report includes an annex on PKI and
security threats. This is intended to aid
individual states with their own risk analysis
and mitigation decisions.
ICAO/NTWG