E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity and Integrity for Electronic Passport Projects WHITE PAPER
Overview In the wake of acts of terrorism occurring worldwide, it has become imperative for countries to increase the level of security at their borders. To assist in their efforts for stronger border security, countries around the globe are implementing an e-passport program.
The e-passport has a smartcard chip embedded in the passport’s back cover that contains a digital image of the traveler’s face, their name, date and place of birth, gender, passport number, and dates of passport issuance and expiration. Since different passports are used daily worldwide, it is critical to have a standard system in place for the e-passport design and reader technology. For this reason, the International Civil Aviation Organization (ICAO) created a set of worldwide e-passport technical speciﬁcations to assist in the implementation process to ensure all e-passports work with the readers in other countries. Further, the e-passport holding biometric information is recognized as the new standard for Machine Readable Travel Documents (MRTD). The systems standardization has aided in the cooperation levels of countries that were once hesitant about how the e-passport implementation would affect international travel. However, security and data protection continue to be issues surrounding the e-passport implementation. Although e-passports have a built-in anti-skimming device in the cover and smartcard chips that cannot be read further than four inches away, the need for additional data protection is essential. To ensure data authenticity and integrity, the information in the chip must be digitally signed by the respective issuing authority. When the electronic passport holder reaches a customs entry desk, the customs ofﬁcer veriﬁes the personal information and biometric identiﬁer stored in the chip. The trust of the digital signature is bound to the security of the corresponding digital signing key. Countries around the world are turning to SafeNet’s HSM family of products as the solution for secure key generation and storage, cryptographic signing, encryption, and to encode the passport holder personal data to the smartcard chip. SafeNet’s HSMs are purpose-built hardware appliances that protect the digital signing key, and deliver comprehensive and high-speed hardware-based cryptographic functionality for a myriad of digital identity applications. SafeNet’s HSM products feature true hardware key management to maintain the integrity of encryption keys. Sensitive keys are created, stored, and used exclusively within the secure conﬁnes of the hardware security module to prevent compromise. SafeNet’s HSMs provide advanced features like direct hardware-tohardware backup, split user role administration, multi-person authentication, and trusted path authentication, coupled with proven security and operational deployment. Today, SafeNet HSMs set the standard for CA key protection and are employed to protect some of the largest PKI installations in the world. SafeNet HSM’s are FIPS 140 and Common Criteria certiﬁed, assuring the highest level of security available in the market today.
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity and Integrity for Electronic Passport Projects White Paper
SafeNet HSM’s are currently deployed in 14 countries around the world to support different e-passport initiatives. The strength of the product offering, combined with an established and large global presence, are key factors resulting in the use of SafeNet technology, upon which the trust and security of this scheme is based.
E-passport History and Background The September 11, 2001 terrorist attack triggered fundamental changes in national security, including the launch of the electronic passport (e-passport) initiative. This was compelled largely by the USA PATRIOT Act and the U.S. Enhanced Border Security and Visa Reform Entry Act of 2002 legislation, which it stated that the 27 countries with which the U.S. has a visa waiver arrangement should have a biometric passport issuance program in place by October 26, 2006. According to the legislation, the new e-passports must be tamper-proof, machine-readable documents (MRD) that incorporate contactless IC chips, as well as biometric identiﬁers that comply with standards established by ICAO – the International Civil Aviation Organization. ICAO, an United Nations organization that represents 189 nations worldwide, and is in charge of specifying and developing standards for international travel documents, such as passports, visas, and boarding passes. In fact, a signiﬁcant portion of passports currently in circulation, in more than 110 countries, constitute Machine Readable Travel Documents (MRTDs), or Machine Readable Passports (MRPs) and include complex security measures to prevent forgery or alteration. The key component of the MRP is the laminated data page with holder’s identiﬁcation details, including a digitally printed photograph, a digital image of the passport holder’s signature, and a two-line Machine Readable Zone at the bottom of the page containing mandatory identity information. This strip allows a passport to be read rapidly at passport control, enabling immediate cross-referencing with immigration computers. In 1997, well before the September 11th terrorist attack, ICAO’s New Technology Working Group (NTWG) began investigating biometrics and their relevance to MRTDs. The three biometrics recommended are face, ﬁngerprint and iris. ICAO subsequently speciﬁed that facial recognition should be a mandatory biometric in the e-passport, while individual countries could implement ﬁngerprint, and/or iris recognition if they wished. Standardization is essential so that MRPs were interoperable throughout the world. The e-passport speciﬁcations have been absorbed into the ICAO document 9303, and will soon be endorsed by ISO as a three-part standard – ISO/IEC 7501.
From Passport to E-passport Throughout history, the passport has been a document that has evolved in order to remain one step ahead of increasingly sophisticated fraudsters. The use of biometric data in the passport is seen as essential by many governments as part of their ongoing ﬁght against terrorism, fraud, and organized crime. Using biometrics, such as facial images, passport ofﬁcials are able to conﬁrm the given identity of passport holders to a high degree of certainty. Their use will also help guard against the issuance of duplicate documents. The decision to use a smartcard chip within the passport allows comparatively greater amounts of data, such as biometric images and electronic visas, to be stored securely. The e-passport will, in fact, not use contact-based smartcards, which would be impractical for passport booklets. Instead it will use contactless IC technology, which operates using radio frequencies and is comprised of a chip and an attached antenna. This sort of technology will provide a sufﬁcient amount of data capacity and can be embedded into the cover or inside pages of a passport.
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity and Integrity for Electronic Passport Projects White Paper
Business Change Traditionally, governments had a long-standing relationship with secure document printing companies (e.g., Bundesdruckerei in Germany, SDU in the Netherlands, or SPS in the UK) that have 50-100 years of experience in the manufacturing of secure paper, prints, and additional security features. However, the decision to move from a passport to an e-passport requires a signiﬁcant change to the normal passport production environment. Traditional passport producers are required to integrate their highly effective security features into the passport document, along with many new processes. E-passports require secure printers to adopt new processes for data collection and data handling – especially biometric data. • new IT networks and infrastructure • handling of new basic materials in which the antenna and chip can be stored • adoption of new lamination processes • equipment for electronic testing and personalization • implementation of additional quality control measures to inspect the electronic aspects of the document In addition, the secure printer must also possess knowledge in the areas of cryptography, PKI, RFID, operating systems, and biometrics. Most secure document printers do not have the capability to develop this expertise in-house in the short timeframes that are set, so they are actively developing new relationships with third-party vendors.
Systems Integration and the Value Chain An e-passport is created using many diverse parts and services, including: • the contactless chip and its associated software; • the module • the inlay • the cover and paper comprising the booklet • special printing techniques to help make the document secure • personalization services required to individualize the passport The passport is just one – albeit very important – part of an overall border control system, which also includes, among others, passport readers and terminals, workstations, and servers. Towards the top of the value chain are the card (i.e., passport) and key management systems, and the associated Trust Center Cards and complex back-end systems.
The E-passport Chip At the heart of the new e-passport is a contactless smartcard chip that holds pertinent information about the passport holder, including a digital image of one or more of their biometrics – with the facial image being mandatory, and the ﬁngerprint and iris being optional. Contactless chips are able to store a sizeable amount of data and transfer it between the passport and the reader without the problems associated with contact-based systems, such as failure due to dirt, moisture, or fatigue.
Systems Integration Contactless chips comprise an electronic IC housed in a protective module and an antenna or coupling element, which is literally a handful of turns of conductive material. ICAO has stated that the contactless chips must comply with the ISO/IEC 14443 proximity standard, which speciﬁes an operating frequency of 13.56 MHz and a read range of 10 cm.
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity and Integrity for Electronic Passport Projects White Paper
From a privacy point of view, it is important to understand that the contactless chips contain no power source of their own. It is the reader, through an inductive process, that provides the energy needed for the chip to operate. To do this, it generates a strong radio frequency electromagnetic ﬁeld in the contactless chip’s antenna. This ﬁeld deteriorates rapidly as the passport is moved away from the reader, rendering the chip inactive after about 10 cm. This feature makes it very difﬁcult for anyone attempting to skim information from a person’s passport without their knowledge. ICAO recommends that the minimum memory size for the chip should be 32 kilobytes. This would carry the information printed on the passport’s data page, as well as the passport holder’s digital photograph needed for facial recognition. It also leaves room for a digital signature, which will verify the integrity of the data stored on the chip. Examples of where chips are being positioned include the front cover (an approach taken by Malaysia), a ‘holder page’ sewn into the middle of the book (favored by countries such as The Netherlands), or in the cover (an option chosen by countries such as the USA and New Zealand).
Personalization The personalization of an e-passport is a critical stage in the production process. With the introduction of a contactless chip, it becomes absolutely vital that the personal details on the data page exactly match the information written onto the chip. The data elements from the visual and machine readable areas on the data page that end up stored on the chip include: • the document code – “p” for passport • the issuing state • name of the bearer • passport number • date of birth • sex • date of issue • expiry date • place of birth • issuing authority • full digital image, rather than a template, of the passport photo Other information may include coordinates of the passport holder’s left and right eyes to help aid the biometric matching process. It is required that all of this data be digitally signed to protect it from alteration and abuse. This means that a private key must be used to sign the data and a public key used to decrypt it. ICAO has suggested that it should be sent all the public keys, which could then be accessed via a specially designated ICAO server. In order to personalize the contactless chip, the system will include a reader/writer, personalization software and a secure module that will carry the security keys (this could be a smartcard or some other secure depository).
Readers The introduction of e-passports demands new types of passport readers capable of reading not only the Machine Readable Zone (MRZ) on the data page, but also the contents of the chip. In order to ensure that readers will be able to read the different varieties of passport allowed, it is recommended that nations choose readers capable of reading chips conforming to both ISO/IEC 14443 Type A and Type B.
Border Control Process and Databases The most obvious changes seen by passenger will be the issuance of a new passport and the biometric check they must undergo when passing through immigration control. Instead of simply handing over their passport to the immigration ofﬁcer, they will now be asked to look into a special camera, which can capture their facial information. In some instances, the passenger will also have to undergo a ﬁngerprint or iris scan. Although not immediately obvious to the passenger, the process itself will be more complex. First, the immigration ofﬁcer will assess whether or not the passport is a new chip-based document (a special logo will appear on the passport symbolizing a contactless chip). Assuming it is, they will then present the passport to the reader to check the chip’s digital signature – this will require a connection between the contactless card reader, its associated PC, and onward to ICAO, which is responsible for holding a database of public keys (this assumes that a PKI is used and that a central ICAO database is accepted by the participating country). At this point, the system will compare the MRZ information against the equivalent chip-based information. Assuming all of the information correlates, the document is deemed valid. Checks between the passenger’s biometric and the databases of criminal watch lists can now take place. There will also be a one-to-one veriﬁcation of the passenger’s facial biometric against the image held on the chip. The immigration ofﬁcer will be required to aid this process, getting the passenger to submit their biometric in the correct manner – something which could be particularly challenging for younger children. Once the biometric match is conﬁrmed, the passenger is allowed to continue on their journey. Looking ahead to the future, it is possible that the new e-passport will be used to partly remove the immigration ofﬁcer from the equation – in the hope that queues can be reduced. Biometric and chip technology makes it possible to verify the identity of a passenger with a great degree of certainty and, by using appropriate access control barriers, can allow a level of automation to take place at passport control. Of course, if the travel document and the passenger do not match up satisfactorily, or any other failure occurs, the passenger would be re-routed to traditional immigration inspection channels.
The Importance of Interoperability The three main success factors for an e-passport program are security, functionality, and interoperability. However, the merging of traditional and new technology generates several complexities, such as: • First-ever worldwide deployment of biometrics-based authentication • Integrating contactless chips and associated antenna in paper documents that are expected to last for 10+ years • New manufacturing and management processes of passport booklets • Employment of new IT systems (e.g., at airports, issuing ofﬁces) while allowing compatibility with legacy procedures and technologies By combining contactless smartchip technology with strong biometrics authentication, governments all over the world can build the appropriate platform to link travel documents with their rightful owners, while, at the same time, protecting the individual’s privacy and integrity. The ability to store, protect, and manage identity credentials (such as biometrics, picture ID, digital certiﬁcates, etc.) makes microprocessor chips an unrivaled technology for secure identiﬁcation at immigration checkpoints.
The Role of HSMs in E-passport Systems The latest security technology is at the heart of the new e-passport, whether related to paper security measures, optical security features, or electronic/digital technology. State-of-the-art cryptographic technology is used in the preparation, processing, and personalization of the passport data being injected into the chip of the e-passport, as well as validating the chip’s authenticity. It is of the utmost signiﬁcance to protect the highly sensitive personal passport holder from disclosure or modiﬁcation data, including biometric characteristics, across the whole processing chain, from the data capturing process at the registration ofﬁce to the electrical data personalization into the chip.
In the digital world, cryptography is the best technology to provide data conﬁdentiality, message authentication and integrity, and the establishment of identity and trust. However, cryptography relies on the use of keys. Failure to protect and manage these cryptographic keys risks shattering the entire layer of security. Hardware Security Modules (HSMs) deliver the highest level of physical and logical protection to cryptographic keys, preventing unauthorized access to highly sensitive key information. Tamper-resistant, secure casing, including physical key locks, battery-backed secure key storage, and automatic cryptographic key erasure upon tamper detection, ensure the maximum level of secrecy and integrity of keys and sensitive data. Certiﬁcation to international evaluation schemes, such as FIPS 140-2 and Common Criteria, provide assurance of the security effectiveness of the HSM technology.
PKI and Digital Signatures The authenticity and integrity of the data stored on the RF chip is ensured by a digital signature, allowing for the detection of any fake or manipulated data. Successful veriﬁcation of the digital signature warrants that the signed data has been produced by an authorized entity and has not been modiﬁed since its creation. To sign and verify electronic passports, a globally interoperable public key Infrastructure (PKI) is needed. For each participating country, a two-layer PKI scheme is implemented, consisting of a Country Signing CA (Certiﬁcation Authority) at the top and a Document Signer below. In the context of e-passport systems, HSMs are used in the following areas: Country Signing Certiﬁcation Authority (CSCA) The Country Signing CA (CSCA) represents the top-level certiﬁcation authority of every country. There is no higher international CA. This ensures that each country has full control over its own keys. For veriﬁcation of foreign passports, every country needs to have and store a list of all other CSCA public keys of the other participating countries, which are exchanged by bilateral means and diplomatic channels. The key pair generated by the CSCA is exclusively used for certifying (i.e., issuing the certiﬁcate) the Document Signer. The validity of the CSCA’s private key has been limited to a period of 3-5 years. In accordance with the validity time of the issued e-passport (typically 10 years), the corresponding public key needs to be valid for 13 to 15 years. Inside the CSCA, an HSM is used to securely • generate the CSCA Key Pair • store the CSCA Private Key • and sign (certify) the Document Signer Public Key All this is done within a logically and physically secure environment. Being the top-level and most sensitive key, a compromise of the CSCA’s private key would shatter the entire chain of trust. It would question/invalidate the trustworthiness of every single e-passport issued by that CA scheme, as a rogue Document Signer could be set up to issue e-passports based on the compromised CSCA private key. The HSM required for this environment must provide the highest levels of assurance and security. High performance is not an issue or requirement, as only very few cryptographic operations need to be performed. Sophisticated tamper circuitry ensures that the internally stored keys are actively erased upon physical attack. Strong administrative controls based on two-factor, multiperson, and multi-level authentication ensures that no single individual can operate or use the HSM for cryptographic processing.
Document Signer (DS) Document Signers are entities authorized to sign electronic documents. A typical example includes National Printing Ofﬁces that also produce the physical security document, such as a passport, citizen ID card, or driver’s license. Each DS holds at least one self-generated key pair. The private key’s exclusive use is for signing the digital documents (passport holder data including biometrics and issuing information). The corresponding public key needs to be certiﬁed by the national CSCA, the result of which is a (X509v3-compliant) digital certiﬁcate. For veriﬁcation of passports at border entry points, the border control system connects to ICAO, which maintains a Public Key Directory (PKD) of all DS public keys (i.e. certiﬁcates). In addition, the DS certiﬁcate may be included as part of the Document Security Object in the chip in order to allow for off-line signature veriﬁcation. Certiﬁcates that are invalidated due to expiration or compromise of their associated private keys are published regularly by the ICAO PKD or must be exchanged bilaterally between participating countries. ICAO decided to restrict the usage period of the Private Signing Key to three months, in order to limit the amount of affected e-passports in case of a compromise of the private key. In compliance with that, the validity period of the corresponding public key must be 10 years (validity time of issue passport) plus three months. Due to the long validity period of 10-15 years, the CSCA and DS keys have to use strong cryptographic algorithms with sufﬁciently long key size. For the ICAO-compliant e-passport, RSA, DSA, and ECDSA are accepted signature algorithms. The recommended key lengths (as of today) are:
Country Signing CA (Bit)
Document Signer (Bit)
RSA / DSA
Inside the DS, an HSM is used to securely • generate the DS key pair • store the DS private key • sign the digital documents A compromise of the DS private key would be limited in scope to fake e-passports issued by that particular compromised DS, in case there are more than one, and within its ﬁxed three-month validity time. The HSM required for the DS environment must combine the highest levels of assurance and security with exceptional performance, as a large number of digital documents need to be signed, and the time taken to produce and issue a new passport (across the entire issuance chain) must be minimized. For every DS system, multiple HSMs (two at minimum) should be used and operated in High Availability (HA) mode to ensure the highest degrees of resiliency/redundancy. In order to allow for multi-server, parallel DS processing, and to ensure the quickest levels of response in the unlikely case of HSM failure/down-time, an HSM conﬁguration topology consisting of easily administrable, monitorable and accessible external network-attached HSM devices may well constitute the best choice. Passport Chip Personalization The electronic data consisting of passport holder information with biometric data, as well as issuing information, needs to be written to the passport chip in the so-called “chip personalization process.” This constitutes a complex, often overlooked, process and requires the intense usage of HSMs for a variety of cryptographic operations. It should be noted that the personalization process can be done in-house or can be outsourced to a personalization bureau that specializes in providing these services to issuers in diverse markets (e.g., ﬁnance, government, telcos, retailers etc.). The personalization bureau possesses all the necessary sophisticated printing and personalization equipment, and is able to quickly adjust it to new card requirements. E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity and Integrity for Electronic Passport Projects White Paper
Even if personalization is done in-house by the issuer, it may be performed by a different department and different personnel. It goes without saying that dealing with personal and biometric data of citizens mandates the implementation of the most stringent security policies and best security practices in adherence with privacy law legislations. Security principles, such as multiple custodianship of key material and the limitation of information access on a “need-toknow” basis, is of the utmost signiﬁcance. The Card Issuing and Key Management System driving the DS generates and prepares the individual data that will go onto the chip of the respective passport holder. The output of this process is a data ﬁle encrypted under a transport key, which is shared with the HSM used at the personalization system. Furthermore, this data, consisting of a complex series of both cryptographic and clear text elements, needs to be assembled and formatted in such a way that it can be understood by the smartcard chip and its associated application. The task of the Card Personalization Software is to load and personalize the smartcards, and it must be capable of communicating with the read/write heads of the personalization system. This system must be capable of storing and retrieving a myriad of smartcard software objects during the personalization process, such as: • Keys, (e.g., a KEK or a Master Personalization Key (KMC)) for the target card, shared between the card manufacturer and personalizer • Card Operating System-speciﬁc scripts and control (e.g., for Multos or GlobalPlatform cards) • Common platform objects such as Card and Personalization Application Proﬁles The role of the HSM is to securely store the keys and perform the necessary cryptographic operations during this personalization process, so that no sensitive card data is ever exposed in the clear until it ends up inside the smartcard chip. Speciﬁcally, the HSM is used for the following purposes: • Securely store symmetric keys, such as a KEK (Key Exchange Key shared between Card Issuing / Management System and Personalizer) and KMC (Master Personalization Key/Card Unlock Key shared between Card Supplier and Personalizer) • Decrypt the personalization data (ﬁle) under KEK • Derive unique session keys for the selected card from KMC for secure messaging, (i.e., encrypt/MAC the data destined for the card) A symmetric algorithm, typically 3DES, is used for the encryption, decryption, and message authentication (MAC) of the personalized data and the secure exchange protocol with the smartcard chip. The HSM required for the Card Personalization System must provide the highest levels of assurance, high-performance symmetric (e.g., 3DES) crypto-processing, secure key entry facilities. In addition, HSMs must offer a highly ﬂexible and customizable programming interface to allow easy and seamless integration into diverse personalization hardware and card platform environments. Passport Inspection System / Border Control System Like airport and other border control posts, countries inspect passports presented by visitors. The smartcard-based biometric passport allows a new level of assurance and technical capabilities to determine the authenticity of an e-passport and its connection to the passport holder, hence identifying the visitor. With the e-passport, both counterfeited and falsiﬁed passports can be detected much more easily, and reliance on the often subjective examination of border control ofﬁcers is reduced. A direct beneﬁt is a much more efﬁcient and automated passenger ﬂow through the border post, resulting in a positive traveller experience, allowing immigration/border control to focus on dealing with illegal immigration attempts. In order to inspect and verify e-passports, receiving States must be equipped with adequate inspection systems capable of interfacing with the e-passport chip, reading and veriﬁng its information, and authenticating the passport. Digitally-signed data inside the chip implies that veriﬁcation of an e-passport must rely on elements of a PKI.
The ICAO e-passport speciﬁcations focus on the deﬁnition of the underlying mechanisms, structure, security, and integrity of the data embedded in the chip. While some elements of an inspection system are addressed, details of the architecture, implementation, and related procedures of the inspection system are unspeciﬁed and left up to subsequent speciﬁcation by the individual countries. General high-level ICAO requirements suggest that the architecture of an inspection system of an implementing country must include the following minimum elements: • National Public Key Directory (PKD) • Bilateral communications with other participating, e-passport-issuing countries • Internet-based access to the planned ICAO operated Public Key Directory • Inspection server managing the data and work ﬂows • Inspection Stations deployed and operated at the border control points The inspection station contains an optical reader for the MRZ, a contactless chip reader to interface with the e-passport chip, a user interface to allow the inspector to display and examine information, and appropriate software implementing the protocols to interact with the chip, including all the cryptographic functionality to establish the validity of the embedded data and authenticate the passport. The National PKD serves as national repository for certiﬁcates and certiﬁcate revocation lists (CRLs) from issuing countries. CSCA certiﬁcates and CRLs are received from participating countries via bilaterally agreed upon diplomatic channels. The National PKD shall regularly download certiﬁcates from the ICAO PKD, which acts as primary source for DS certiﬁcates and secondary source for CRLs. ICAO’s recommendation is to download the entire contents every day using LDAP over an SSL-secured communications channel. The Inspection Server ensures that any updates to the national PKD are distributed to the inspection stations and maintains a database with information on each station. The iInspection Server interacts with the national PKD securely via LDAP and SSL , and can be seen as a hub of the inspection system, ensuring that the inspection stations receive up-to-date and correct information regarding certiﬁcates, CRLs, and other data necessary for effective border control processing. Ideally, it should be a resilient server with secure LAN or VPN-protected WAN access to the stations.
What About HSMs? As the basic security architecture of the e-passport is based on PKI, certiﬁcate, CRL, and digital signature checking, it is obvious that veriﬁcation and authentication at inspection systems relies on the use of public, not private keys. Hence, the necessary asymmetric cryptography can be executed in software, respectively ﬁrmware, without the need for HSMs (whose key purpose is to protect private and secret keys). The inspection systems, for instance, implement all the cryptographic processing to validate the chip data and authenticate the e-passport. However, while this may be true for DS certiﬁcates, as they are being signed by the CSCA—a trusted higher authority—the situation regarding the CSCA certiﬁcates themselves is different. CSCA certiﬁcates are self-signed and therefore not certiﬁed by a higher authority. It is crucial that the CSCA certiﬁcates are properly protected and their integrity ensured. In addition, their conﬁdentiality should also be maintained. On this subject, the ICAO spec says:
“It is a State’s responsibility to store the Country Signing CA Certiﬁcates (CSCA), as being trust points, in a secure way in their border inspection systems.” “When distributing self-signed Country Signing CA Certiﬁcates by diplomatic means, extreme care must be taken to prevent insertion of a rogue Country Signing CA Certiﬁcate. Furthermore, it is RECOMMENDED that States store the received Country Singing CA Certiﬁcates in secure hardware devices (Card Acceptor Device – CAD) accessible by the reader devices in a secure manner.”
The integrity and conﬁdentiality of CSCA certiﬁcates should be protected both during storage at the National PKD and the inspection server, as well as during the transmission between each other and the dissemination to the inspections stations. A way to securely exchange CSCA certiﬁcates, key, CRL and other sensitive data between ICAO PKD, National PKD, Inspection Server, and Inspection Station is to use an SSL channel with both client and server authentication. It is evident that both the National PKD and inspection server constitute extremely important elements of an inspection system and, as such, their security is critical. The integrity of data at both the PKD and inspection system must be assured and veriﬁable by systems that use it. Access to these server systems must be protected and the accessing sites must be assured that they are talking to a genuine server. Although not explicitly mandated, HSMs play a signiﬁcant role in substantially improving the security in an inspection system environment. For instance, HSMs are used for the following purposes: • Secure storage of CSCA certiﬁcates in National PKD and inspection system (HSM-stored or encrypted host store) • Generation and veriﬁcation of integrity checks for CSCA certiﬁcates and sensitive data • Encryption of other sensitive data (stored in databases) • Storage of SSL server private keys in National PKD and inspection system The HSM required for inspection systems should provide high assurance and security, high symmetric and asymmetric crypto performance, disposal of large HSM-internal key storage capacity or an external encrypted host store system, and support of a high-availability conﬁguration. Other/Future e-passport HSM deployment environments The e-passport is an on-going project. We are witness to the ﬁrst generation of e-passports with a facial image as biometric information. Passive authentication (i.e., the signature veriﬁcation of the chip data (Document Security Object) by the inspection system), is mandatory for the ﬁrst generation. Access Control (either Basic or Extended) or Active Authentication which implements a challenge-response protocol between chip and inspection system to protect against chip substitution, are optional and typically not implemented at this point. In 2007, we saw the rollout of the second generation e-passport, which contains a ﬁngerprint as additional biometric information. As a person’s ﬁngerprint represents highly sensitive information, its access must be available to only authorized inspection systems. Furthermore, its content needs to be kept conﬁdential (i.e., being encrypted on the chip). Extended Access Control (EAC) facilitates the mutual authentication of chip and inspection system. For that, a separate PKI architecture for the issuance of inspection system certiﬁcates needed to be implemented. Analogous to the CSCA and Document Signer PKI scheme, a Country Veriﬁying CA (CVCA) is set up to issue certiﬁcates for Document Veriﬁers (DV), sub-CAs that are authorized to issue certiﬁcates for national inspection systems.
HSMs are required for secure private key storage and the issuance of CVCA and DV certiﬁcates. As the e-passport technology evolves and authentication protocols between system entities become more dynamic and sophisticated, more highly sensitive information (such as biometric data) needs to be generated, processed, and managed, expanding the role HSMs will play. The HSM will protect the underlying, highly sensitive key material, affording the highest degree of assurance for trustworthy e-passports. Passport Issuance
Document Security Objects ~4?Pbb_^ac2WX_ ~?Tab^]P[XiPcX^]
Top Level National PKI (CVCA) ~8\\XVaPcX^]3T_c ~2^d]cahbXV]X]V20
Document Verification Certificate Authority DVCA) ~?:8 4
PA SS PO RT
1 HSM for CVCA private key storage and DV certificate issuance
2 HSM for DS private key storage
PA SS PO RT
and EAC DSO signing
3 HSM for secure EAC chip personalization (secure messaging)
Inspection Station (IS) ~?:8 ~BcPcX^]2[XT]c ~BB;
4 HSM for DVCA private key storage and IS certificate issuance
5 HSM for IS private key storage and Terminal Authentication
SafeNet Offering for E-passport Systems SafeNet’s HSMs are purpose-built hardware appliances that protect the digital signing key, and deliver comprehensive and high-speed, hardware-based cryptographic functionality for a myriad of digital identity applications. SafeNet’s HSM products feature true hardware key management to maintain the integrity of encryption keys. Sensitive keys are created, stored, and used exclusively within the secure conﬁnes of the hardware security module to prevent compromise. SafeNet’s HSMs provide advanced features such as direct hardware-to-hardware backup, split user role administration, multi-person authentication, and trusted path authentication coupled with proven security and operational deployment Today, SafeNet HSMs set the standard for CA key protection and are employed to protect some of the largest PKI installations in the world. SafeNet HSM’s are FIPS 140-2 and Common Criteria certiﬁed, assuring the highest level of security available in the market today. SafeNet HSM’s are currently deployed in 14 countries around the world to support different e-passport initiatives. The strength of the product offering, combined with an established and large global presence, are key factors resulting in the use of SafeNet technology, upon which the trust and security of this scheme is based.
About SafeNet Founded in 1983, SafeNet is a global leader in information security. SafeNet protects its customers’ most valuable assets, including identities, transactions, communications, data, and software licensing, throughout the data lifecycle. More than 25,000 customers across both commercial enterprises and government agencies, and in over 100 countries, trust their information security needs to SafeNet.
Contact Us: For all ofﬁce locations and contact information, please visit www.safenet-inc.com Follow Us: www.safenet-inc.com/connected ©2011 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names are trademarks of their respective owners. WP (A4)-02.10.11
Published on Jun 15, 2011
In the wake of acts of terrorism occurring worldwide, it has become imperative for countries to increase the level of security at their bord...