By S de Labriolle on Tuesday, 02 January 2024
Category: Blog

Making Secure Electronic Documents Cyber Resilient

Imagine being denied entry to a foreign country because the electronic chip in your travel document is considered vulnerable and you would have to request a visa before traveling there? Because travel documents usually have a 10-year validity, this is a valid concern and is the reason why we consider micro-controllers (often called chips) in secure documents to be high value components.

As one of the most basic instances of the advanced IT solutions available in the industry, secure software embedded in ePassports and keeping them safe from their Cyberattacks are the object of deep concern and attention, especially with the increased adoption of digital ID, often derived from a secure electronic document such as a passport.

Cybersecurity is an ever-evolving concern. Setting up a secure identity document project relying on highly certified products is a necessary practice but not sufficient for protecting identities from future Cyberattacks. Active monitoring and anticipation of Cyber threats is critical to protect sensitive assets. Such threats include eavesdropping, cloning, or extracting highly confidential fingerprints from the electronic chip.

Decades of security progress have been framing an always-improving environment focused on a single objective: defining and maintaining a Cybersecurity framework to deploy secure embedded solutions in electronic ID documents.

The next step is to look beyond Cybersecurity and focus on Cyber resilience, which refers to an entity's ability to continuously deliver protection, despite adverse events. This combines information security, business continuity, and organizational resilience. This is particularly relevant for governmental programs, who should continue to issue secure identity documents to their citizens at any point in time.

Concretely, the future Cybersecurity of ID documents like ePassports depends on the ability to update, in the field, the secure embedded software (for example algorithms used for the various security mechanisms) protecting the data stored in the chip – with no need to issue a new document.

How does Cybersecurity work in an ePassport scheme?

The ePassport features a micro-controller with specific secure embedded software. The role of such software is to securely manage the storage in the electronic chip of personal information related to the holder, along with additional biometric data and issuing country specific data. The software provides the required authentication keys and algorithms to communicate with the inspection system, using contactless interface and standard ISO commands, formatted in an interoperable way (as specified by ICAO 9303) so that it can be used at any inspection system in the world.



Security mechanisms are evaluated according to a security certification scheme to guarantee their strength.

The cryptographic protocols implemented in the ePassport provide specially designed, state of the art protection of the electronic document and the personal data (including biometrics) it holds, that has undergone a thorough reviewing and certification process by academics, national security agencies and the industry. As security is a permanent race against fraud, active monitoring of today’s threats is critical to protect sensitive assets, but also anticipate the protections for the future.

The main security attributes include:

The mechanisms ensure that the micro-controller is genuine and that the data stored in it has been signed by a valid issuing authority. Underlying algorithms, with different key lengths, are used to execute the cryptographic calculations that are necessary to those mechanisms.
ICAO manages a central repository called the Public Key Directory (PKD) for exchanging the information required to authenticate ePassports. The PKD contains:

Each State (country) issuing an ePassport establishes a single Country Signing Certification Authority (CSCA) as its national trust point for ePassports. CSCA certificates issue the Document Signer Certificates that are then used to create digital signatures on ePassports.The Document Signer is then checked against the CSCA to validate the digital signature. This process is illustrated in Figure 1 (below).


Figure 1: Process of Secure Passport Issuance & Authentication

Verification Mechanisms to Detect Potential Cyber Fraud

The table below illustrates the process by which the mechanisms are verified to detect potential fraud in case of Cyberattacks.

Mechanism

Purpose

Authentication and Verification Process

How do we detect fraud?

Passive Authentication

Authenticity of the document

Authenticity of the data

Integrity

Data groups in the micro-controller (DGs) are digitally signed by the issuing country.

Signatures are stored in EF.SOD (Data Structure signed by the Document Signer) + public key (Document Signer Certificate, or DSC.).

Verify signatures of DGs and EF.SOD with DSC.

Verify signature of DSC with issuing authority Country Signer Certificate (CSC) from ICAO PKD.

Invalid signature of data on micro-controller

Invalid or missing certificate chain to issuing authority

Basic Access Control

Confidentiality

Privacy

Machine Readable Zone (MRZ) shall be visually read from the passport to calculate access key.

This key shall be used to grant access to the micro-controller using symmetric authentication (based in 3DES, a symmetric-key block cipher).

Symmetric session keys are exchanged and used to encrypt the communications (secure messaging)

MRZ often improperly formatted, so micro-controller does not read it.

Supplemental Access Control

Confidentiality

Privacy

MRZ or CAN (Card Access Number) shall be visually read from the passport to calculate access key.

Use asymmetric Diffie-Hellman (mathematical method of securely exchanging cryptographic keys over a public channel) key exchange with micro-controller based on mapping functions defined in EF.CardAccess (a file required for the Password Authenticated Connection Establishment mechanism.)

Elliptic Curve and traditional Diffie-Hellman algorithms are supported.

The key exchange generates a set of strong AES (Advanced Encryption Standard) or 3DES sessions keys used for secure messaging.

MRZ or CAN often improperly formatted, so micro-controller does not read

Active Authentication

Authenticity of the document

Readable data contains a public key (DG15) and corresponding private key is stored in the micro-controller in a secure area.

The micro-controller signs a random piece of data with the secure private key.

The signature is verified with the public key.

Passive Authentication is required to ensure integrity of the public key in DG15

Micro-controller may be cloned or copied, so signature verification fails

Chip Authentication

Authenticity of the roles

Confidentiality

Privacy

Readable data contains public key info (DG14) and corresponding private key is stored in the micro-controller in a secure area

Use asymmetric Diffie-Hellman key exchange with micro-controller.

Elliptic Curve and traditional Diffie-Hellman algorithms are supported.

The key exchange generates a set of strong AES (or 3DES) sessions keys used for secure messaging.

Micro-controller may be cloned or copied, so signature verification fails

Terminal Authentication

Authenticity of the roles

Confidentiality

Privacy

Readable data contains a CVCA (Country Verifier Certification Authority) reference in EF.CVCA (a file containing the public key of the certification authority) to a CV certificate chain used to verify the terminal.

Micro-controller stores a trust point with the CVCA root certificate for the certificate chain, which includes permissions on micro-controller data.

Micro-controller verifies the CV certificate chain and permissions provided by the terminal. CV, DV and IS certificates.

Terminal signs a challenge from the micro-controller with the IS private key stored in a secure area locally or remotely.

Terminal verifies the challenge to ensure authenticity of the terminal IS (Inspection System) private key.

Allows micro-controller to verify terminal access rights to data.

The Role of Common Criteria Certification

Multiple security frameworks can be used when evaluating the security of an ePassport secure embedded software. As an example, banking cards are ruled by the EMVCo scheme (EMVCo is a global technical body, industry-wide collaboration, to facilitate the worldwide interoperability of secure payment transactions by developing and publishing the EMV® Specifications and their related testing processes. EMV stands for "Europay, Mastercard, and Visa", the three companies that created the standard).

A similar environment has been adopted as the reference for most identity documents: the Common Criteria evaluations (which was defined before EMVCo). The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification with international and mutual recognition agreement. Over the last 25 years, CC has been the undisputed reference Cybersecurity framework for the IT and Security industries.

Common Criteria provides assurance that IT security products have been specified and evaluated in a rigorous and repeatable manner and at a level commensurate with the target environment for use.

Originally developed to unify and supersede national IT security certification schemes from several different countries, including the US, Canada, Germany, the UK, France, Australia and New Zealand, Common Criteria is now the widest available mutual recognition scheme for secure IT products and is often a pre-requisite for qualified digital signatures under the European Union digital signature laws. This applies to EU ID documents such as Passports, Identity cards, Resident Permits, Social Security cards.

The Common Criteria standard provides an assurance on different aspects of the product security covering areas such as:

More information is available on the Common Criteria portal

Certification is performed according to specific Cybersecurity guidance tailored to the application at stake – guidance called Protection Profile (PP). The depth of the certification is ruled by a scale (Evaluation Assurance Level) ranging from 1 to 7. Evaluation is always extremely demanding in terms of Cybersecurity reliability – typically 3 months of white box penetration testing by skilled, independent evaluators. White-box testing is a method of software testing that tests internal structures or workings of an application, as opposed to its functionality (black box testing).

The security challenges attached to these evaluation schemes are extremely demanding and the state of the art is continuously evolving. The industry is also innovating, looking for new methods and new algorithms to cope with this evolution. The industry is constantly coping with this evolution, as cryptographic algorithms are also evolving. For this reason, as it comes to embedded operating systems, the evaluations eventually end-up being a superstructure made of multiple layers:

Such multi-layered certifications are commonly referred to as “composite” certifications where one can see that an ultimately challenging task in terms of security has been divided into multiple layers in order to be executed through a safe and efficient methodological approach. Such certifications are aligned with international standards to allow interoperability.

Moving toward protection that stays ahead of Cyber threats

Until recently, the Common Criteria Cybersecurity framework had not defined any coordinated approach related to the time bounding of CC certification. Cybersecurity monitoring was a recommended practice, performed by most of the key actors in the industry, but it was not always formalized administratively except by few security agencies for their national needs.

A major change occurred in July 2017, when the CCRA (International Organization of National Security bodies dealing with Common Criteria) decided that once granted, the mutual (i.e., international) recognition of a CC certificate validity will come to an end five years later. A default lifespan of 5 years has been considered a good balance between certification bodies’ requirements and business requirements. A re-assessment (surveillance or re-certification) is required before the 5 years to extend the validity of the certificate.

Among the changes in progress, the ability to update products in the field is now an option. New generations of products coming from the industry are starting to offer such “update” capabilities. Such solutions enable issuing governments to react more effectively in the case of Cyberattacks.

It is currently possible to update citizen data, like updating digital signature certificates and loading new applications on electronic identity documents. This is called a post issuance update. The novelty is that such updates focus on the secure embedded software and, as example, the cryptographic library used for the various security mechanisms.

The diagram below is a visual representation of a typical chip structure (what is inside) and illustrates which components are modified during an update like the one described above.

 Figure 2: Before Update/After Update

There are several possible ways to update those documents. This could be when going through border control (in the country of issuance), in self-service kiosks in designated areas (airports, police stations, city halls) or even with a mobile phone using the integrated NFC reader and a dedicated app.

We believe post issuance, remote update capability for electronic identity documents is the security model for tomorrow. Just like computer or a smartphone, secure identity electronic identity document shall offer the updatability to limit the risk from cyberattacks.


Surveillance aims at extensively re-evaluating the product in its original configuration at the time of the initial certification versus up-to-date, state of the art Cybersecurity threats. The surveillance process can result in a FAIL status, voiding the certificate previously obtained. CCRA also strongly recommends that Cybersecurity products can be updated after their issuance. The upgrade will allow, for example, the disabling of an algorithm deemed weak and switch to a more secure one, without having to recall a document and issue a new one – a key benefit for authorities looking to offer their citizens secure, convenient and cost effective solutions.

Quantum computers: A future threat


We must also consider the development of Quantum computers and their potential impact on current cryptographic schemes and how vital the ability to upgrade document security in the field will be in this long transition ahead of us.

Cryptographically Relevant Quantum Computers (CRQC) are far from becoming a reality; current prototypes are far from having the required processing power and many challenges in physics, engineering and computer science must be overcome before scaling up to large quantum computers able to solve the factorization and discrete logarithm problems on which the current PKI is based. The working hypothesis that CRQC will be available in the early 2030s.

However, there is a latent threat of a “store now, decrypt later” attack. The main risks for an ePassport are deciphering issuing authority Document Signer certificates to sign a fake document and the retrieval of additional biometrics (protected by Extended Access Control mechanism).

Ideally, the migration to more robust systems should start well before the availability of CRQC so that threat timeline is as limited as possible. ICAO New Technology Working Group is following the topic closely and plans to draft a proposal for objectives and next steps in the first half of 2023.

ANSSI, the French National Agency for the Security of Information Systems, has drafted some recommendations for the transition over the next decade. Other agencies like BSI (German equivalent of the ANSSI) and the US NIST have released extensive material related to the rise of quantum threats and the recommended first steps to migration.

ANSSI recommends introducing post-quantum defense-in-depth as soon as possible for security products aimed at offering a long-lasting protection of information (until after 2030) or that will potentially still be used beyond 2030. All post-quantum PKC algorithms shall continue to be systematically included inside hybrid mechanisms. ANSSI expects that after years of analysis, the security assurance level provided by post-quantum algorithms will be as high as today’s pre-quantum assurance level. Thus, the usage of some post-quantum schemes should be possible without hybridation.

Conclusion

We hope thisarticle has given you a clear understanding of the benefits of Cyber resilient secure identity documents. Over the past few years, many governments have extended their global Cybersecurity threat assessment to also include identity documents.

The industry, including several SIA member companies, is supporting government initiatives in this area, providing expertise on the topic.

Cyber resilience of ePassports can be achieved through a thorough approach:

Security relies on expertise, anticipation, and reactiveness. Within the fast moving environment detailed in this series, it becomes obvious that only the setup of a well-structured risk management organization is the solution for an efficient handling of demanding Cybersecurity projects.

Risk management will allow to react to an event, while planned migrations over the course of the project will reduce the impact if a threat arises.

Other key elements can be considered to minimize the exposure to Cyberattacks by applying good practices already proven in the field. For example:

- end -

This article was written by the ‘Document Security’ working group of the Secure Identity Alliance. This working group aims at “Guiding the design, manufacturing, issuance and verification of convenient and cost-effective secure documents”. Among other publications, a further note explaining more details of what is PKI (Public Key Infrastructure) and how secure ePassport chips result in trust and efficiency can be found here.

Glossary

Data Groups (DG)
A series of related data elements grouped together within the Logical Data Structure defined by ICAO 9303

EF.SOD
Data Structure signed by the Document Signer, which carries the hash values of the LDS Data Groups

EF.CardAccess
EF.CardAccess is a file that is required for the Password Authenticated Connection Establishment (PACE) mechanism, to store the security information required by the protocol.

Document Signer (DS/DSC)
The Document Signer digitally signs data to be stored on ePassports.

Country Signer Certificate (CSC)
Each State issuing an ePassport establishes a single Country Signing Certification Authority (CSCA) as its national trust point in the context of ePassports. CSCA certificates are generated and are generally used for periods of three to five years. CSCA certificates issue the Document Signer Certificates that are then used to create the digital signatures on ePassports. The Document Signer must be validated against the CSCA to validate the digital signature.

Country Verifying Certification Authority (CVCA)
The Country Verifying Certification Authority enforces the privacy policy of the issuing Country with respect to the protection of sensitive biometric reference data stored in the ePassport. The CVCA represents the country specific root of the PKI of Inspection Systems. The CVCA determines the access rights that will be granted to all Document Verifiers (DV), foreign and domestic, and issues certificates containing the individual authorizations to each of those DVs.

Document Verifier (DV) Certificates
The DV enforces the privacy policy of the receiving Country with respect to the protection of sensitive biometric reference data to be handled by the Extended Inspection Systems. The DV manages the authorization of the Extended Inspection Systems for the sensitive data of the ePassport in the limits provided by the Issuing State. The DV manages a group of terminals (e.g. terminals operated by a State’s border police) and issues authorization certificates to those terminals. A DV must have already received an authorization certificate from the responsible CVCA before it can issue associated certificates to its terminals.

IS (Inspection System) Certificates
Inspection Systems used for inspecting ePassports, usually at border control, require specific certificates for accessing restricted areas of the memory (additional biometrics) and require a valid certificate to perform mutual authentication.

Machine Readable Zone (MRZ)
Fixed dimensional area located on the front of the passport data page containing mandatory and optional data for machine reading using OCR methods

Card Access Number (CAN)
The CAN is a number printed on the document and chosen randomly. In contrast to the MRZ, the CAN has the advantage that it can easily be typed in manually. It helps to establish a session key with the secure embedded software.

3DES
Triple DES is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block.

Diffie-Hellman
Diffie–Hellman is a mathematical method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols

Elliptic Curve Cryptography (ECC)
ECC is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography to provide equivalent security.

Advanced Encryption Standard (AES)
AES is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST)