1 / 17

Securing Data in ePassports Policy Issues

This presentation by John Davies, Director of Systems at UK Passport Service and Chairman of ICAO/NTWG, delves into the importance of securing electronic data in ePassports through PKI/encryption. It discusses the necessity of globally interoperable PKI for passport security, the initial electronic data in e-passports, the tension between data security and accessibility, and the use of PKI/encryption for protecting personal data on computer chips. The presentation explains the PKI scheme, responsibilities of states in issuing and reading e-passports, and ICAO's role in providing a public key directory. The PKI technical report outlines a framework and guidelines for secure e-passports, addressing security threats for individual states.

mleedy
Download Presentation

Securing Data in ePassports Policy Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Data in ePassports Policy Issues ICAO/NTWG

  2. John Davies Director of Systems, UK Passport Service Chairman NTWG PKI Task Force ICAO/NTWG

  3. The presentation will address: • Why secure electronic data? • Why use PKI/encryption? • How a globally interoperable PKI could work for passports ICAO/NTWG

  4. Why secure electronic data? • To ensure the electronic data was loaded by the appropriate passport issuing authority • To ensure the electronic data has not been overwritten or amended in any way. • To protect inappropriate access to data by unauthorised persons or organisations. ICAO/NTWG

  5. e-Passports will initially contain the following electronic data: • Biometric information • Portrait Data (mandatory) • Finger print and iris data (optional) • Personal details from the passport biodata page ( name, date of birth, passport number, etc.) ICAO/NTWG

  6. e-Passport specifications will offer read only access to the electronic data and will not initially offer any updating facility. • This limitation will facilitate a simple form of security implementation in the first instance. ICAO/NTWG

  7. There is a tension between: • Ensuring the electronic data is secure from inappropriate access • Ensuring the electronic data can be accessed easily by immigration authorities. ICAO/NTWG

  8. The PKI scheme is based on open access but allows individual states to choose optional additional security methods to protect personal data. ICAO/NTWG

  9. Why use a public key infrastructure (PKI)? • PKI is a well established method of protecting and authenticating data held on computer chips. • No other scheme offers equivalent security for chip technology. ICAO/NTWG

  10. Why use encryption? • The proposals do not include encryption for basic personal data or the facial biometric. • Encryption of fingerprint or iris data could be considered by states who choose to use these forms of biometric, but encryption specifications have not been developed. ICAO/NTWG

  11. The PKI scheme proposes: • A peer-based environment with each state independent and autonomous with respect to passport security. • An agreed means of sharing and updating public keys. ICAO/NTWG

  12. Responsibilities for states issuing e- passports: • Generate key sets and protect from unauthorised access. • Manage distribution of country signing certificates using bilateral secure diplomatic means. • Manage certificate revocations when a key is compromised. • Facilitate dissemination of information about public keys via ICAO public key directory . ICAO/NTWG

  13. The PKI specifications recognise many individual states already have a PKI infrastructure : • RSA or DSA or elliptic curve and related hashing algorithms are included in the specifications. ICAO/NTWG

  14. PK1 responsibilities for states reading e-Passports : • Maintain up to date information about public keys and certificate revocations on their systems. • Provide suitable reader infrastructures. ICAO/NTWG

  15. ICAO Responsibilities: • To provide an efficient and reliable public key directory • Ensure the directory is only updated by member states. • Provide open access to public key information to participating states and organisations . ICAO/NTWG

  16. The PKI Technical report: • Aimed at specialists familiar with PKI. • Proposes a technical framework and guidelines to enable each country to develop secure e-Passports. ICAO/NTWG

  17. The technical report includes an annex on PKI and security threats. This is intended to aid individual states with their own risk analysis and mitigation decisions. ICAO/NTWG

More Related