You are here: Resources > FIDIS Deliverables > HighTechID > D3.6: Study on ID Documents > 

D3.6: Study on ID Documents

Electronic Signatures and PKI  Title:
SUMMARY AND CONCLUSIONS
 Economic Aspects

 

Summary and Conclusions

In this chapter four basic technologies currently used in ID documents have been investigated with respect to security and privacy. While smart chips and electronic signatures have been used for eIDs for almost ten years now, the use of RFID and electronic readable biometrics in ID documents is relatively new and especially driven by the European passport.  

Chip card technology has been discussed, used and further developed for many years now. As a result this technology is accepted as mature by technicians and privacy commissions in Europe. Of course, the combination of chip cards with other technologies such as biometrics can result in new questions concerning security and privacy. 

PKI also has been used for ID document systems in some European countries for 9 years now, though the number of issued certificates still seems to be limited. Apart from the above mentioned risks no major security problems were published. PKI currently does not implement privacy in an optimised way because of the existing linkability of transactions performed via the information in the certificates. The linkability can be reduced by using alternate technical solutions such as digital credentials (see FIDIS Deliverable D3.1: An Overview on Identity Management systems, (Meints, Hansen, Bauer 2005) pp. 57-61) or sector specific personal identifies (see chapter ) where no electronic signatures are needed. In some European countries (for example Germany) pseudonymous signatures can be used (Gasson, Meints, Warwick 2005, pp. 32-40). A new technical and from the privacy perspective promising approach currently is being discussed in the European eforum. This approach includes so-called server derived IDs to implement unlinkability of electronic credentials basing on X.509 certificates across the borders of communicational sectors (see chapter ).

In difference to these established technologies the use of biometrics and RFID in ID documents raises a number of obvious privacy and security issues. In addition to security aspects, for example with respect to (1) the quality of biometric identification, (2) identity theft and (3) devaluation of classic forensic techniques, a number of privacy aspects still needs to be addressed. This includes (1) minimisation of linkability, (2) enforcement of the purpose binding principle and (3) avoidance of additional, in many cases health concerning, information in biometric raw data. Advanced technical approaches for authentication using biometrics (Gasson, Meints, Warwick 2005, pp. 105-107) have not been tested for or implemented in ID documents so far. 

RFID originally have been designed for unrestricted remote access to the information stored on them. For the use of RFID in current ID documents especially the European passport basic security measures, for example Basic Access Control (BAC), have been applied to restrict the access. BAC seems to be cryptographically weak (see chapter ) and uses information stored in the Machine Readable Zone (MRZ) on the document itself; this is like storing the key of a cash box directly under it. Together with well documented projects of non-European countries aiming at the storage of biometric data of foreign visitors in large databases, this creates a significant risk of identity theft via biometrics in cases the document is (even properly!) used or gets lost. And scenarios of fast boarder controls using unobserved terminals in addition to well documented methods to spoof biometric sensors (Geradts, Sommer 2005) show how the stolen identities could be used quite easily in future.

A number of additional security and privacy methods currently in discussion or development such as applying a “Kill Command” cannot be used in a meaningful way with RFID in ID documents. Other methods such as integrating a faraday cage in the cover of the European passport are not implemented. As Extended Access Control (EAS) still is in discussion today we can not judge on the level of security and privacy that will be reached in future applying this technology. As EAS has to be agreed on at an international level modification of the original concepts has to be expected.

Concerning the use of the European passport we follow some of the suggestions made by consumer protection organisation. In this case we suggest:

 

  • The European passport should be used and carried around only when necessary. 

  • In case the European passport is not used, it should be kept in a Faraday cage (for example aluminium foil) to hamper unauthorised access to data stored on the RFID-chip. 

  • In case the European passport is not used, it should be locked carefully to avoid loss or theft of the document. 

 

Concerning future ID documents and the further development of the European passport the following suggestions should be taken into consideration: 

 

  • The use of RFID should be considered carefully, especially as many problems concerning unauthorised and unobserved access from distances up to 10 m are not sufficiently technically solved today. Alternatively contact chip card technology can be used. 

  • The use of biometrics should be considered carefully due to security and privacy problems this technology potentially causes. In cases biometrics is needed, advanced implementation taking security and privacy aspects into consideration should be used. This includes the use of templates, decentralised storage of data in the documents only and on-card matching procedures for authentication.  

 

Electronic Signatures and PKI  fidis-wp3-del3.6.study_on_id_documents_03.sxw  Economic Aspects
Denis Royer 46 / 56