ePassports EAC Conformity & Interoperability Tests
Prague, September 7th - 12th 2008

Four Pillars for Secure e-Passport Documents

ID documents with chip, security

Security has many aspects in the context of e-Passports. This presentation looks at the following four pillars for implementing a secure solution.

Pillar 1: Physical security:

Physical elements are implemented into the document body to protect the e-passport and the personalized information from data alteration, document reproduction or unauthorized copying.

Pillar 2: Logical security:

The logical element is implemented by means of a smart card chip and a dedicated operating system together with a standardized logical data structure. The security function is realized via cryptographic algorithms and certificates that are stored in the secure memory area. Basic access control (BAC) and extended access control (EAC) realize the access and transmission security for e-passports. The authenticity of the data elements is secured through passive (PA) and active authentication (AA) mechanisms.

Pillar 3: Document security:

For an e-Passport, it is important to protect the entire passport booklet. Critical areas include the unauthorized exchange of parts like the holder page, visa pages, or the access to the integrated circuit. One option to implement document integrity is to integrate a printed or perforated document number on all document pages. The security level can be enhanced by introducing a fraud resistant mechanical construction. These measure include a hinge which is thoroughly integrated into the document or placement of the chip within fused polycarbonate material.

Pillar 4: Process security:

Process security refers to a well defined and guarded process for producing and issuing the document. Special attention must be given to protect blank documents as well as to secure holder information from unauthorized access. Measures needs to be in place over the whole production and issuing cycle in order to grant privacy and to fight fraud. These aspects are covered by the common criteria protection profile which applies for EAC and BAC.

The combination of the security elements form all pillars introduced ensures a high security level for e-passport solutions. It is for example not advisable to rely only on logical security element. The ICAO document verification procedure clearly states that a document with non-working chip is valid. However, it undergoes a dedicated verification procedure. Hence, it is important that measures are installed at all levels of e-passport production and issuance. Also, these measures need to address all possible attack scenarios including unauthorized copy or reproduction of a genuine document, alteration of data, substitution of cardholder photo, or creation of a fraudulent passport using components from legitimate documents.

The implementation of the four pillar security concept is shown for the e-Passport of the Czech Republic.