Prague08

ePassports EAC Conformity & Interoperability Tests
Prague, September 7th - 12th 2008

Conformity tests to improve interoperability and security

Conformity tests are well known in the ePassport world. They are a required instrument for ePassport interoperability. The German Federal Office for Information Security (BSI) developed a complete series with test specifications for the ePassport chips and for readers. The BSI TR03105 provides tests on all layers for both sides. The last BSI development were the new conformity tests for inspection systems (IS) with EAC support on the application layer (layer 6 and 7).

For interoperability it is not only important how to get the information from the ePassport. It is also important to interpret these information in a correct way. One clear example for the importance of interpreting the data correct is the JPG hack which results in a buffer overflow on the inspection system. Maybe your system uses vulnerable software, too?

To avoid such security breaches the BSI developed a test specification for inspection systems with EAC support. This test specification contains more than two hundred test cases. Around fifty of them are for layer 6 (APDU). The majority of the tests are for layer 7 which mostly checks the LDS data structure and the EAC conformity. But there are not only tests based on the specifications like Doc9303 or EAC Spec 1.11. We also have test cases which ensure that the inspection systems react in a recommended way. What shall a inspection system do if there is a wrong checksum for JPG image saved in the SOD? It would be not a good idea to display the image because the image could be manipulated and could attack the inspection system.

With the new test specification for inspection systems the BSI want to sensitize for this kind of attacks and offer a way to security optimized inspection systems. As you know reading a ePassport isn't a big problem anymore. But security still is.

At the Ispra interoperability workshop in June 2008 we did our first live tests on inspection systems. We used a epassport simulator which consists of a simulator in software and a hardware which handles the lower communication layers. At this test event we tested near to ten different systems with a subset of eleven test cases from the new BSI IS-Test Specification. The results showed us how different the understandings of standards can be and which are the main security problems in actual inspection systems. In our presentation we will give you an overview over the BSI TR 03105, especially on the new inspection system tests, and the the ePassport simulator.