David Clark Caicos Management Associates Ottawa, Canada

Similar documents
THE ICAO MRTD PROGRAMME MAURICIO SICILIANO ICAO

ICAO MRTD & emrtd Specifications: High Level Overview

TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG-MRTD)

The Canadian epassport Project

Tips to make your ID project successful. Claudia Schwendimann

(Havana, Cuba, 21 July 2017)

Using PKD for Validation at the Border Canada s Experience

BEST PRACTICES WORKSHOP ON TRAVEL DOCUMENT SECURITY ORGANIZED BY THE OAS/CICTE AND ICAO SAN SALVADOR, EL SALVADOR JUNE 9-11, 2008

STANDARDS & SPECIFICATIONS. General Manager, New Zealand Passports Chair, ICAO ICBWG

International Civil Aviation Organization HIGH-LEVEL CONFERENCE ON AVIATION SECURITY (HLCAS) Montréal, 12 to 14 September 2012

Implementing an ABC System: The Experience of the Czech Republic

ICAO Regional FAL Seminar Lima, Peru 9 12 September 2014

EVIDENCE OF IDENTIFICATION

International Civil Aviation Organization TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD) TWENTY-SECOND MEETING

Smarter European borders through an increased use of biometric recognition

CASE STUDY 2 Portuguese Immigration & Border Service

epassport Based Identity Check

E-gate case study: The German EasyPASS Project

ABC and Integrated Border management

Machine Readable Travel Documents: Biometrics Deployment. Barry J. Kefauver

TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG-MRTD)

Moving to the Second Generation of Electronic Passports

MACHINE READABLE TRAVEL DOCUMENTS (MRTDs)

Control Process. Border. Fernando Moya Castro

The Canadian epassport Project. Jean-Pierre Lamarche Senior Director, Strategic Initiatives Passport Canada

ICAO TAG. International Civil Aviation Organisation Technical Advisory Group. Asbjørn Hovstø

fraud prevention done right

Samiah Ibrahim. Canada Border Services Agency

Technical Advisory Group on the Traveller Identification Programme

REPORT VOLUME 6 MAY/JUNE 2017

OSCE Travel Document Security Update

2 nd Symposium on ICAO-Standard MRTDs, Biometrics and Security

The Philippine Department of Foreign Affairs began the issuance of the Philippine epassport (electronic passport) on 11 Aug 2009.

ICAO and IOM A Partnership for Implementation

ICAO Regional FAL Seminar Cairo, Egypt February 2014

Canada s FASTER-PrivBio Project Biometrics at the Virtual Border to enhance security and facilitation

STRATEGIES AND USEFULNESS OF ID-e (DNI-e) Benito Fernández Fernández, Head secretary at CNP Identification Department.

Biometrics in Border Management Grand Challenges for Security, Identity and Privacy

MRTD Report. The implementation of epassports. The ICAO Secretariat outlines the official definition of epassports and the implementation principles

ICAO s Role in Setting Global MRTD Specifications and Overview of. ICAO MRTD Programme

David Philp General Manager Identity and Passport Services New Zealand Kish Island, Islamic Republic of Iran May 2016

AGENDA. Focal Ideas A systemic approach. The enrolment The deliverance The control. Needs & Challenges Conclusion Look ahead

IOM/ACBC CAPACITY BUILDING INITIATIVES

TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD)

Government Programs. ICAO REGIONAL SEMINAR ON MRTDs, BIOMETRICS AND BORDER SECURITY RIO DE JANEIRO, BRAZIL, APRIL 2012

MRTD & Biometric Seminar. 7-8July 2010 Montevideo, Uruguay

News Release May 11, 2010

COUNCIL OF THE EUROPEAN UNION. Brussels, 2 April 2014 (OR. en) 7317/14 LIMITE FAUXDOC 9 COMIX 138

EDPS Opinion 7/2018. on the Proposal for a Regulation strengthening the security of identity cards of Union citizens and other documents

Mauritania integrated epassport Project. JW ter Hennepe Sales Manager Morpho. October 10, 2012 Montreal

Making Air Travel More Secure and Efficient: Towards Better Traveller Identification Management for Enhanced Border Control Integrity

ICAO s Role in Setting Global MRTD Specifications and Overview of. ICAO MRTD Programme

SUB-REGIONAL WORKSHOP ON BEST PRACTICES IN TRAVEL DOCUMENT SECURITY. Welcoming Remarks and Objectives

APPLICATION REVIEW A SILICON TRUST PUBLICATION. May Utilising the synergies between passports and eid cards

Polycarbonate datapage from Trüb Switzerland

TRUE IDENTITY IBORDERS BIOTHENTICATE: SECURING BORDERS WITH BIOMETRICS POSITIONING PAPER

ICAO: THE TECHNICAL ADVISORY GROUP FOR MACHINE READABLE TRAVEL DOCUMENTS

LESSONS LEARNT CARLOS GÓMEZ HEAD OF R&D AND INNOVATION FNMT-RCM, SPAIN

Emergence of multimodal biometrics at the Border Biometrics Institute Asia-Pacific Conference

ICAO Regional Seminar on MRTDs, Biometrics and Border Security. Zimbabwe Closing Remarks

and Travel Documents with Biometrical Parameters

emrtd: Trends, Toward Smart Borders and mobile verification DL: Mobile online verification September Bern

Evaluation of the Administrative Services on Issuing of Bulgarian Identity Documents

PROPOSED AMENDMENT 25 TO ANNEX 9. (Presented by the Secretariat) EXECUTIVE SUMMARY

Ad-Hoc Query on identity documents issued by EU Member States. Requested by EE EMN NCP on 2 nd June Compilation produced on 9 th August 2010

International Civil Aviation Organization TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD) TWENTIETH MEETING

MAKING BORDERS MORE SECURE THE BENEFITS OF AUTOMATION

Licensing Law Awareness. (Do You Know How To Spot a Fake ID?)

TWELFTH SESSION OF THE FACILITATION DIVISION THE MALAYSIAN ELECTRONIC PASSPORT

Global Identity Verification & Migration Mobility Control

Integrated Population Register. a key pillar in a holistic approach to citizen identification

PROGRAMME DAY 1 TUESDAY, 7 OCTOBER

Happy Flow and Border control. ICAO 13th TRIP SYMPOSIUM AND EXHIBITION 26 October 2017

THE FUTURE OF epassports AND BORDER CROSSINGS. A look at where technology might take us By Peter Schmallegger, NXP Semiconductors

Mykonos Ports EU FastPass Project IISA 2014 Chania

Curriculum on Standardized Induction Training for Frontline Border Officials

UTAH IDENTITY THEFT RANKING BY STATE: Rank 31, 57.8 Complaints Per 100,000 Population, 1529 Complaints (2007) Updated December 30, 2008

The Angola National ID Card

Using Traveller ID for Streamlined Border Controls PROGRAMME

Ad-Hoc Query on Implementation of Council Regulation 380/2008. Requested by FI EMN NCP on 10 th September 2009

BORDER CONTROL INSPECTION, Document Verification and Fraud, ICAO Standard MRTDs, Biometrics and Security

Security & Identity MRTD REPORT

Why Biometrics? Why Biometrics? Biometric Technologies: Security and Privacy 2/25/2014. Dr. Rigoberto Chinchilla School of Technology

E-Passport for Ukraine

ANNEX. to the Proposal. for a Regulation of the European Parliament and the Council

The United Nations study on fraud and the criminal misuse and falsification of identity

Service Request Manual

INTRODUCTION 4 Borders under pressure 4 On the move 4 Open for business 4 Experience matters 4

FastPass and EasyPASS ABC from science to solution

EMN Ad-Hoc Query on SI NCP AHQ on form of format of residence permits for beneficiaries of Directive 2004/38/EC Residence

27 Sept Director of KISA K-NBTCK Dr. Jason Kim

Bonding solutions in e-passports

ICAO TRIP STRATEGY COMPENDIUM A KEY OVERVIEW OF THE TRAVELLER IDENTIFICATION MANAGEMENT Edition

Click on E-Passport Application Form

SYMPOSIUM with Exhibition. ICAO-Standard MRTDs and Biometric Enhancement September 2005 ICAO Headquarters Montreal, Canada.

Doc Machine Readable Travel Documents. Seventh Edition, Part 8: Emergency Travel Documents INTERNATIONAL CIVIL AVIATION ORGANIZATION

IOM International Organization for Migration OIM Organizaţia Internaţională pentru Migraţie

The Honorable Michael Chertoff Office of the Secretary Department of Homeland Security Attn: NAC Washington, DC 20528

Automated Border Control systems as part of e-border crossing process

Border Management and People Clearance. The Singapore Experience. Interpol - 5 th Special Meeting of the Counter-Terrorism Committee

Transcription:

epassport Compliance Challenges: The Border Perspective David Clark Caicos Management Associates Ottawa, Canada

Invincible Absolutely secure with passport data on the chip Utterly reliable; can always be counted on. The authentication certificate on the chip further proves it. May render old passports obsolete? Early epassport Beliefs? on ICAO MRTDs, Biometrics and

I always thought he was dead, but he has an e-passport. Really?

e-passports are a significant ifi advance in passport security, but: They must be understood, d and authenticated ti t properly, in order to achieve this enhanced security. Otherwise they may deceive and create false trust. They do not replace other passport security features or render them obsolete, but rather augment them. Proper e-passport issuance must be complemented by proper e-passport border authentication. How can this be? - The Facts

250,000,000 e-passports now in circulation e-passports represent half of all passports issued globally, with most countries issuing now or soon. BUT: Border reader deployment is still very limited Border processing of epassports often does not represent best practices for epassport security epassport Reality Today S th S i d E hibiti

Chip data can only be considered reliable if: The decrypted digital signature matches the corresponding hash of the chip data, AND: either: the Doc Signer Public Key Certificate used to decrypt the digital signature is also authenticated with the trusted t Country Signer Certificate t Authority (CSCA) certificate; or the Doc Signer Public Key Certificate used is listed as valid in the ICAO Public Key Directory (PKD) This is Passive Authentication, an essential part of ICAO e-passport standards. A Reminder: how epassports work pseventh S Symposium and Exhibition

Passive Authentication

PA facilitation with the ICAO PKD

To understand possible illicit border entry attempts with e-passports. To understand d the limitations it ti of some e-passport border processing practices without PA. To understand the important role of the ICAO Public Key Directory (PKD) in implementing PA. To set out rational steps for border implementation for proper e-passport treatment. Border Deployment Planning Needs

Stolen epassport simple impersonation E-Passports not read? No electronic biometric checks at borders? Stolen epassport destroy the chip Still a valid passport according to ICAO standards. E-Passports not read? No policies for special treatment? Stolen epassport substitute t chip Fake photo, validity dates, digital signature, and Doc Signer certificate on chip? E-Passports not read? No PA checks with certificate t authentication? ti ti Counterfeit epassport both data page and chip Digital signature checks out with certificate on chip but no PA with certificate authentication? Some Attacks S th S i d E hibiti

Don t read the epassport, or don t always read the epassport, even if readers are deployed. Read the chip and visually compare the chip photo against the data page photo. Read the chip and compare the MRZs on the chip and the data page. Read the chip and check the digital signature using the certificate on the chip, but without full PA authentication of the certificate on the chip. Don t check biometrics electronically, or don t ever check biometrics electronically. Some Common Border Practices?

Are such methods effective at all without PA? Mistakes made by counterfeiters: MRZ on chip not compliant with check digits? Data on chip not the same as on data page? Certificate t on chip has a Doc Signer key that t does not work with the fake data? Answer: perhaps in a very limited way, but Assessment of these practices S th S i d E hibiti

The Reality S th S i d E hibiti

Deploy e-passports readers and always use them, even without t PA initially: iti Criminal doesn t know what will be checked when you read e-passports: He knows altered or counterfeit chip data will be detected with full Passive Authentication He knows a stolen book will risk detection with electronic biometric checks Strong incentive for the criminal to go elsewhere, or not try. Interim Tools and Protection -1

Implement electronic biometric checks by clear policy and practices: Any operator uncertainty t with a visual check? Sampling at primary equip some primary stations with biometric capture devices (cameras?) as well as readers? Any inoperative chip send to secondary? Very low international experience with such failures. Strong incentive for the criminal to go elsewhere, or not try. Interim Tools and Protection -2

Initiate full Passive Authentication in all border readers/systems as soon as possible: Initiate PA implementation simultaneously with border reader deployment plans. This must be treated as a high priority border security requirement. ABC facilities must use full PA of course. Join and use the PKD as part of this exercise. Low cost; very high benefit. Ultimate Protection -3

If you don t deploy readers and always read e-passports Passports, you are the target for access attempts by criminals that are deterred or denied to them elsewhere. If you don t deploy and use Passive Authentication with your other practices, you are at serious risk of false document trust and undetected entry by sophisticated criminals. If you don t use the PKD, you probably can t implement the above realistically. Mantra: Proper e-passport issuance must be complemented by proper e-passport border authentication. Conclusions S th S i d E hibiti

David Clark P.Eng. Caicos Management Associates (dclark@caicosmanagement.com) T: 613-824-2208 2208 M: 954-821-5825 5825 Thank you. Questions? S th S i d E hibiti

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback