kinegram.digital

Appearance

eMRTD Security Mechanisms

This document provides a short overview on eMRTDs (Electronic Machine Readable Travel Document) and the involved security mechanisms as defined in ICAO Doc9303 (Part 10 and 11 in particular).

The German Federal Office for Information Security (BSI) can be an additional resource on the security mechanisms involved.

eMRTD The "Chip Inside" symbol indicates an eMRTD chip is present.

Communication Using APDUs

ISO7816 APDUs (Application Protocol Data Unit) are used to communicate with the eMRTD chip.

Access Control Protocol

There are two Access Control Protocols, Basic Access Control (BAC) and Password Authenticated Connection Establishment (PACE).

Either the MRZ Info (Document Number, Date of Birth, Date of Expiry) or the Card Access Number (CAN) is used to derive the Access Key to prevent unauthorized reading (skimming).

Additionally, a secure communication channel (Secure Messaging) is established to prevent eavesdropping.

Notes:

  • The 6 digit CAN is printed on the document (optional and only available for PACE).
  • Password Authenticated Connection Establishment (PACE) has replaced the deprecated BAC. It provides a better protection against eavesdropping.

Files on the eMRTD Chip

Card Access File (conditional)

If the Access Control protocol PACE is supported, the Card Access file must be present and contain a "Public Key Info" for PACE.

Document Security Object (SOD)

The SOD is implemented as a SignedData Type (RFC 3369).
It contains the Document Signing Certificate which is signed by the issuing country. The signed content (signed with the Document Signing Certificate) includes (among other details) a hash values for each Data Group present.

Relevant Data Groups

Data GroupContent
Data Group 1MRZ Info (as printed on the data page). (mandatory)
Data Group 2Photo of the Face. (mandatory)
Data Group 7Image of the Signature or Usual Mark (optional)
Data Group 11Additional Personal Details (optional)
Data Group 12Additional Document Details (optional)
Data Group 14Security Options (a.o. Public Key info for Chip Authentication). (conditional)
Data Group 15Active Authentication Public Key Info (conditional)
  • The Date of Expiry in the MRZ Info (Data Group 1) might be before the Not After Date of the SOD's Document Certificate.
  • Data Group 14/15 are mandatory depending on which protocols are supported.

The file EmrtdDataGroups.png lists all 16 Data Groups.

Passive Authentication

With Passive Authentication the integrity and authenticity of the data (like MRZ info, photo of face) is verified based on a list of trusted country certificates.

The Inspection System performs the following steps:

  1. The Inspection System SHALL read the Document Security Object (SOD) (which MUST contain the Document Signer Certificate (CDS), see also Doc 9303-10) from the contactless IC.
  2. The Inspection System SHALL build and validate a certification path from a Trust Anchor to the Document Signer Certificate used to sign the Document Security Object (SOD) according to Doc 9303-12.
  3. The Inspection System SHALL use the verified Document Signer Public Key to verify the signature of the Document Security Object (SOD).
  4. The Inspection System MAY read relevant Data Groups from the contactless IC.
  5. The Inspection System SHALL ensure that the contents of the Data Group are authentic and unchanged by hashing the contents and comparing the result with the corresponding hash value in the Document Security Object (SOD).

-- ICAO Doc9303 Part 11, Chapter 5.1.1 Passive Authentication - Inspection Process (accessed on the 12.10.2021)

Active Authentication (AA) (optional)

Verifies that the Chip is not cloned.

The Chip signs (using RSA or ECDSA) a random challenge with a private key. If the ECDSA is used, the Hash algorithm is mentioned in the "Active Authentication Info" from DG14. The signature can be verified using the Public Key for AA from Data Group 15.

Notes:

  • The authenticity of Data Groups 14 & 15 must be verified using Passive Authentication in order for the Active Authentication result to be meaningful.
  • A cloned Chip can not generate a valid signature, because it does not know the private key associated with the "Public Key for AA".

Chip Authentication (CA) (optional)

Verifies that the Chip is not cloned and establishes new (stronger) communication keys.

The Inspection System performs the following steps:

  1. Generate a new public-private key pair and sends the public key to the chip.
  2. Calculate a shared secret using its private key and the "Public Key for Chip Authentication" from Data Group 14.
  3. Derives new communication keys from the shared secret.

Notes:

  • The authenticity of Data Group 14 must be verified through Passive Authentication to ensure that the Chip Authentication result is meaningful.
  • Communication cannot be sustained by a cloned chip, as it is unable to compute the same shared secret, because it does not know the private key associated with the Public Key for Chip Authentication from Data Group 14.

Simplified eMRTD Verification Procedure

To summarize this a simplified rundown of an eMRTD verification:

  • Read File Card Access (if present)
  • Perform Access Control (either BAC or PACE)
  • Read SOD
  • Read Data Group 14 (if present) & Perform Chip Authentication (if available)
  • Read Data Group 15 (if present) & Perform Active Authentication (if available)
  • Read Data Groups 1, 2 and other Data Groups (if present)
  • Verify Integrity and Authenticity of the Data Groups