Title: EPASSPORT INTEROPERABILITY TEST EVENT
1E-PASSPORT INTEROPERABILITY TEST EVENT
- 29 MAY 1 JUNE 2006, BERLIN / GERMANY
2Agenda
Interoperability of e-Passports as the foundation
of Trust and SecurityDr. Uwe Seidel
From the Golden Reader Tool to an ISO
standardAxel Munde
ICAO Technical Report on e-Passport Test
Standards Dr. Michael Jahnich
Conformity Testing Layer 1 - 4 Andreas Ehre
Conformity Testing Layer 6 7 / Technical Event
AgendaMichael Schlüter
3Agenda
Interoperability of e-Passports as the Foundation
of Trust and SecurityDr. Uwe Seidel
From the Golden Reader Tool to an ISO
standardAxel Munde
ICAO Technical Report on e-Passport Test
Standards Dr. Michael Jahnich
Conformity Testing Layer 1 - 4 Andreas Ehre
Conformity Testing Layer 6 7 / Technical Event
AgendaMichael Schlüter
4Interoperability of e-passports as the foundation
of trust and security
Dr. Uwe Seidel
5Welcome by the Federal Criminal Police Office
(Bundeskriminalamt)
- To the Berlin e-passport interoperability test
event - Organized by the German Standards Body DIN.
- Supported by
- the Federal Ministry of the Interior
- ICAOs New Technology Working Group (NTWG)
- the EU Commission
- the Federal Office for Information Security (BSI)
- the Bundeskriminalamt (BKA)
- and several dedicated companies, providing
technical expertise. - You are not alone in Berlin
- 350 registered participants from 38 countries
- 400 e-passports samples from 175 countries and
companies - 48 readers from 38 different companies and
organizations - The BKA will be your government partner for the
cross-over-testing sessions.
6Another interoperability test what is different
from Morgantown to Singapore?
- A large number of countries is about to join the
e-passport initiative - Following EU regulation 2252/2004, all EU Member
States will start issuing e-passports by the end
of August, 2006. - At first, digitally stored personal data and a
facial image,at the latest 2009 two fingerprint
images will be added. - We would like to shift gears now
- Building upon the foundations laid in previous
interoperability trials, the Berlin
interoperability test will be the technologically
most challenging event so far. - Following the request by ICAOs NTWG, we raised
the bar with respect to admittance rules and
publication of results. And we could do so given
the tremendous progress in e-passport technology
since the first interoperability trial in
Morgantown, 2004. Thanks to our predecessors! - And we will try to start the transition away from
reader vs. passport testing towards a technically
well founded testing against RF protocol
standards.
7The bigger picture beyond technology Focus on
Trust and Security
- Modern e-passports are documents consisting of
- a physical document, with datapage, MRZ and
well proven security features establishing trust
in the physical passport book. - digital document, with RF chip, personal and
biometric features, protected by cryptographic
security features, establishing trust in the
digital data. - privacy protecting features, establishing
confidence in the legal and conscious use of
personal data. - That is why beyond the pure functional testing
- We will focus on the mandatory Passive
Authentication Scheme standardized in the PKI
TR. - We will test and report performance with respect
to ability of systems to check integrity and
authenticity of digitally signed data on
e-passports. - Physical and digital security measures MUST
complement each other to form a modern, machine
verifiable document which can be trusted by
travelers and control authorities alike. Lets
see if we can find those here in Berlin!
8Agenda
Interoperability of e-Passports as the foundation
of trust and securityDr. Uwe Seidel
From the Golden Reader Tool to an ISO
standardAxel Munde
ICAO Technical Report on e-Passport Test
Standards Dr. Michael Jahnich
Conformity Testing Layer 1 - 4 Andreas Ehre
Conformity Testing Layer 6 7 / Technical Event
AgendaMichael Schlüter
9From the Golden Reader Tool to an ISO standard
Axel Munde
10From the Golden Reader Tool to an ISO Standard
- Short history of e-passport interoperability
tests (more on Thursday) - Canberra 2004 a disaster, from interoperability
point of view - Morgantown 2004 some improvements
- Sydney 2004 some more improvements
- (Baltimore 2004 using e-passports in inspection
line) - Tsukuba 2005 interoperability breakthrough
- Singapore 2005 further improvements
- Berlin 2006 The last interoperability event?
- In 2004 the Essen Group (NL, UK and Germany) was
founded to implement a common understanding of
ICAO recommendations (LDS and PKI). - Development of Golden Reader Tool
11From Golden Reader Tool to an ISO Standard
- Golden Reader Tool
- Communication between
- e-passport (Chip)
- RF-Reader
- OCR-Reader (BAC)
- Cryptographic Module
- Standardised interfaces between these modules in
e-passport API - Based on these modules we started to define test
specifications for these modules - Drafts of test spec for PICC (Chip) and reader
(PCD) were accepted by ISO and ICAO NTWG
12From Golden Reader Tool to an ISO Standard
- In Berlin two tests in parallel
- Cross-Over (results will be published)
- Conformity testing of PICC with selected test
cases (not published) - Future challenge will be to ensure a lasting
global interoperability for e-passports (Valid 5
to 10 years) - Different chip generations and types
- Different readers generations (firmware) and
types - In our opinion, these issues can only be
addressed by international accepted test
specifications to ensure conformity - Based on the test specifications the BSI is about
to set up - accreditation of test labs for the different
parts - certification of conformity testing
- More details on conformity testing and the
organisation of the event in the following
presentations
13Agenda
Interoperability of e-Passports as the Foundation
of Trust and SecurityDr. Uwe Seidel
From the Golden Reader Tool to an ISO
StandardAxel Munde
ICAO Technical Report on e-Passport Test
Standards Dr. Michael Jahnich
Conformity Testing Layer 1 - 4 Andreas Ehre
Conformity Testing Layer 6 7 / Technical Event
AgendaMichael Schlüter
14ICAO Technical Report on e-Passport Test Standards
- Dr. Michael JahnichCo-Editor Test Standards
15ICAO Technical Report on e-Passport Test Standards
- Objective
- Development of RF protocol and application test
standard of e-passport in the form of a
Technical Report. - Scope and purpose of this test standard
- Prove functional conformance
- Improve interoperability
- Out of scope
- Security evaluation
16ISO has been asked to develop the Test Standards
- ISO/IEC SC 17 Working Group 3, Task Force 4
headed by J. Sakaki and Robert Balderston - Editor of RF protocol test standard Axel Munde,
BSI Germany, - Co-editor Dr. Michael Jahnich
- Active members
- Austria
- Canada
- France
- Germany
- Israel
- Japan
- United Kingdom
- USA
17Test standards follow the ISO/OSI model
L7 LDS application data
L6 LDS application protocol
L5 not applicable
L4 RF transmission protocol
L3 RF protocol activation (initialization and
anticollision)
L2 RF power and signal interface
L1 Physical characteristics (booklet, antenna,
SCIC, durability, aging)
18RF Protocol and Application Test Standard for
e-Passport
- Four parts of the test standard
- Part 1 Framework and Scope
- Part 2 Signal interface and RF protocol (Layer
1-4) - Part 3 Application interface (Layer 6-7)
- Part 4 PCD Signal interface and RF protocol
(Layer 1-4) - Status
- Part 23 are standing documents
- Part 14 are under preparation
?
19German BSI has validated the Test Standards
- German BSI completed a project to set up the test
equipment and test software - All tests cases have been implemented and tested
with several passports - Test results have been used to improve the test
standards - The developed test equipment and test software is
used for the conformity testing at this event
20Remaining steps to establish Conformity Testing
- All members of ISO and ICAO / NTWG are invited to
contribute to the test standards - Results form this test event will be used for
improvements - Finalization of the test standard parts 2 and 3
is planned for WG3 TF4 meeting in Graz 12th to
13th of June 2006
21Final goal is to establish a e-Passport
Conformity Certificate issued and equally
accepted by governmental certification bodies
Evaluation and test
Certification
Durability
e-Passport Conformity Certificate e.g. by BSI
Security Common Criteria
Manufacturer e-passport
RF Protocol Layer 1-4
LDS Application Layer 67
e.g. German BSI already offers such a
certification schemes to manufacturers and
passport issuing authorities
22Contact
For any questions concerning the test
specifications Please contact me at our booth no
8
Dr. Michael Jahnich Mobil 49 173
7135710 michael.jahnich_at_hjp-consulting.com
23Agenda
Interoperability of e-Passports as the Foundation
of Trust and SecurityDr. Uwe Seidel
From the Golden Reader Tool to an ISO
StandardAxel Munde
ICAO Technical Report on e-Passport Test
Standards Dr. Michael Jahnich
Conformity Testing Layer 1 - 4 Andreas Ehre
Conformity Testing Layer 6 7 / Technical Event
AgendaMichael Schlüter
24CETECOM
I - The principle of e-passport L1-4 conformity
testing
II - The test set-up and its capabilities
III - The tests provided here at the event
CETECOM ICT Services GmbH Untertürkheimer Str. 6
10 66117 Saarbrücken/Germany Tel. 49 681 598
-0 E-Mail info_at_ict.cetecom.de Web-Site
www.cetecom-ict.de
25Test standards follow the ISO/OSI model
- RF conformity requirements, Part 2
- validated and implemented by CETECOM ICT Services
L7 LDS application data
L6 LDS application protocol
L5 not applicable
L4 RF transmission protocol
L3 RF protocol activation (initialization and
anticollision)
L2 RF power and signal interface
L1 Physical characteristics (booklet, antenna,
SCIC, durability, aging)
26Conformity Testing according to ISO Test
Standards for ICAO compliant e-Passports Layers
1 - 4
- Highlights of the conformity test strategy for
e-passport - Parametric testing
- all characteristics which are important for
interoperability aretested separately and not in
a functional interoperability check - Controllable testing
- no influence from other instances than the device
under test - Repeatable
- test are to be performed in lab environment
monitoring all parameters that can have influence - Single-ended testing
- only the Device under Test is tested and not a
combination of devices that are more or less
known - Application-independent
- The tests can be performed for all systems using
ISO 14443 which is broadening the acceptance - After successful testing a BSI Conformity
Certificate will be available
27Basis for Testing Layers 1 - 4
PC with Test Software(developed by CETECOM)
Device under Test
ReaderSimulator
Modified ISOTest Apparatus
DSO,Network Analyzer,etc.
Modified in antenna matchingfor providing
PCD-Signal Shapeas specified in the relevant
specifications (incl. High data rates)
Capable of being SW-configuredto simulate
different PCD Signalsas they might appear from
standardcompliant readers
28Basis for Testing Layers 1 - 4
L1 Physical characteristics
L3 RF protocol activation
L4 RF transmission protocol
L2 RF power and signal interface
29Capabilities of Layer 1 4 Test Bench
- Test set-up allows for
- All ISO 14443/10373-6 test cases (Physics,
timing, framing, protocols, data exchange) - Including Resonance Frequency
- Including Modulation Index
- Including variation of Environmental Conditions
- Including variation of Field Strength
- Including variation of PCD Signal Characteristics
Including verification of Response Times and
Framings - Including complete set of ISO 14443 -3/-4
protocol topics - Debugging and investigation of behaviour in case
of interoperability problems - Providing detailed log-files for all levels of
communication
30Provisions during the Interoperability Eventfor
Layer 1 4 Conformity Testing
- Here at the event
- A sub-set of tests is provided
- 1 2 test cases from each layer 2, layer 3 and
layer 4 , e.g. - Check of Threshold Resonance Frequency
- Acceptance of PCD-Signal-Variation (Signal Form
and Field Strength) - Start-Up-Time
- Transmission Parameter Selection
- Exchange and chaining of I-Blocks and reaction on
CID use - 7 out of about 150 test cases
- Performed by CETECOM ICT Services (accredited
laboratory) - Not a complete conformity test / no
certification - Introduction of the principle
- Test result report for every tested e-passport
31Your Contacts at the Event
- For any questions on the e-passport conformity
testing - Questions on testing occurring during and after
the event - Problems occurring during interoperability
testingspot check of characteristics for
debugging - Issue reporting and feedback sheet
(Questionnaire) - Questions on test results achieved in conformity
testing - etc.
- Please don't hesitate to contact me or drop a
message at our booth (10) - Andreas Ehre
- Mobile 49 173 878 0307
- Andreas.Ehre_at_ict.cetecom.de
32Agenda
Interoperability of e-Passports as the Foundation
of Trust and SecurityDr. Uwe Seidel
From the Golden Reader Tool to an ISO
StandardAxel Munde
ICAO Technical Report on e-Passport Test
Standards Dr. Michael Jahnich
Conformity Testing Layer 1 - 4 Andreas Ehre
Conformity Testing Layer 6 7 / Technical Event
AgendaMichael Schlüter
33Conformity Testing Layer 6 7 / Technical Event
Agenda
Michael Schlütermichael.schlueter_at_secunet.comBer
lin, May 30, 2006
34Test standards follow the ISO/OSI model
- LDS Requirements
- validated and implemented by secunet
L7 LDS application data
L6 LDS application protocol
L5 not applicable
L4 RF transmission protocol
L3 RF protocol activiati (initialization and
anticollision)
L2 RF power and signal interface
L1 Physical characteristics (booklet, antenna,
SCIC, durability, aging)
35Conformity Test Specification Layer 6 (LDS
Application)
- Test specification based on international
standards - ISO 7816-4 2005 Organization, security and
commands for interchange - ICAO Doc 9303 MRTD Part 1 Machine Readable
Passports - Document structure consists of five test units
- A Selection of the ICAO LDS Application
- B File Access Control for e-passport with BAC
protection - C BAC specific commands (Get Challenge, Mutual
Authenticate) - D Implementation of the Select File command
- E Implementation of the Read Binary command
36Conformity Test Specification Layer 7 (LDS Data)
- Test specification based on international
standards - ICAO Doc 9303 MRTD Part 1 Machine Readable
Passports - TR LDS 1.7 Development of a Logical Data
Structure - TR PKI 1.1 PKI for Machine Readable Travel
Documents - Document structure consists of four test units
- A EF.COM Common Data Elements
- B Data Group 1 Machine Readable Zone
Information - C Data Group 2 Encoded Face Image
- D EF.SOD LDS Security Data
37Conformity Test Environment Layer 6 7
- German BSI has initiated a proof-of-concept
implementation of the conformity test plan (Layer
6 7) - Implementation has been done by secunet
- Resulting test suite is used for the conformity
tests
38Conformity Assessment Workshop Thursday, June 1st
- Further details on the conformity test
specification
- 15.00 15.30
- Detailed report of e-passport conformity testing
Layer 1 4 - Andreas Ehre, CETECOM ICT Services GmbH
- 16.00 16.30
- Detailed report of e-passport conformity testing
Layer 6 7 - Michael Schlüter, secunet Security Networks AG
39Technical Event Agenda
- Two days of testing
- Conformity- and Cross Over Tests will be
conducted in parallel
40Distribution of e-Passports
- e-passport provider supplied packs of five equal
samples each - A maximum of two packs per provider are accepted
- Two passports are used for Cross Over Testing
- Two passports are used for Conformity Testing
- One passport is used for reference purposes
(spare)
41Conformity Test Procedure
- Conformity tests are performed as closed door
tests - Only the e-passport supplier can observe the
tests of their samples - Only e-passport supplier will receive their
results in a detailed protocol - Each passport is assigned to a 20 minutestime
slot for conformity testing - A time table is published by the event management
- Dedicated contact persons are nominated for
further discussions
42Conformity Test Cases
- Due to the limited time, only a subset of the
conformity tests are performed - Layer 1 4
- Communication Stability (6.2.2 / 6.2.3)
- Start-Up Time (7.1.1/ 7.1.2)
- Handling of RATS (8.1.3 / Type A only)
- Handling of ATTRIB (8.2.4 Type B only)
- Chaining of I-Blocks (8.3.2)
- PICC reaction on CID (8.3.5)
- Layer 6
- ISO7816_B_4 (Plain SelectFile command for data
group 2 on a BAC protected passport) - ISO7816_C_23 (Plain ReadBinary command with SFI
on a BAC protected passport) - ISO7816_D_3 (SelectFile command with an invalid
parameter P1) - ISO7816_E_5 (Valid ReadBinary command with SFI
for EF.COM) - Layer 7
- LDS_A_3 (LDS Version number referred by EF.COM)
- LDS_C_7 (Data Group 2 CBEFF Format Owner Element)
- LDS_C_8 (Data Group 2 CBEFF Format Type Element)
- LDS_D_7 (Coding of the Document Signer
Certificate)
43Cross Over Test Procedure
- Cross Over Tests are performed by dedicated test
teams - Teams are recruited from vendor independent
organizations - Registered e-passports are arranged in bags with
five samples - All registered e-passport reader stations are
tested with all samples - Cross Over Test Parameter
- System specific software is recommended
- System process time is measured
- No distance tests are performed
44Distribution of Test Results
- First results and findings are published on
Thursday. - Full details of the Cross Over Test will be
published after the event. - Only a summary of the Conformity Test results
will be published. - e-passport supplier will receive detailed results
of their conformity test session.
45Contact Persons
Conformity TestGovernment Axel Munde 49 178
603 3282
Cross Over TestGovernment Dr. Uwe Seidel 49
170 790 9942
Conformity TestLayer 1 - 4 Andreas Ehre49 173
878 0307
Conformity TestSpecification Dr. Michael
Jahnich 49 173 713 5710
Conformity TestLayer 6 - 7 Michael Schlüter
49 171 411 8008
Cross Over Test Norbert Richartz 49 171 221
2441
46Contact Persons
e-Passport Registration Anne Lahner49 170 920
64 85
e-Passport Registration Patrick Franitza 49
170 553 1301
Event Organizer Hannelore Weber
47A time to make friends
Kick-off to the e-Passport World-Cup Germany
2006
48E-PASSPORT INTEROPERABILITY TEST EVENT
- 29 MAY 1 JUNE 2006, BERLIN / GERMANY