EPASSPORT INTEROPERABILITY TEST EVENT - PowerPoint PPT Presentation

1 / 48
About This Presentation
Title:

EPASSPORT INTEROPERABILITY TEST EVENT

Description:

Organized by the German Standards Body DIN. Supported by. the Federal Ministry of the Interior ... Test results have been used to improve the test standards ... – PowerPoint PPT presentation

Number of Views:248
Avg rating:3.0/5.0
Slides: 49
Provided by: essen6
Category:

less

Transcript and Presenter's Notes

Title: EPASSPORT INTEROPERABILITY TEST EVENT


1
E-PASSPORT INTEROPERABILITY TEST EVENT
  • 29 MAY 1 JUNE 2006, BERLIN / GERMANY

2
Agenda
Interoperability of e-Passports as the foundation
of Trust and SecurityDr. Uwe Seidel
From the Golden Reader Tool to an ISO
standardAxel Munde
ICAO Technical Report on e-Passport Test
Standards Dr. Michael Jahnich
Conformity Testing Layer 1 - 4 Andreas Ehre
Conformity Testing Layer 6 7 / Technical Event
AgendaMichael Schlüter
3
Agenda
Interoperability of e-Passports as the Foundation
of Trust and SecurityDr. Uwe Seidel
From the Golden Reader Tool to an ISO
standardAxel Munde
ICAO Technical Report on e-Passport Test
Standards Dr. Michael Jahnich
Conformity Testing Layer 1 - 4 Andreas Ehre
Conformity Testing Layer 6 7 / Technical Event
AgendaMichael Schlüter
4
Interoperability of e-passports as the foundation
of trust and security
Dr. Uwe Seidel
5
Welcome by the Federal Criminal Police Office
(Bundeskriminalamt)
  • To the Berlin e-passport interoperability test
    event
  • Organized by the German Standards Body DIN.
  • Supported by
  • the Federal Ministry of the Interior
  • ICAOs New Technology Working Group (NTWG)
  • the EU Commission
  • the Federal Office for Information Security (BSI)
  • the Bundeskriminalamt (BKA)
  • and several dedicated companies, providing
    technical expertise.
  • You are not alone in Berlin
  • 350 registered participants from 38 countries
  • 400 e-passports samples from 175 countries and
    companies
  • 48 readers from 38 different companies and
    organizations
  • The BKA will be your government partner for the
    cross-over-testing sessions.

6
Another interoperability test what is different
from Morgantown to Singapore?
  • A large number of countries is about to join the
    e-passport initiative
  • Following EU regulation 2252/2004, all EU Member
    States will start issuing e-passports by the end
    of August, 2006.
  • At first, digitally stored personal data and a
    facial image,at the latest 2009 two fingerprint
    images will be added.
  • We would like to shift gears now
  • Building upon the foundations laid in previous
    interoperability trials, the Berlin
    interoperability test will be the technologically
    most challenging event so far.
  • Following the request by ICAOs NTWG, we raised
    the bar with respect to admittance rules and
    publication of results. And we could do so given
    the tremendous progress in e-passport technology
    since the first interoperability trial in
    Morgantown, 2004. Thanks to our predecessors!
  • And we will try to start the transition away from
    reader vs. passport testing towards a technically
    well founded testing against RF protocol
    standards.

7
The bigger picture beyond technology Focus on
Trust and Security
  • Modern e-passports are documents consisting of
  • a physical document, with datapage, MRZ and
    well proven security features establishing trust
    in the physical passport book.
  • digital document, with RF chip, personal and
    biometric features, protected by cryptographic
    security features, establishing trust in the
    digital data.
  • privacy protecting features, establishing
    confidence in the legal and conscious use of
    personal data.
  • That is why beyond the pure functional testing
  • We will focus on the mandatory Passive
    Authentication Scheme standardized in the PKI
    TR.
  • We will test and report performance with respect
    to ability of systems to check integrity and
    authenticity of digitally signed data on
    e-passports.
  • Physical and digital security measures MUST
    complement each other to form a modern, machine
    verifiable document which can be trusted by
    travelers and control authorities alike. Lets
    see if we can find those here in Berlin!

8
Agenda
Interoperability of e-Passports as the foundation
of trust and securityDr. Uwe Seidel
From the Golden Reader Tool to an ISO
standardAxel Munde
ICAO Technical Report on e-Passport Test
Standards Dr. Michael Jahnich
Conformity Testing Layer 1 - 4 Andreas Ehre
Conformity Testing Layer 6 7 / Technical Event
AgendaMichael Schlüter
9
From the Golden Reader Tool to an ISO standard
Axel Munde
10
From the Golden Reader Tool to an ISO Standard
  • Short history of e-passport interoperability
    tests (more on Thursday)
  • Canberra 2004 a disaster, from interoperability
    point of view
  • Morgantown 2004 some improvements
  • Sydney 2004 some more improvements
  • (Baltimore 2004 using e-passports in inspection
    line)
  • Tsukuba 2005 interoperability breakthrough
  • Singapore 2005 further improvements
  • Berlin 2006 The last interoperability event?
  • In 2004 the Essen Group (NL, UK and Germany) was
    founded to implement a common understanding of
    ICAO recommendations (LDS and PKI).
  • Development of Golden Reader Tool

11
From Golden Reader Tool to an ISO Standard
  • Golden Reader Tool
  • Communication between
  • e-passport (Chip)
  • RF-Reader
  • OCR-Reader (BAC)
  • Cryptographic Module
  • Standardised interfaces between these modules in
    e-passport API
  • Based on these modules we started to define test
    specifications for these modules
  • Drafts of test spec for PICC (Chip) and reader
    (PCD) were accepted by ISO and ICAO NTWG

12
From Golden Reader Tool to an ISO Standard
  • In Berlin two tests in parallel
  • Cross-Over (results will be published)
  • Conformity testing of PICC with selected test
    cases (not published)
  • Future challenge will be to ensure a lasting
    global interoperability for e-passports (Valid 5
    to 10 years)
  • Different chip generations and types
  • Different readers generations (firmware) and
    types
  • In our opinion, these issues can only be
    addressed by international accepted test
    specifications to ensure conformity
  • Based on the test specifications the BSI is about
    to set up
  • accreditation of test labs for the different
    parts
  • certification of conformity testing
  • More details on conformity testing and the
    organisation of the event in the following
    presentations

13
Agenda
Interoperability of e-Passports as the Foundation
of Trust and SecurityDr. Uwe Seidel
From the Golden Reader Tool to an ISO
StandardAxel Munde
ICAO Technical Report on e-Passport Test
Standards Dr. Michael Jahnich
Conformity Testing Layer 1 - 4 Andreas Ehre
Conformity Testing Layer 6 7 / Technical Event
AgendaMichael Schlüter
14
ICAO Technical Report on e-Passport Test Standards
  • Dr. Michael JahnichCo-Editor Test Standards

15
ICAO Technical Report on e-Passport Test Standards
  • Objective
  • Development of RF protocol and application test
    standard of e-passport in the form of a
    Technical Report.
  • Scope and purpose of this test standard
  • Prove functional conformance
  • Improve interoperability
  • Out of scope
  • Security evaluation

16
ISO has been asked to develop the Test Standards
  • ISO/IEC SC 17 Working Group 3, Task Force 4
    headed by J. Sakaki and Robert Balderston
  • Editor of RF protocol test standard Axel Munde,
    BSI Germany,
  • Co-editor Dr. Michael Jahnich
  • Active members
  • Austria
  • Canada
  • France
  • Germany
  • Israel
  • Japan
  • United Kingdom
  • USA

17
Test standards follow the ISO/OSI model
L7 LDS application data
L6 LDS application protocol
L5 not applicable
L4 RF transmission protocol
L3 RF protocol activation (initialization and
anticollision)
L2 RF power and signal interface
L1 Physical characteristics (booklet, antenna,
SCIC, durability, aging)
18
RF Protocol and Application Test Standard for
e-Passport
  • Four parts of the test standard
  • Part 1 Framework and Scope
  • Part 2 Signal interface and RF protocol (Layer
    1-4)
  • Part 3 Application interface (Layer 6-7)
  • Part 4 PCD Signal interface and RF protocol
    (Layer 1-4)
  • Status
  • Part 23 are standing documents
  • Part 14 are under preparation

?
19
German BSI has validated the Test Standards
  • German BSI completed a project to set up the test
    equipment and test software
  • All tests cases have been implemented and tested
    with several passports
  • Test results have been used to improve the test
    standards
  • The developed test equipment and test software is
    used for the conformity testing at this event

20
Remaining steps to establish Conformity Testing
  • All members of ISO and ICAO / NTWG are invited to
    contribute to the test standards
  • Results form this test event will be used for
    improvements
  • Finalization of the test standard parts 2 and 3
    is planned for WG3 TF4 meeting in Graz 12th to
    13th of June 2006

21
Final goal is to establish a e-Passport
Conformity Certificate issued and equally
accepted by governmental certification bodies
Evaluation and test
Certification
Durability
e-Passport Conformity Certificate e.g. by BSI
Security Common Criteria
Manufacturer e-passport
RF Protocol Layer 1-4
LDS Application Layer 67
e.g. German BSI already offers such a
certification schemes to manufacturers and
passport issuing authorities
22
Contact
For any questions concerning the test
specifications Please contact me at our booth no
8
Dr. Michael Jahnich Mobil 49 173
7135710 michael.jahnich_at_hjp-consulting.com
23
Agenda
Interoperability of e-Passports as the Foundation
of Trust and SecurityDr. Uwe Seidel
From the Golden Reader Tool to an ISO
StandardAxel Munde
ICAO Technical Report on e-Passport Test
Standards Dr. Michael Jahnich
Conformity Testing Layer 1 - 4 Andreas Ehre
Conformity Testing Layer 6 7 / Technical Event
AgendaMichael Schlüter
24
CETECOM
  • The content

I - The principle of e-passport L1-4 conformity
testing
II - The test set-up and its capabilities
III - The tests provided here at the event
CETECOM ICT Services GmbH Untertürkheimer Str. 6
10 66117 Saarbrücken/Germany Tel. 49 681 598
-0 E-Mail info_at_ict.cetecom.de Web-Site
www.cetecom-ict.de
25
Test standards follow the ISO/OSI model
  • RF conformity requirements, Part 2
  • validated and implemented by CETECOM ICT Services

L7 LDS application data
L6 LDS application protocol
L5 not applicable
L4 RF transmission protocol
L3 RF protocol activation (initialization and
anticollision)
L2 RF power and signal interface
L1 Physical characteristics (booklet, antenna,
SCIC, durability, aging)
26
Conformity Testing according to ISO Test
Standards for ICAO compliant e-Passports Layers
1 - 4
  • Highlights of the conformity test strategy for
    e-passport
  • Parametric testing
  • all characteristics which are important for
    interoperability aretested separately and not in
    a functional interoperability check
  • Controllable testing
  • no influence from other instances than the device
    under test
  • Repeatable
  • test are to be performed in lab environment
    monitoring all parameters that can have influence
  • Single-ended testing
  • only the Device under Test is tested and not a
    combination of devices that are more or less
    known
  • Application-independent
  • The tests can be performed for all systems using
    ISO 14443 which is broadening the acceptance
  • After successful testing a BSI Conformity
    Certificate will be available

27
Basis for Testing Layers 1 - 4
PC with Test Software(developed by CETECOM)
Device under Test
ReaderSimulator
Modified ISOTest Apparatus
DSO,Network Analyzer,etc.
Modified in antenna matchingfor providing
PCD-Signal Shapeas specified in the relevant
specifications (incl. High data rates)
Capable of being SW-configuredto simulate
different PCD Signalsas they might appear from
standardcompliant readers
28
Basis for Testing Layers 1 - 4
L1 Physical characteristics
L3 RF protocol activation
L4 RF transmission protocol
L2 RF power and signal interface
29
Capabilities of Layer 1 4 Test Bench
  • Test set-up allows for
  • All ISO 14443/10373-6 test cases (Physics,
    timing, framing, protocols, data exchange)
  • Including Resonance Frequency
  • Including Modulation Index
  • Including variation of Environmental Conditions
  • Including variation of Field Strength
  • Including variation of PCD Signal Characteristics
    Including verification of Response Times and
    Framings
  • Including complete set of ISO 14443 -3/-4
    protocol topics
  • Debugging and investigation of behaviour in case
    of interoperability problems
  • Providing detailed log-files for all levels of
    communication

30
Provisions during the Interoperability Eventfor
Layer 1 4 Conformity Testing
  • Here at the event
  • A sub-set of tests is provided
  • 1 2 test cases from each layer 2, layer 3 and
    layer 4 , e.g.
  • Check of Threshold Resonance Frequency
  • Acceptance of PCD-Signal-Variation (Signal Form
    and Field Strength)
  • Start-Up-Time
  • Transmission Parameter Selection
  • Exchange and chaining of I-Blocks and reaction on
    CID use
  • 7 out of about 150 test cases
  • Performed by CETECOM ICT Services (accredited
    laboratory)
  • Not a complete conformity test / no
    certification
  • Introduction of the principle
  • Test result report for every tested e-passport

31
Your Contacts at the Event
  • For any questions on the e-passport conformity
    testing
  • Questions on testing occurring during and after
    the event
  • Problems occurring during interoperability
    testingspot check of characteristics for
    debugging
  • Issue reporting and feedback sheet
    (Questionnaire)
  • Questions on test results achieved in conformity
    testing
  • etc.
  • Please don't hesitate to contact me or drop a
    message at our booth (10)
  • Andreas Ehre
  • Mobile 49 173 878 0307
  • Andreas.Ehre_at_ict.cetecom.de

32
Agenda
Interoperability of e-Passports as the Foundation
of Trust and SecurityDr. Uwe Seidel
From the Golden Reader Tool to an ISO
StandardAxel Munde
ICAO Technical Report on e-Passport Test
Standards Dr. Michael Jahnich
Conformity Testing Layer 1 - 4 Andreas Ehre
Conformity Testing Layer 6 7 / Technical Event
AgendaMichael Schlüter
33
Conformity Testing Layer 6 7 / Technical Event
Agenda
Michael Schlütermichael.schlueter_at_secunet.comBer
lin, May 30, 2006
34
Test standards follow the ISO/OSI model
  • LDS Requirements
  • validated and implemented by secunet

L7 LDS application data
L6 LDS application protocol
L5 not applicable
L4 RF transmission protocol
L3 RF protocol activiati (initialization and
anticollision)
L2 RF power and signal interface
L1 Physical characteristics (booklet, antenna,
SCIC, durability, aging)
35
Conformity Test Specification Layer 6 (LDS
Application)
  • Test specification based on international
    standards
  • ISO 7816-4 2005 Organization, security and
    commands for interchange
  • ICAO Doc 9303 MRTD Part 1 Machine Readable
    Passports
  • Document structure consists of five test units
  • A Selection of the ICAO LDS Application
  • B File Access Control for e-passport with BAC
    protection
  • C BAC specific commands (Get Challenge, Mutual
    Authenticate)
  • D Implementation of the Select File command
  • E Implementation of the Read Binary command

36
Conformity Test Specification Layer 7 (LDS Data)
  • Test specification based on international
    standards
  • ICAO Doc 9303 MRTD Part 1 Machine Readable
    Passports
  • TR LDS 1.7 Development of a Logical Data
    Structure
  • TR PKI 1.1 PKI for Machine Readable Travel
    Documents
  • Document structure consists of four test units
  • A EF.COM Common Data Elements
  • B Data Group 1 Machine Readable Zone
    Information
  • C Data Group 2 Encoded Face Image
  • D EF.SOD LDS Security Data

37
Conformity Test Environment Layer 6 7
  • German BSI has initiated a proof-of-concept
    implementation of the conformity test plan (Layer
    6 7)
  • Implementation has been done by secunet
  • Resulting test suite is used for the conformity
    tests

38
Conformity Assessment Workshop Thursday, June 1st
  • Further details on the conformity test
    specification
  • 15.00 15.30
  • Detailed report of e-passport conformity testing
    Layer 1 4
  • Andreas Ehre, CETECOM ICT Services GmbH
  • 16.00 16.30
  • Detailed report of e-passport conformity testing
    Layer 6 7
  • Michael Schlüter, secunet Security Networks AG

39
Technical Event Agenda
  • Two days of testing
  • Conformity- and Cross Over Tests will be
    conducted in parallel

40
Distribution of e-Passports
  • e-passport provider supplied packs of five equal
    samples each
  • A maximum of two packs per provider are accepted
  • Two passports are used for Cross Over Testing
  • Two passports are used for Conformity Testing
  • One passport is used for reference purposes
    (spare)

41
Conformity Test Procedure
  • Conformity tests are performed as closed door
    tests
  • Only the e-passport supplier can observe the
    tests of their samples
  • Only e-passport supplier will receive their
    results in a detailed protocol
  • Each passport is assigned to a 20 minutestime
    slot for conformity testing
  • A time table is published by the event management
  • Dedicated contact persons are nominated for
    further discussions

42
Conformity Test Cases
  • Due to the limited time, only a subset of the
    conformity tests are performed
  • Layer 1 4
  • Communication Stability (6.2.2 / 6.2.3)
  • Start-Up Time (7.1.1/ 7.1.2)
  • Handling of RATS (8.1.3 / Type A only)
  • Handling of ATTRIB (8.2.4 Type B only)
  • Chaining of I-Blocks (8.3.2)
  • PICC reaction on CID (8.3.5)
  • Layer 6
  • ISO7816_B_4 (Plain SelectFile command for data
    group 2 on a BAC protected passport)
  • ISO7816_C_23 (Plain ReadBinary command with SFI
    on a BAC protected passport)
  • ISO7816_D_3 (SelectFile command with an invalid
    parameter P1)
  • ISO7816_E_5 (Valid ReadBinary command with SFI
    for EF.COM)
  • Layer 7
  • LDS_A_3 (LDS Version number referred by EF.COM)
  • LDS_C_7 (Data Group 2 CBEFF Format Owner Element)
  • LDS_C_8 (Data Group 2 CBEFF Format Type Element)
  • LDS_D_7 (Coding of the Document Signer
    Certificate)

43
Cross Over Test Procedure
  • Cross Over Tests are performed by dedicated test
    teams
  • Teams are recruited from vendor independent
    organizations
  • Registered e-passports are arranged in bags with
    five samples
  • All registered e-passport reader stations are
    tested with all samples
  • Cross Over Test Parameter
  • System specific software is recommended
  • System process time is measured
  • No distance tests are performed

44
Distribution of Test Results
  • First results and findings are published on
    Thursday.
  • Full details of the Cross Over Test will be
    published after the event.
  • Only a summary of the Conformity Test results
    will be published.
  • e-passport supplier will receive detailed results
    of their conformity test session.

45
Contact Persons
Conformity TestGovernment Axel Munde 49 178
603 3282
Cross Over TestGovernment Dr. Uwe Seidel 49
170 790 9942
Conformity TestLayer 1 - 4 Andreas Ehre49 173
878 0307
Conformity TestSpecification Dr. Michael
Jahnich 49 173 713 5710
Conformity TestLayer 6 - 7 Michael Schlüter
49 171 411 8008
Cross Over Test Norbert Richartz 49 171 221
2441
46
Contact Persons
e-Passport Registration Anne Lahner49 170 920
64 85
e-Passport Registration Patrick Franitza 49
170 553 1301
Event Organizer Hannelore Weber
47
A time to make friends
Kick-off to the e-Passport World-Cup Germany
2006
48
E-PASSPORT INTEROPERABILITY TEST EVENT
  • 29 MAY 1 JUNE 2006, BERLIN / GERMANY
Write a Comment
User Comments (0)
About PowerShow.com