EPASSPORT INTEROPERABILITY TEST EVENT

1
E-PASSPORT INTEROPERABILITY TEST EVENT

• 29 MAY 1 JUNE 2006, BERLIN / GERMANY

2
Agenda
Interoperability of e-Passports as the foundation
of Trust and SecurityDr. Uwe Seidel
From the Golden Reader Tool to an ISO
standardAxel Munde
ICAO Technical Report on e-Passport Test
Standards Dr. Michael Jahnich
Conformity Testing Layer 1 - 4 Andreas Ehre
Conformity Testing Layer 6 7 / Technical Event
AgendaMichael Schlüter
3
Agenda
Interoperability of e-Passports as the Foundation
of Trust and SecurityDr. Uwe Seidel
From the Golden Reader Tool to an ISO
standardAxel Munde
ICAO Technical Report on e-Passport Test
Standards Dr. Michael Jahnich
Conformity Testing Layer 1 - 4 Andreas Ehre
Conformity Testing Layer 6 7 / Technical Event
AgendaMichael Schlüter
4
Interoperability of e-passports as the foundation
of trust and security
Dr. Uwe Seidel
5
Welcome by the Federal Criminal Police Office
(Bundeskriminalamt)

• To the Berlin e-passport interoperability test
  event
• Organized by the German Standards Body DIN.
• Supported by
• the Federal Ministry of the Interior
• ICAOs New Technology Working Group (NTWG)
• the EU Commission
• the Federal Office for Information Security (BSI)
• the Bundeskriminalamt (BKA)
• and several dedicated companies, providing
  technical expertise.
• You are not alone in Berlin
• 350 registered participants from 38 countries
• 400 e-passports samples from 175 countries and
  companies
• 48 readers from 38 different companies and
  organizations
• The BKA will be your government partner for the
  cross-over-testing sessions.

6
Another interoperability test what is different
from Morgantown to Singapore?

• A large number of countries is about to join the
  e-passport initiative
• Following EU regulation 2252/2004, all EU Member
  States will start issuing e-passports by the end
  of August, 2006.
• At first, digitally stored personal data and a
  facial image,at the latest 2009 two fingerprint
  images will be added.
• We would like to shift gears now
• Building upon the foundations laid in previous
  interoperability trials, the Berlin
  interoperability test will be the technologically
  most challenging event so far.
• Following the request by ICAOs NTWG, we raised
  the bar with respect to admittance rules and
  publication of results. And we could do so given
  the tremendous progress in e-passport technology
  since the first interoperability trial in
  Morgantown, 2004. Thanks to our predecessors!
• And we will try to start the transition away from
  reader vs. passport testing towards a technically
  well founded testing against RF protocol
  standards.

7
The bigger picture beyond technology Focus on
Trust and Security

• Modern e-passports are documents consisting of
• a physical document, with datapage, MRZ and
  well proven security features establishing trust
  in the physical passport book.
• digital document, with RF chip, personal and
  biometric features, protected by cryptographic
  security features, establishing trust in the
  digital data.
• privacy protecting features, establishing
  confidence in the legal and conscious use of
  personal data.
• That is why beyond the pure functional testing
  
• We will focus on the mandatory Passive
  Authentication Scheme standardized in the PKI
  TR.
• We will test and report performance with respect
  to ability of systems to check integrity and
  authenticity of digitally signed data on
  e-passports.
• Physical and digital security measures MUST
  complement each other to form a modern, machine
  verifiable document which can be trusted by
  travelers and control authorities alike. Lets
  see if we can find those here in Berlin!

8
Agenda
Interoperability of e-Passports as the foundation
of trust and securityDr. Uwe Seidel
From the Golden Reader Tool to an ISO
standardAxel Munde
ICAO Technical Report on e-Passport Test
Standards Dr. Michael Jahnich
Conformity Testing Layer 1 - 4 Andreas Ehre
Conformity Testing Layer 6 7 / Technical Event
AgendaMichael Schlüter
9
From the Golden Reader Tool to an ISO standard
Axel Munde
10
From the Golden Reader Tool to an ISO Standard

• Short history of e-passport interoperability
  tests (more on Thursday)
• Canberra 2004 a disaster, from interoperability
  point of view
• Morgantown 2004 some improvements
• Sydney 2004 some more improvements
• (Baltimore 2004 using e-passports in inspection
  line)
• Tsukuba 2005 interoperability breakthrough
• Singapore 2005 further improvements
• Berlin 2006 The last interoperability event?
• In 2004 the Essen Group (NL, UK and Germany) was
  founded to implement a common understanding of
  ICAO recommendations (LDS and PKI).
• Development of Golden Reader Tool

11
From Golden Reader Tool to an ISO Standard

• Golden Reader Tool
• Communication between
• e-passport (Chip)
• RF-Reader
• OCR-Reader (BAC)
• Cryptographic Module
• Standardised interfaces between these modules in
  e-passport API
• Based on these modules we started to define test
  specifications for these modules
• Drafts of test spec for PICC (Chip) and reader
  (PCD) were accepted by ISO and ICAO NTWG

12
From Golden Reader Tool to an ISO Standard

• In Berlin two tests in parallel
• Cross-Over (results will be published)
• Conformity testing of PICC with selected test
  cases (not published)
• Future challenge will be to ensure a lasting
  global interoperability for e-passports (Valid 5
  to 10 years)
• Different chip generations and types
• Different readers generations (firmware) and
  types
• In our opinion, these issues can only be
  addressed by international accepted test
  specifications to ensure conformity
• Based on the test specifications the BSI is about
  to set up
• accreditation of test labs for the different
  parts
• certification of conformity testing
• More details on conformity testing and the
  organisation of the event in the following
  presentations

13
Agenda
Interoperability of e-Passports as the Foundation
of Trust and SecurityDr. Uwe Seidel
From the Golden Reader Tool to an ISO
StandardAxel Munde
ICAO Technical Report on e-Passport Test
Standards Dr. Michael Jahnich
Conformity Testing Layer 1 - 4 Andreas Ehre
Conformity Testing Layer 6 7 / Technical Event
AgendaMichael Schlüter
14
ICAO Technical Report on e-Passport Test Standards

• Dr. Michael JahnichCo-Editor Test Standards

15
ICAO Technical Report on e-Passport Test Standards

• Objective
• Development of RF protocol and application test
  standard of e-passport in the form of a
  Technical Report.
• Scope and purpose of this test standard
• Prove functional conformance
• Improve interoperability
• Out of scope
• Security evaluation

16
ISO has been asked to develop the Test Standards

• ISO/IEC SC 17 Working Group 3, Task Force 4
  headed by J. Sakaki and Robert Balderston
• Editor of RF protocol test standard Axel Munde,
  BSI Germany,
• Co-editor Dr. Michael Jahnich
• Active members
• Austria
• Canada
• France
• Germany
• Israel
• Japan
• United Kingdom
• USA

17
Test standards follow the ISO/OSI model
L7 LDS application data
L6 LDS application protocol
L5 not applicable
L4 RF transmission protocol
L3 RF protocol activation (initialization and
anticollision)
L2 RF power and signal interface
L1 Physical characteristics (booklet, antenna,
SCIC, durability, aging)
18
RF Protocol and Application Test Standard for
e-Passport

• Four parts of the test standard
• Part 1 Framework and Scope
• Part 2 Signal interface and RF protocol (Layer
  1-4)
• Part 3 Application interface (Layer 6-7)
• Part 4 PCD Signal interface and RF protocol
  (Layer 1-4)
• Status
• Part 23 are standing documents
• Part 14 are under preparation

?
19
German BSI has validated the Test Standards

• German BSI completed a project to set up the test
  equipment and test software
• All tests cases have been implemented and tested
  with several passports
• Test results have been used to improve the test
  standards
• The developed test equipment and test software is
  used for the conformity testing at this event

20
Remaining steps to establish Conformity Testing

• All members of ISO and ICAO / NTWG are invited to
  contribute to the test standards
• Results form this test event will be used for
  improvements
• Finalization of the test standard parts 2 and 3
  is planned for WG3 TF4 meeting in Graz 12th to
  13th of June 2006

21
Final goal is to establish a e-Passport
Conformity Certificate issued and equally
accepted by governmental certification bodies
Evaluation and test
Certification
Durability
e-Passport Conformity Certificate e.g. by BSI
Security Common Criteria
Manufacturer e-passport
RF Protocol Layer 1-4
LDS Application Layer 67
e.g. German BSI already offers such a
certification schemes to manufacturers and
passport issuing authorities
22
Contact
For any questions concerning the test
specifications Please contact me at our booth no
8
Dr. Michael Jahnich Mobil 49 173
7135710 michael.jahnich_at_hjp-consulting.com
23
Agenda
Interoperability of e-Passports as the Foundation
of Trust and SecurityDr. Uwe Seidel
From the Golden Reader Tool to an ISO
StandardAxel Munde
ICAO Technical Report on e-Passport Test
Standards Dr. Michael Jahnich
Conformity Testing Layer 1 - 4 Andreas Ehre
Conformity Testing Layer 6 7 / Technical Event
AgendaMichael Schlüter
24
CETECOM

• The content

I - The principle of e-passport L1-4 conformity
testing
II - The test set-up and its capabilities
III - The tests provided here at the event
CETECOM ICT Services GmbH Untertürkheimer Str. 6
10 66117 Saarbrücken/Germany Tel. 49 681 598
-0 E-Mail info_at_ict.cetecom.de Web-Site
www.cetecom-ict.de
25
Test standards follow the ISO/OSI model

• RF conformity requirements, Part 2
• validated and implemented by CETECOM ICT Services
  

L7 LDS application data
L6 LDS application protocol
L5 not applicable
L4 RF transmission protocol
L3 RF protocol activation (initialization and
anticollision)
L2 RF power and signal interface
L1 Physical characteristics (booklet, antenna,
SCIC, durability, aging)
26
Conformity Testing according to ISO Test
Standards for ICAO compliant e-Passports Layers
1 - 4

• Highlights of the conformity test strategy for
  e-passport
• Parametric testing
• all characteristics which are important for
  interoperability aretested separately and not in
  a functional interoperability check
• Controllable testing
• no influence from other instances than the device
  under test
• Repeatable
• test are to be performed in lab environment
  monitoring all parameters that can have influence
• Single-ended testing
• only the Device under Test is tested and not a
  combination of devices that are more or less
  known
• Application-independent
• The tests can be performed for all systems using
  ISO 14443 which is broadening the acceptance
• After successful testing a BSI Conformity
  Certificate will be available

27
Basis for Testing Layers 1 - 4
PC with Test Software(developed by CETECOM)
Device under Test
ReaderSimulator
Modified ISOTest Apparatus
DSO,Network Analyzer,etc.
Modified in antenna matchingfor providing
PCD-Signal Shapeas specified in the relevant
specifications (incl. High data rates)
Capable of being SW-configuredto simulate
different PCD Signalsas they might appear from
standardcompliant readers
28
Basis for Testing Layers 1 - 4
L1 Physical characteristics
L3 RF protocol activation
L4 RF transmission protocol
L2 RF power and signal interface
29
Capabilities of Layer 1 4 Test Bench

• Test set-up allows for
• All ISO 14443/10373-6 test cases (Physics,
  timing, framing, protocols, data exchange)
• Including Resonance Frequency
• Including Modulation Index
• Including variation of Environmental Conditions
• Including variation of Field Strength
• Including variation of PCD Signal Characteristics
  Including verification of Response Times and
  Framings
• Including complete set of ISO 14443 -3/-4
  protocol topics
• Debugging and investigation of behaviour in case
  of interoperability problems
• Providing detailed log-files for all levels of
  communication

30
Provisions during the Interoperability Eventfor
Layer 1 4 Conformity Testing

• Here at the event
• A sub-set of tests is provided
• 1 2 test cases from each layer 2, layer 3 and
  layer 4 , e.g.
• Check of Threshold Resonance Frequency
• Acceptance of PCD-Signal-Variation (Signal Form
  and Field Strength)
• Start-Up-Time
• Transmission Parameter Selection
• Exchange and chaining of I-Blocks and reaction on
  CID use
• 7 out of about 150 test cases
• Performed by CETECOM ICT Services (accredited
  laboratory)
• Not a complete conformity test / no
  certification
• Introduction of the principle
• Test result report for every tested e-passport

31
Your Contacts at the Event

• For any questions on the e-passport conformity
  testing
• Questions on testing occurring during and after
  the event
• Problems occurring during interoperability
  testingspot check of characteristics for
  debugging
• Issue reporting and feedback sheet
  (Questionnaire)
• Questions on test results achieved in conformity
  testing
• etc.

• Please don't hesitate to contact me or drop a
  message at our booth (10)
• Andreas Ehre
• Mobile 49 173 878 0307
• Andreas.Ehre_at_ict.cetecom.de

32
Agenda
Interoperability of e-Passports as the Foundation
of Trust and SecurityDr. Uwe Seidel
From the Golden Reader Tool to an ISO
StandardAxel Munde
ICAO Technical Report on e-Passport Test
Standards Dr. Michael Jahnich
Conformity Testing Layer 1 - 4 Andreas Ehre
Conformity Testing Layer 6 7 / Technical Event
AgendaMichael Schlüter
33
Conformity Testing Layer 6 7 / Technical Event
Agenda
Michael Schlütermichael.schlueter_at_secunet.comBer
lin, May 30, 2006
34
Test standards follow the ISO/OSI model

• LDS Requirements
• validated and implemented by secunet

L7 LDS application data
L6 LDS application protocol
L5 not applicable
L4 RF transmission protocol
L3 RF protocol activiati (initialization and
anticollision)
L2 RF power and signal interface
L1 Physical characteristics (booklet, antenna,
SCIC, durability, aging)
35
Conformity Test Specification Layer 6 (LDS
Application)

• Test specification based on international
  standards
• ISO 7816-4 2005 Organization, security and
  commands for interchange
• ICAO Doc 9303 MRTD Part 1 Machine Readable
  Passports
• Document structure consists of five test units
• A Selection of the ICAO LDS Application
• B File Access Control for e-passport with BAC
  protection
• C BAC specific commands (Get Challenge, Mutual
  Authenticate)
• D Implementation of the Select File command
• E Implementation of the Read Binary command

36
Conformity Test Specification Layer 7 (LDS Data)

• Test specification based on international
  standards
• ICAO Doc 9303 MRTD Part 1 Machine Readable
  Passports
• TR LDS 1.7 Development of a Logical Data
  Structure
• TR PKI 1.1 PKI for Machine Readable Travel
  Documents
• Document structure consists of four test units
• A EF.COM Common Data Elements
• B Data Group 1 Machine Readable Zone
  Information
• C Data Group 2 Encoded Face Image
• D EF.SOD LDS Security Data

37
Conformity Test Environment Layer 6 7

• German BSI has initiated a proof-of-concept
  implementation of the conformity test plan (Layer
  6 7)
• Implementation has been done by secunet
• Resulting test suite is used for the conformity
  tests

38
Conformity Assessment Workshop Thursday, June 1st

• Further details on the conformity test
  specification

• 15.00 15.30
• Detailed report of e-passport conformity testing
  Layer 1 4
• Andreas Ehre, CETECOM ICT Services GmbH

• 16.00 16.30
• Detailed report of e-passport conformity testing
  Layer 6 7
• Michael Schlüter, secunet Security Networks AG

39
Technical Event Agenda

• Two days of testing
• Conformity- and Cross Over Tests will be
  conducted in parallel

40
Distribution of e-Passports

• e-passport provider supplied packs of five equal
  samples each
• A maximum of two packs per provider are accepted
• Two passports are used for Cross Over Testing
• Two passports are used for Conformity Testing
• One passport is used for reference purposes
  (spare)

41
Conformity Test Procedure

• Conformity tests are performed as closed door
  tests
• Only the e-passport supplier can observe the
  tests of their samples
• Only e-passport supplier will receive their
  results in a detailed protocol
• Each passport is assigned to a 20 minutestime
  slot for conformity testing
• A time table is published by the event management
  
• Dedicated contact persons are nominated for
  further discussions

42
Conformity Test Cases

• Due to the limited time, only a subset of the
  conformity tests are performed
• Layer 1 4
• Communication Stability (6.2.2 / 6.2.3)
• Start-Up Time (7.1.1/ 7.1.2)
• Handling of RATS (8.1.3 / Type A only)
• Handling of ATTRIB (8.2.4 Type B only)
• Chaining of I-Blocks (8.3.2)
• PICC reaction on CID (8.3.5)
• Layer 6
• ISO7816_B_4 (Plain SelectFile command for data
  group 2 on a BAC protected passport)
• ISO7816_C_23 (Plain ReadBinary command with SFI
  on a BAC protected passport)
• ISO7816_D_3 (SelectFile command with an invalid
  parameter P1)
• ISO7816_E_5 (Valid ReadBinary command with SFI
  for EF.COM)
• Layer 7
• LDS_A_3 (LDS Version number referred by EF.COM)
• LDS_C_7 (Data Group 2 CBEFF Format Owner Element)
• LDS_C_8 (Data Group 2 CBEFF Format Type Element)
• LDS_D_7 (Coding of the Document Signer
  Certificate)

43
Cross Over Test Procedure

• Cross Over Tests are performed by dedicated test
  teams
• Teams are recruited from vendor independent
  organizations
• Registered e-passports are arranged in bags with
  five samples
• All registered e-passport reader stations are
  tested with all samples
• Cross Over Test Parameter
• System specific software is recommended
• System process time is measured
• No distance tests are performed

44
Distribution of Test Results

• First results and findings are published on
  Thursday.
• Full details of the Cross Over Test will be
  published after the event.
• Only a summary of the Conformity Test results
  will be published.
• e-passport supplier will receive detailed results
  of their conformity test session.

45
Contact Persons
Conformity TestGovernment Axel Munde 49 178
603 3282
Cross Over TestGovernment Dr. Uwe Seidel 49
170 790 9942
Conformity TestLayer 1 - 4 Andreas Ehre49 173
878 0307
Conformity TestSpecification Dr. Michael
Jahnich 49 173 713 5710
Conformity TestLayer 6 - 7 Michael Schlüter
49 171 411 8008
Cross Over Test Norbert Richartz 49 171 221
2441
46
Contact Persons
e-Passport Registration Anne Lahner49 170 920
64 85
e-Passport Registration Patrick Franitza 49
170 553 1301
Event Organizer Hannelore Weber
47
A time to make friends
Kick-off to the e-Passport World-Cup Germany
2006
48
E-PASSPORT INTEROPERABILITY TEST EVENT

• 29 MAY 1 JUNE 2006, BERLIN / GERMANY