Upload
buidien
View
229
Download
0
Embed Size (px)
Citation preview
ICAO / LACAC Regional Seminar ICAO / LACAC Regional Seminar Montevideo 7th & 8th July 2010Montevideo 7th & 8th July 2010
ICAO MRTD Standards & Security FeaturesSecurity Features
PresenterM l l C thb tMalcolm Cuthbertson
ISOMRTD Symposium
ICAO Headquarters, Montréal6 – 7 September 2006 1
AgendaAgendaAgendaAgenda
Overview of ICAO StandardsOverview of ICAO StandardsSecurity features of MRTDsBalance between:
Document SecurityDocument SecurityIdentity fraud
ConclusionsConclusions
3
Evolution of MRTDEvolution of MRTDEvolution of MRTDEvolution of MRTDAnnex 9 to the Chicago convention of 19441968 ICAO start work on MRTD standards1968 - ICAO start work on MRTD standards.1980 – First edition of Doc 9303Fi t MRP i d i 1981First MRP issued in 1981Standards evolved over nearly 3 decadesBalance between facilitation and securityCultural considerations:
TransliterationFlexibility in VIZ
4
y
First introduction of ePassport 2004
VIZ – zone location optionsVIZ – zone location optionsVIZ zone location optionsVIZ zone location options
5
MRTD - DriversMRTD - Drivers
ICAO requirement: MRP b A il 2010MRP by April 2010All non MRPs expire before 24th Nov 20152015
US Visa Waiver requirements:ePassports by Oct 2006
EU Requirements:U equ e e tsE-MRP (face) by 28th Aug 2006E-MRP to include finger by May of 2009
6
E-MRP to include finger by May of 2009
ICAO 9303 – StatusICAO 9303 – Status
Structure of Document
Part 2 Part 3Part 1Visa ID cardsPassports
Volume 1 Volume 2 Volume 1 Volume 2
MRPw/oadd.
storage
MRP w/ expansion
of data storage
MRTD w/oadd.
storage
MRTD w/ expansion
of data storagestorage storage
capacity
6th edition 2006 3rd edition 2005 3rd edition tbr
storage storage capacity
7
MRZ – OCR-BMRZ – OCR-BMRZ OCR BMRZ OCR B
document
country code
primary & secondarydocumenttype
primary & secondaryidentifiers (names) filler characters
passportnumber
nationality sex optional data check digitsnumber
date ofbirth
date of expiry
9
Chapter 3. of Annex 9Chapter 3. of Annex 9Chapter 3. of Annex 9 Chapter 3. of Annex 9 Contracting States:
Shall not extend the validity of their MRTDsShall not extend the validity of their MRTDsShall issue a separate passport to each person, regardless of ageValidity. At least 5 years. Not more than 10 yrsShall begin issuing only MRPs no later than 1 April 2010April 2010Shall make provision for encoded data to be revealed to the holder of the documentNon MR passports issued after 24 Nov 2005 shall ensure that the expiration date falls before 24 Nov 2015. After 2015 all passports in
10
circulation must be MRP
“One person one passport”A 9 Chi C i
“One person one passport”A 9 Chi C iAnnex 9 to Chicago ConventionAnnex 9 to Chicago Convention
11
ICAO BlueprintICAO BlueprintICAO BlueprintICAO Blueprint
Facial imageFacial imageFinger PrintIris
RF Chip (min 32K)p ( )LDSPKIPKI
13
Planning for Introduction of P
Planning for Introduction of PePassportsePassports
Central or decentralised issuinggPersonalisation technology – location of chipEmbassy issue - repatriationEmergency issue - ETDsValidity of ePassports – 5 or 10 yearsImage capture - LiveSecond biometric - EUWaste levels – cost
14
Level of security
MRP SummaryMRP SummaryMRP SummaryMRP Summary
169 out of 190 countries issuing169 out of 190 countries issuing MRPs21 countries still not issuing MRPs10 of these 21 countries have10 of these 21 countries have tenders or contracts in placeICAO requirement for all countriesICAO requirement for all countries to issue MRPs by 1st April 2010N MRP ft 2015
15
No non MRPs after 2015
ePassport Summary2010
ePassport Summary201020102010
Over 70 countries issuingOver 70 countries issuing ePassports out of 191 73 illi P t i d h73 million ePassports issued each year out of a total of 120 millionNo ICAO requirement for countries to issue ePassportsp
16
Security featuresSecurity featuresSecurity featuresSecurity features
Security must be multi layer and theSecurity must be multi-layer and the most important are the level 1 f tfeaturesThe security features need to protect the holder’s photographImportant not to obstruct the MRZImportant not to obstruct the MRZePassports & biometrics just another security feature
17
another security feature
Data page – under pressureData page – under pressureData page under pressureData page under pressure
It must provide protection againstIt must provide protection against counterfeit and fraud, especially from desk-top publishingtop publishing
18
Page layout & picture outlinePage layout & picture outlinePage layout & picture outlinePage layout & picture outline
20
Machine Assisted Document S i V ifi i
Machine Assisted Document S i V ifi iSecurity VerificationSecurity Verification
ICAO NTWG paper on subjectICAO NTWG paper on subjectA structure feature
hologram or DOVIDA substance featureA substance feature
Inks / fibres etcA data featureA data feature
Digital security - Steganography
26
VIZ – zone location optionsVIZ – zone location optionsVIZ zone location optionsVIZ zone location options
29
ThreatThreatThreatThreatCriminals will always pick the weakest link:weakest link:
Document securityI i dIssuing proceduresFalse identity
Threat changes as technologies & procedures developp pThreat varies from country to country
31
country
Balance between Document SecurityBalance between
Document SecurityDocument Security & Identity Theft
Document Security & Identity Theft
Doc ment fra d Identit theftDocument fraudFraudulent
lt ti
Identity theftFraudulently
i d TDalterationCounterfeit
acquired TDsIdentity theftLook alike
32
All Component Parts must be All Component Parts must be Mutually SupportingMutually Supporting
C t f it
Legacy
IssuingSystem
Counterfeit
Legacy
Border BiometricsETDs
Control
FraudPKIIdentity theft
33
Identity FraudIdentity FraudIdentity FraudIdentity FraudThreat
40,000,000 births go unrecorded p.a.Breeder documents. US birth certsLack of secure issuing proceduresInternal fraudPoor training of border control officersLinking of databases. Births & deathsLinking of databases. Births & deathsLack of readersHighly secure MRTDs
34
Highly secure MRTDs
ICAO Doc 9303ICAO Doc 9303ICAO Doc 9303ICAO Doc 9303Informative appendix 1 to sect III
Security standards for MRTDsInformative appendix 2 to sect IIIpp
Machine assisted document verification
Informative appendix 3 to sect IIIThe prevention of fraud associatedThe prevention of fraud associated with the issuance processOriginated from a G8 paper
35
Originated from a G8 paper
Internal FraudInternal FraudInternal FraudInternal Fraud
Secure & centralised issuingSecure & centralised issuing processLimit the number of officers who can grant authorityMake officers accountableNo one person can issue aNo one person can issue a passportA dit t il
36
Audit trail
SummarySummarySummary Summary ePassport most secure ever
Not many readers deployedDoes not prove identity but seals IDNot many ePassports protected by PKI security
National identity managementEstablish “Evidence of Identity”Establish Evidence of IdentityConfirm citizenshipAssess entitlement
37
Assess entitlement
Forgery Detections by Forgery CategoryUK B d C nt l 2007UK Border Control 2007
21%
19%
19%21% 19%
0.03%
1%
16%10%3%3%3%
2%
1%1%1%
1%
Impersonation (21%) Sub Photo Only (19%) Sub Bio Data Page (19%)
Counterfeit (16%) Fraudulently Obtained (10%) Stolen Blank (3%)Counterfeit (16%) Fraudulently Obtained (10%) Stolen Blank (3%)
Falsified UK Stamp (3%) Falsified UK Visa (3%) Falsified Other Stamp (2%)
Alt Details (1%) Falsified Other Visa (1%) Sub Page (1%)
Mutilated (1%) Pseudo Passport (<1%)
38
Statistics 2007Statistics 2007Statistics 2007Statistics 2007ID Fraud.
Impersonations: 21%Fraudulently obtained 10%
Total 31%Document fraudDocument fraud
Counterfeit of document.16%Photo sub 19%Photo sub. 19%Counterfeit of bio data page. 19%
39
Total: 54% Others 15%
Stats from Sept 2009Stats from Sept 2009Stats from Sept 2009Stats from Sept 2009
Remainder Imposters / Look alike
Imposters / Look alike48%
RemainderCounterfeit/fraudulent
alteration etc29%
Imposters / Look alike
Fraudulently obtained
Fraudulently obtained23%
RemainderCounterfeit/fraudulentalteration etc
40
Shift to Identity FraudS i i S 2009
Shift to Identity FraudS i i S 2009Statistics Sept 2009Statistics Sept 2009
ID FraudID Fraud48% Imposters & Lookalikes23 % Fraudulently obtained
Total: 71%
Document fraud & otherTotal 29%%
41
Threat constantly changingThreat constantly changingThreat constantly changingThreat constantly changing
counterfeit IssuingLegacy System
BorderControl
ETDsBiometrics
FraudPKIIdentity theft
Control Biometrics
42
Biometrics in Issue Process as ll i D
Biometrics in Issue Process as ll i Dwell as in Documentwell as in Document
43
BiometricsBiometricsBiometricsBiometrics
Biometrics will help to solve IdentityBiometrics will help to solve Identity fraud, lookalikes & impostersBiometrics will not prove an identity but will seal an identityePassports just another security featurefeature
44
Thank you for your attentionThank you for your attention
Malcolm CuthbertsonISOTel: +44 (0)1256 605047Email: [email protected]
45
Identity TheftIntegrity of the IssuingIntegrity of the Issuing
procedures
MRTD SymposiumICAO Headquarters, Montréal
6 – 7 September 2006 48
ePassport SummaryePassport SummaryePassport SummaryePassport Summary
2007 38 t i i i P t2007 - 38 countries were issuing ePassports
Volume 56 million p.a. out of total of 101 million
2008 - An additional 15 countries with an additional volume of 23 million ePassports being issued by the end of 2008
Total of 53 countries out of 189Total of 53 countries out of 189
Total Annual volume 79 million out of 101 million
49
Shift from Fraudulent Alteration of Travel Doc to Identity Fraud
Shift from Fraudulent Alteration of Travel Doc to Identity FraudTravel Doc to Identity Fraud Travel Doc to Identity Fraud
Is this correct?Is this correct?Is it a global phenomenon?If so, when did it occur?Why did it occur?Why did it occur?What affect does it have?
50
ICAO standardsICAO standardsICAO standardsICAO standards
ICAO DOCUMENT 9303 (P t 1 3)ICAO DOCUMENT 9303 (Parts 1-3), Family of MRTDs:
Part 1: Machine Readable Passports (MRPs)Part 2: Machine Readable Visas (MRVs)Part 3: Official Travel Documents (cards)
51
Advances in Personalisation T h l i 1990
Advances in Personalisation T h l i 1990Technologies 1990sTechnologies 1990s
Improvement in digital printers:Incorporation of digital images
Moving data page away from coverg p g yIncorporating bank note featuresIntrod ction of laser engra ing &Introduction of laser engraving & polycarbonate data pagesInk jet printersMove to MRP – all bio data on one
52
Move to MRP all bio data on one page
Centralised v DecentralisedC id i
Centralised v DecentralisedC id iConsiderationsConsiderations
Centralised DecentralisedGood security
Less expensive
Security issuesMovement of blanks
Less equipment
Poor customer
More difficult audit trailMonitoring staff
service
Embassy issueCost
equipment cost
Emergency issue
Possible political
staff costaccommodation costs
Good customer
53
pconstraints
Good customer service
Advances in Document SecurityAdvances in Document SecurityAdvances in Document SecurityAdvances in Document Security1980s: Intro of MRP - Photo sub1990s:
Digital image replacing stuck-in photog g p g pMembrane laminatesDOVIDs / OVIDOVIDs / OVIMove of data page away from coverDigital securityDigital security
2000s: Biometrics & ePassports
54
Document fraud in 1980sDocument fraud in 1980sDocument fraud in 1980sDocument fraud in 1980s
St ck in photosStuck in photosPhoto substitutionThick & insecure laminatesData pages on coverData pages on coverHand infilled / impact printersOnly seven countries issuing MRPs
55
Identity Fraud- 2000sIdentity Fraud- 2000sInternal fraudLost & stolen – look alikeLost & stolen look alikeBreeder documentsR lRenewalsETDsLegacy books. 10 yrs to 5yr validityPoliticalPolitical
Break up of USSR F il d St t
56
Failed States
Identity Theft in 1980sIdentity Theft in 1980sIdentity Theft in 1980sIdentity Theft in 1980s
Few national data basesFew national data basesBirths & deaths not linked
The day of the JackalInsecure breeder documentsInsecure breeder documentsEase of assuming an identity
Threat differed from region to regionThreat differed from region to region
57
Recent Improvements in Issue P d
Recent Improvements in Issue P dProceduresProcedures
Increased use of data bases:Increased use of data bases:Linking births & deathsLinking of government data bases
Legal issues / data protectionLegal issues / data protectionSocial footprint - InterviewsU f bi t i t tUse of biometrics to prevent multiple applications
58
Automation of biometric checks
Historical BackgroundHistorical BackgroundHistorical BackgroundHistorical Background
1980s1980sStuck in photosDevelopment of MRPs
1990sDigital imaging of photoImproved data basingImproved data basing
2000sP t
59
ePassports