Dec 20, 2017

In previous blog posts, we have provided an overview of the security mechanisms that are commonly found in ePassports, namely privacy, authenticity and clone detection mechanisms. This follow-up post focuses on the authenticity mechanism of ePassports and similar documents, called Passive Authentication. This mechanism has been standardised by ICAO in Document 9303. Passive Authentication is performed to determine whether the information stored on the passport is authentic. It does not protect the information against eavesdroppers, nor does it ensure that the sender of the information is currently in possession of the original passport. Respectively, privacy and clone detection mechanisms exist for that.

Passive Authentication

The implementation of Passive Authentication varies greatly between passports. The ICAO 9303 standard allows a wide variety of cryptographic algorithms, and different countries also use these in practice. Despite the many differences in the used algorithms, Passive Authentication is always based on the principle of digital signatures and uses a ‘chain of trust’. A country that issues ePassports constitutes a Country Signing Certificate Authority (CSCA), and issues one or more Country Signing Certificates. A Country Signing Certificate is used to cryptographically sign Document Signing Certificates, which in turn can be used to sign the contents of a passport. Consequently, the contents of a document may be considered authentic if signed using a Document Signing Certificate, which in turn has been signed by a trusted Country Signing Certificate.

Supporting all allowed varieties of cryptographic algorithms significantly complicates the development and testing of inspection systems like ReadID. Getting access to real or specimen documents for testing purposes is complicated, mainly due to the risk of these documents being used for identity fraud. Our technical team spends quite some time on testing, and we participate in interoperability events to test our software with identity documents that have not yet been issued, such as the recent EU eMRTD interop event (Sept 2017, Italy).

Country Signing Certificates: 4 questions

As explained above, Country Signing Certificates are at the top of the ‘chain of trust’, which makes them a crucial component for Passive Authentication. Below are the four most often asked questions related to such certificates.

1. Why are Country Signing Certificates important?
In short, the Country Signing Certificates determine which passports will pass Passive Authentication and which will fail: they are the ‘trust base’. Great care must be taken when including or excluding these certificates on the trusted list. For example, excluding a certificate will result in passports which have been signed using that certificate to be rejected by Passive Authentication.

2. Where do the Country Signing Certificates come from?
Several online databases of trustworthy Country Signing Certificates exist. For example, the French, German, Italian, Schengen, Swiss and Spanish CSCA master lists are published by each of these respective countries, specifying which certificates it considers trustworthy. Typically, the Country Signing certificates are obtained through diplomatic exchanges. ReadID is flexible in this regard and can work with any provided database. Our customers may deviate from these lists by adding or removing certificates at their own discretion. Currently, our showcase application in the Android Play store is equipped with the German list and our multi-tenant hosted (SaaS) solution uses a combination of several sources. Providing ReadID with a recent and correct list of trusted Country Signing Certificates is a continuous effort conducted by the ReadID team to the best of our efforts, as a service to our customers. We cannot, however, offer any guarantees to the completeness and correctness of our list, only transparency. Ultimately it is our customers who decide which certificates they trust.

3. Why are those masterlists incomplete?
Most but not all countries publish their Country Signing Certificate, which makes it impossible to perform Passive Authentication on the passports of the countries who do not do so. United Nation member states may participate in the Public Key Directory to share their Country Signing Certificates with other governments, but private companies are not allowed to participate. We consider this a missed opportunity, as many private companies may also benefit from a complete list of Country Signing Certificates and no information shared in the Public Key Directory needs to be secret. We also advocated this at an ICAO Technical Advisory Group on Traveller Identification Programme (TAG/TRIP), when invited to present at a New Technologies Work Group meeting last April. It should be noted that the Public Key Directory is far from being complete.

4. Why do we need Document Signing Certificates when you already have a trust base of Country Signing Certificates?
The simple answer is security. Whenever a certificate is used for signing, there is a risk of compromise. Additionally, most countries do not produce passports themselves. Instead, they often contract a supplier to produce them, possibly in more than one factory. These factories may potentially produce passports or other identification documents for other countries as well. To limit the probability of misuse of a Country Signing Certificate, the Document Signing Certificate has been included as an intermediate step. For example, Document Signing Certificates may be issued for a specific period of time to a single supplier, factory or any other entity. The impact of a compromised Document Signing Certificate is limited to the passports signed by that certificate, instead of all passports of a certain country.