|
 ABSTRACT
This paper is a security and privacy threat analysis of new Federal Information Processing Standard for Personal Identity Verification (FIPS PUB 201). It identifies some problems with the standard, and it proposes solutions to those problems, using standardized cryptographic techniques that are based on the Internet Key Exchange (IKE) protocol [16]. When the standard is viewed in the abstract, it seems to effectively provide security and privacy, because it uses strong cryptographic algorithms. However, when you examine the standard in the context of potential user scenarios regarding its use; security, privacy, and usability problems can be identified. User scenarios are employed to provide the context for the identification of these problems, and the technical solutions are described to address the issues raised.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
Application interface for smart cards used as secure signature creation devices - part 1: Basic requirements. CWA 14890-1, Comité Européen de Normalisation (CEN), Brussels, Belgium, March 2004. URL: ftp://ftp.cenorm.be/PUBLIC/CWAs/e-Europe/eSign/cwa14890-01-2004-Mar.pdf.
|
| |
2
|
Dan Bailey. Contactless threats to FIPS 201 systems. In Public Meeting Addressing Privacy and Policy Issues in a Common Identification Standard for Federal Employees and Contractors, Washington, DC, 19 January 2005. National Institute of Standards (NIST). URL: http://csrc.ncsl.nist.gov/piv-program/workshop-Jan 19-2005/Bailey.pdf.
|
| |
3
|
William C. Barker and Hildegard Ferraiolo. Codes for the identification of federal and federally assisted organizations. NIST Special Publication 800-87, Version 1.0, National Institute of Standards and Technology, Gaithersburg, MD, January 2006. URL: http://csrc.ncsl.nist.gov/publications/nistpubs/800-87/sp800-87-Final.pdf.
|
| |
4
|
David E. Bell and Leonard J. LaPadula. Computer security model: Unified exposition and multics interpretation. Technical Report ESD-TR-75-306, The MITRE Corporation, Bedford, MA, USA, HQ Electronic Systems Division, Hanscom AFB, MA, USA, June 1975.
|
| |
5
|
George W. Bush. Policy for a common identification standard for federal employees and contractors. Homeland Security Presidential Directive Hspd-12, The White House, Washington, DC, 27 August 2004, URL: http://csrc.nist.gov/policies/Presidential-Directive-Hspd-12.html.
|
| |
6
|
|
| |
7
|
Kurt Carlson. One American Must Die: A Hostage's Personal Account of the Hijacking of Flight 847. Congdon & Weed, 1986.
|
| |
8
|
Chipcards with digital signature application/function according to SigG and SigV - part 1: Application interface. DIN V66291-1, Secretariat: DIN Deutsches Institut für Normung e.V, Berlin, 15 December 1998.
|
| |
9
|
Chipcards with digital signature application/function according to SigG and SigV - part 4: Basic security services. DIN V66291-4, Secretariat: DIN Deutsches Institute für Normung e.V, Berlin, 17 October 2000.
|
| |
10
|
Development of a logical data structure (LDS) for optional capacity expansion technologies. LDS 1.7-2004-05-18, Revision 1.7, International Civil Aviation Organization, Montreal, Quebec, Canada, 18 May 2004. URL: http://www.icao.int/mrtd/download/technical.cfm.
|
| |
11
|
W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6):644--654, 1976.
|
| |
12
|
James F. Dray, Scott B. Guthery, and Teresa Schwarzhoff. Interfaces for personal identity verification. NIST Special Publication 800-73, National Institute of Standards and Technology, Gaithersburg, MD, April 2005. URL: http://csrc.ncsl.nist.gov/publications/nistpubs/800-73/SP800-73-Final.pdf.
|
| |
13
|
|
| |
14
|
J. H. Ellis. The story of non-secret encryption. Technical report, Communications-Electronics Security Group (CESG), Cheltenham, UK, 1987. URL: http://www.cesg.gov.uk/publications/media/nsecret/ellis.pdf.
|
| |
15
|
Yair Frankel, Amir Herzberg, Paul A. Karger, Hugo Krawczyk, Charles A. Kunzinger, and Moti Yung. Security issues in a CDPD wireless network. IEEE Personal Communications, 2(4):16--27, August 1995.
|
| |
16
|
D. Harkins and D. Carrel. The internet key exchange (IKE). RFC 2409, November 1998. URL: ftp://ftp.rfc-editor.org/in-notes/rfc2409.txt.
|
| |
17
|
Sari Horwitz and Michael Ruana. Sniper: Inside the Hunt for the Killers Who Terrorized the Nation. Random House, New York, 2003.
|
| |
18
|
Identification cards - contactless integrated circuit(s) cards - proximity cards - part 4: Transmission protocol. ISO/IEC 14443-4, International Standards Organization, Geneva, Switzerland, 2000.
|
| |
19
|
Information technology - identification cards - integrated circuit(s) cards with contacts - part 4: Inter-industry commands for interchange. ISO/IEC 7816-4, International Standards Organization, Genève, 1995.
|
| |
20
|
Information technology - security techniques - key management - part 3: Mechanisms using asymetric techniques. ISO/IEC 11770-3, International Organization for Standardization, Genève, 1 November 1999.
|
| |
21
|
|
| |
22
|
Dato' Mohd Jamal Kamdi. The Malaysian electronic passport. In Twelfth Meeting of the Facilitation Division, Cairo, Egypt, 22 March - 2 April 2004. International Civil Aviation Organization (ICAO). URL: http://www.icao.int/icao/en/atb/fal/fal12/presentations.htm.
|
| |
23
|
Paul A. Karger. FIPS PUB 201 security and privacy recommendations. Report RC23871 (W0501-049), IBM Corporation, Thomas J. Watson Research Center, Yorktown Heights, NY, 14 January 2005. URL: http://domino.watson.ibm.com/library/(CyberDig.nsf/Home.
|
| |
24
|
Paul A. Karger and Yair Frankel. Security and privacy threats to ITS. In Proceedings of the Second World Congress on Intelligent Transport Systems '95 Yokohama, volume V, pages 2452--2458, Yokohama, Japan, 9-11 November 1995. VERTIS: Vehicle, Road and Traffic Intelligence Society.
|
| |
25
|
Gaurav S. Kc and Paul A. Karger. Preventing attacks on machine readable travel documents (MRTDs). Report 2005/404, Cryptology ePrint Archive, 11 April 2006. URL: http://eprint.iacr.org/2005/404.pdf.
|
| |
26
|
Ziv Kfir and Avishai Wool. Security and privacy issues in e-passports. In First International Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm 2005), pages 47--58, Athens, Greece, 5-9 September 2005. URL: http://eprint.iacr.org/2005/052.
|
| |
27
|
Tom A. F. Kinneging. PKI for machine readable travel documents offering ICC read-only access. Version 1.1, International Civil Aviation Organization, Montreal, Quebec, Canada, 1 October 2004. URL: http://www.icao.int/mrtd/download/technical.cfm.
|
| |
28
|
Hugo Krawczyk. SIGMA: the 'SIGn-and-MAc' approach to authenticated diffie-hellman and its use in the IKE protocols. In Advances in Cryptology -- CRYPTO 2003 Proceesings, volume 2729 of Lecture Notes in Computer Science, pages 399--424, Santa Barbara, CA, 17-21 August 2003. Springer--Verlag.
|
| |
29
|
Susan Kumpf and Nora Russell. Getting the jump on fraud. Cellular Business, 9(10):24--26, October 1992.
|
| |
30
|
|
| |
31
|
Tsutomu Matsumoto, Hiroyuki Matsumoto, Koji Yamada, and Satoshi Hoshino. Impact of artificial "gummy" fingers on fingerprint systems. Proceedings of the SPIE, Optical Security and Counterfeit Deterrence Techniques IV, 4677:275--289, 24-25 January 2002. URL: http://cryptome.org/gummy.htm.
|
| |
32
|
Personal identity verification (PIV) for federal employees and contractors: Public draft. FIPS PUB 201, National Institute of Standards and Technology (NIST), Gaithersburg, MD, 8 November 2004. URL: http://csrc.nist.gov/publications/drafts/draft-FIPS_201-110804-publicl.pdf.
|
| |
33
|
Personal identity verification (PIV) for federal employees and contractors. FIPS PUB 201, National Institute of Standards and Technology (NIST), Gaithersburg, MD, 25 February 2005. URL: http://csrc.ncsl.nist.gov/publications/fips/fips201/FIPS-201-022505.pdf.
|
| |
34
|
W. Timothy Polk, Donna F. Dodson, and William E. Burr. Cryptographic algorithms and key sizes for personal identity verification. NIST Special Publication 800--78, National Institute of Standards and Technology, Gaithersburg, MD, April 2005. URL: http://csrc.ncsl.nist.gov/publications/nistpubs/800-78/sp800-78-final.pdf.
|
| |
35
|
Prime item product function specification for magnetic stripe credentials (MSC). SEIWG 012, U.S. Department of Defense, Security Enterprise Integration Working Group (SEIWG), Washington, DC, 28 February 1994.
|
| |
36
|
RFID tags and contactless smart card technology: Comparing and contrasting applications and capabilities. Technical report, Smart Card Alliance, Princeton Junction, NJ, 17 December 2004. URL: http://www.smartcardalliance.org/pdf/alliance_activities/rfidvscontactless_final_121704.pdf.
|
| |
37
|
RFID tags, contactless smart card technology and electronic passports: Frequently asked questions. Technical report, Smart Card Alliance, Princeton Junction, NJ, 3 January 2005. URL: http://www.smartcardalliance.org/pdf/alliance_activities/RFID_Contactless_Smart_Cards_FAQ_FINAL_010305.pdf.
|
| |
38
|
Helmut Scherzer, Ran Canetti, Paul A. Karger, Hugo Krawczyk, Tal Rabin, and David C. Toll. Authenticating mandatory access controls and preserving privacy for a high-assurance smart card. In 8th European Symposium on Research in Computer Security (ESORICS 2003), pages 181--200, Gjøvik, Norway, 13--15 October 2003. Lecture Notes in Computer Science, Vol. 2808, Springer Verlag.
|
| |
39
|
Technical implementation guidance: Smart card enabled physical access control systems. Version 2.2, Physical Access Interagency Interoperability Working Group, Government Smart Card Interagency Advisory Board, Washington, DC, 30 July 2004. URL: http://www.smart.gov/information/TIG_SCEPACS_v2.2.pdf.
|
| |
40
|
Lisa Thalheim, Jan Krissler, and Peter-Michael Ziegler. Body check: Biometric access protection devices and their programs put to the test. c't - magazin für computertechnik, page 114, November 2002. URL: http://www.heise.de/ct/english/02/11/114/.
|
| |
41
|
M. J. Williamson. Thoughts on cheaper non-secret encryption. Technical report, Communications-Electronics Security Group (CESG), Cheltenham, UK, 10 August 1976. URL: http://www.cesg.gov.uk/publications/media/nsecret/cheapnse.pdf.
|
| |
42
|
Marc Witteman. Attacks on digital passports. In What the Hack, Liempde, near Den Bosch, The Netherlands. URL: http://wiki.whatthehack.org/index.php/Track:Attacks_on_Digital_Passports.
|
| |
43
|
Junko Yoshida. Tests reveal e-passport security flaw. Electronic Engineering Times, (1336):1, 30 August 2004. URL: http://www.eetimes.com/news/latest/showArticle.jhtml?articleID=45400010.
|
| |
44
|
Kim Zetter. Feds rethinking RFID passport. Wired News, 26 April 2005. URL: http://www.wired.com/news/privacy/0,1848,67333,00.html.
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
C.3