1 / 0

Security of eGovernment , European Parliament, Brussels 2013 Max Snijder, Linda Kool, Geert Munnichs

19 February 2013. Findings from the ePassport study. Security of eGovernment , European Parliament, Brussels 2013 Max Snijder, Linda Kool, Geert Munnichs. L Kool | 1. EU R egulation. Regulation EC No 2252/2004: facial image in passport Amendment EC No 444/2009: 2 fingerprints

yoshi
Télécharger la présentation

Security of eGovernment , European Parliament, Brussels 2013 Max Snijder, Linda Kool, Geert Munnichs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 19 February 2013 Findings from the ePassport study Security of eGovernment, European Parliament, Brussels 2013 Max Snijder, Linda Kool, Geert Munnichs L Kool | 1
  2. EU Regulation RegulationEC No 2252/2004: facial image in passport Amendment EC No 444/2009: 2 fingerprints Objective: Enhance harmonized security standards for passports to protect against falsification Combat fraud by strengthening link between passport and legitimate holder of passport L Kool | ePassport
  3. Biometric systems Identifyindividualbased on physicalcharacteristics Digital image of physicalidentifier is comparedto a stored digital template System calculates match between ‘stored’ and ‘live’ image: probability score Lowerquality images  lowerprobability score  biometric data is lessusable L Kool | ePassport
  4. Security challenges – Chip Facial image and personal information is protected via encryption (Basic Access Control) Onlypreventsimple skimming attacks Fingerprints are secured via strongerencryption (Extended Access Control) National keysnotdistributedadequately: complex andrequires trust between MS Fingerprintscurrentlynotusedfor border control throughout EU L Kool | ePassport
  5. Security challenges - Issuance No quality requirements for biometric images Low quality images could be stored in passport No EU standardsforissuance procedures Many MS don’t use live pictures although they are more reliable Quality of captured images depend on skills of personnel, but onlySlovenia has certified personnel Risk of storage of wrong fingerprints or look a like pictures Threatens security of passport verification and overall security of border control L Kool | ePassport
  6. Interoperabilitychallenges Technical interoperability: Existsfor facial image + personal information but regularfailures in reading this information Existsalsoforfingerprints, but, in practice non-interoperabilityduetodifficultkey exchange Productsandcomponents: MS have different vendorscausinginteroperabilityproblems No independent test andcertification criteria in EU exist L Kool | ePassport
  7. Privacy and data protectionchallenges Biometric data is sensitive personal data, risks of security breachandidentitytheft Function creep: central databases for law enforcement Biometric data taken for ePassport is not of sufficient quality for law enforcement Procedures forcitizensforcorrectingerrorsnotaddressedby EC/2252/2004; Data protectiondirective (95/46/EC) is implementeddifferentlyby MS Citizens have limited (legal) power to correct mistakes L Kool | ePassport
  8. Usabilitychallenges Someindividualscan’tbeenrolled in the system  needforalternativestonotexcludethisgroup High quality images take time andcauseinconvenienceforcitizens High usabilityseems at oddswith high security L Kool | ePassport
  9. Conclusions – Lifecycleperspective Decisionphase: High politicalambitionstoraise the security level of border control Underestimatingtechnical & practical implications of biometrics Resulted in inadequate legislation at EU level with no criteria for: Quality of biometric images, issuanceprocess, testingandcertificationschemes Design & operationphase: Different implementations in MS compromisesEU’sambition secure biometric system for border control L Kool | ePassport
  10. Policy challenges Develop uniform standardsfor quality of biometric images, issuanceprocess & testingandcertificationschemes Improve security andinteroperability of ePassport Improve procedures forredressforcitizens Different requirements at oddswitheachother: Rethinkwhat the mainobjectives are forthisbiometric system L Kool | ePassport
  11. Thankyouforyour attention! Thanksto Max Snijder (European Biometrics Group), Geert Munnichs (RathenauInstitute) andinterviewed experts L Kool | ePassport
  12. Back–up: Country studies Different nationalimplementations, different quality levels and different operating procedures  highertolerancetolowerthresholdsthroughout EU Germany: pro-active approach, developingstandards, conducting pilots. OnlyCzechRepublicand Norway take facial images ‘live’ during the applicationprocess Operating personnel is trained for capturing biometric data, but some countries certify their personnel No biometricverification takes place at issuance L Kool | ePassport
More Related