• Programme
• Writing talks and theses
• Theses topics
• Teaching
  • Winter 2017
  • Summer 2017
  • IPEC Winter 2017
  • Winter 2016/2017
  • IPEC Summer 2016
  • Summer 2016
  • IPEC Winter 2016
  • Winter 2015/2016
  • IPEC Summer 2015
  • Summer 2015
  • IPEC Winter 2015
  • Winter 2014/2015
  • IPEC Summer 2014
  • Summer 2014
  • IPEC Winter 2014
  • Winter 2013/2014
  • IPEC Summer 2013
  • Summer 2013
  • IPEC Winter 2013
  • Winter 2012/2013
  • IPEC Summer 2012
  • Summer 2012
  • IPEC Winter 2012
  • Winter 2011/2012
  • IPEC Summer 2011
  • Summer 2011
  • IPEC Winter 2011
  • Winter 2010/2011
  • IPEC Summer 2010
  • Summer 2010
  • IPEC Winter 2010
  • Winter 2009/2010
  • IPEC Summer 2009
  • Summer 2009
  • IPEC Winter 2009
  • Winter 2008/2009
  • IPEC Summer 2008
  • Summer 2008
  • IPEC Winter 2008
  • Winter 2007/2008
  • IPEC Summer 2007
  • Summer 2007
  • IPEC Winter 2007
  • Winter 2006/2007
  • Cryptography
  • Electronic passports & biometrics
  • Securing e-commerce
  • Seminar Computer Security
  • Graduate Seminar Advances in Elliptic Curve Cryptography
  • Oberseminar Computer Security, Winter 2006/07
  • IPEC Summer 2006
  • Summer 2006
  • IPEC Winter 2006
  • Winter 2005/2006
• Special events
• crypt@b-it
• Schüler-Krypto

Electronic passports & biometrics

Responsible

Prof. Dr. Joachim von zur Gathen

Lecture

Michael Nüsken

Time & Place

Tuesday, 12¹⁵-13⁴⁵, b-it 2.1.
Thursday, 17³⁰-19⁰⁰, Cafete (Tutorial).

First meeting: 31 October.
Special session: Thursday, 30 November 2006, 17³⁰ -19⁰⁰, Rheinsaal.
Preda Mihailescu , Techniques, Applications and Challenges in Biometric Recognition.
Pre-exam session: Wednesday, 28 February 2007, 14⁰⁰, bitmax.
Exam: Friday, 02 March 2007, 10⁰⁰-12^xx, b-it bitmax. (More details see below.)
Post-exam session: ?? March 2007, 14⁰⁰ , ??.

Prerequisites

None. Basic knowledge in cryptography might be helpful, as for example the parallel course Cryptography. Yet, this is not required.

Contents

Passports shall carry more and more sensitive information in a easily accessible way in the future. This information may, apart from name, origin and the like, contain fingerprints or retina scans. And it is stored in electronic form, and it can be accessed by wireless transmissions. This raises a lot of new problems:

• The passport holder cannot immediately control the contents of the stored information.
• Unauthorized eavesdroppers might be able to gather or actively read information from the passport unnoticed. So one could think that identifying a certain person passing at a certain place, or tracking her path through a department store might be possible.
• Personal rights of a person are touched when acquiring and storing biometric information.

The course will try to give an overview what and how things are implemented. We will discuss the concerns of and threats to holders, society and government. Biometrical information has long been used to identify persons. Already, in 1901 Scotland Yard started to use fingerprints to identify criminals. Since then various other methods have been introduced: iris scan, face recognition, retina scans, hand geometry to name just the most prominent. Since about 1965 people have tried to automate all these identification methods. This has shown many difficulties. It is still not clear which information identify a person: for example, though it is widely believed that fingerprints do, only few scientific studies are available. And it turns out to be pretty difficult to find a reliable automatic pattern matcher. Mind that it is not like searching a given fixed string in a dictionary. You have to find the template(s) that are most similar to a given one, or tell that there is none within given bounds.

Material

Lecture notes:

All slides: PDF (~10MB).
Gabor filter worksheet (MuPAD notebook, PDF)

Exercises:

• Sheet 1 (PDF).
• Sheet 2 (PDF).
• Sheet 3 (PDF).
• Sheet 4 (PDF).
• Sheet 5 (PDF).
• Sheet 6 (PDF).
• Sheet 7 (PDF).
• Sheet 8 (PDF).
• Sheet 9 (PDF). (Now including 9.2(v).)
• Sheet 10 (PDF).
• Sheet 11 (PDF).

Exam

The exam takes approximately two hours. You should bring a pocket calculator (not programmable and without modular arithmetic or computer algebra software) and you should prepare a cheat sheet, ie. one A4 sheet written in your own handwriting.

Literature

• Tom A. F. Kinneging for ICAO-NTWG, PKI Taske Force (2004). Machine Readable Travel Documents - Technical Report - PKI for Machine Readable Travel Documents offering ICC Read-Only Access. Version 1.1. International Civil Aviation Organization. ( PDF 410KB)
  This document describes the details of the public-key infrastructure and also the cryptographically relevant parts of the communication protocol between the custom's reader (interface device, IFD) and the contactless chip in the electronic passport (integrated circuit chip, ICC).
• International Civil Aviation Organization (2004). Development of a logical data structure LDS for optional capacity expansion technologies. Revision -1.7, 18 may 2004. International Civil Aviation Organization. ( PDF , 684KB)
  This document contains the description of the data to be handled by electronic passports. In particular, a structure for storing it is described. Tons of details!
• Bundesamt für Sicherheit in der Informationstechnik (2005). Protection Profile. Machine Readable Travel Document with "ICAO Application", Basic Access Control. Version 1.0. Certification Report. BSI-PP-0017-2005. ( PDF , ??MB).
  Bundesamt für Sicherheit in der Informationstechnik (2005). Common Criteria Protection Profile. Machine Readable Travel Document with "ICAO Application", Basic Access Control. Version 1.0. BSI-PP-0017. ( PDF , 1.8MB)
  This document is an evaluation of the electronic passport excluding biometrics. In particular, lifecycle and cryptographic functionality are examined. The second (containing all the technical information) is an annex to the first.
• International Civil Aviation Organization (2006). Doc 9303 .
  This ICAO document specifies international rules for machine readable travel documents. See ICAO MRTD . It's only available from ICAO directly and the relevant Part 1 costs $123 (both volumes).
• ISO 7501.
  The ISO 7501 adopts the ICAO document 9303 which specifies all kinds of identity documents, in particular the electronic passport. (It merely states that the ICAO Document 9303 is adopted.)
• ISO 7810. See Wikipedia .
  This standard defines "skins" for various types of identity documents. It's not really relevant to us. Only it comes up again and again if you ask english Wikipedia for MRTD.
• FIPS 186-2 + change notice (2000 January 27), NIST.
  This document describes the digital signature algorithm (DSA) and its variant ECDSA. As appendix 3 it contains a section on the generation of random numbers. This is mentioned in connection with FCS_RND.1 several times.

  ---

• Fingerprint Patterns
  First simple description with good pictures.
• Taking Legible Fingerprints (FBI), Statewide Fingerprint Imaging System (State of California), Fingerprinting analysis (The Forensic Science Project).
  Some pages that all describe fingerprint patterns.
• NCIC FPC (Fingerprint Classification) , NCIC Fingerprint Codes .
  These refers to a fingerprint classification system used by the FBI, which is based on the Henry classification.
• Distribution of NCIC FPC Including 17'951'192 Males , 4'313'521 Females .
  This is a statistics about the distribution of fingerprints in a large criminal file maintained by the FBI according to a system based on the Henry classification.
• Spiegel Online (2007/01/27). Mit dem Leichenfinger an der Banktür .
  N-TV (2007/01/28). Abdruck hinterlassen: Überfall mit Leichenfinger .
  A report about a successful `hack' of a not life-detecting fingerprint identifiaction system. Prior incident:
  L'informazione di San Marino (2007/01/10). Sventata rapina? Sospetto messo in fuga dal computer dell’istituto . ( Google translation. )

  ---

• The U.S. Electronic Passport .
• The biometrics catalog .
• European Biometrics Portal .
• International Civil Aviation Organisation .
• Bundesamt für Sicherheit in der Informationstechnik .
• Bundesdruckerei (German Federal Print Office).

  ---

• OpenMRTD
  The OpenMRTD.org project tries to provide a Free Software (sometimes referred to as Open Source) toolset around the new electronic passports. Technically speaking, it wants to provide access to ICAO compliant MRTDs (Machine Readable Travel Documents).

  ---

• Jöran Beel & Bela Gipp (2005). ePass - der neue biometrische Reisepass. Shaker, ISBN 3832246932.
• James Wayman, Anil Jain, Davide Maltoni, Dario Maio (Eds.) (2005). Biometric Systems. Springer, ISBN 1-85233-596-3.
• Anil K. Jain, Ruud Bolle & Sharath Pankanti (Eds.) (1996). Biometrics. Personal Identification in Networked Society. Kluwer, ISBN 0-7923-8345-1, 0387285393.

Allocation

Media Informatics, Computer and Communication Technology.
University of Bonn - Computer Science, A.