• Programme
• Writing talks and theses
• Theses topics
• Teaching
  • Winter 2017
  • Summer 2017
  • IPEC Winter 2017
  • Winter 2016/2017
  • IPEC Summer 2016
  • Summer 2016
  • IPEC Winter 2016
  • Winter 2015/2016
  • IPEC Summer 2015
  • Summer 2015
  • IPEC Winter 2015
  • Winter 2014/2015
  • IPEC Summer 2014
  • Summer 2014
  • IPEC Winter 2014
  • Winter 2013/2014
  • IPEC Summer 2013
  • Summer 2013
  • IPEC Winter 2013
  • Winter 2012/2013
  • IPEC Summer 2012
  • Summer 2012
  • IPEC Winter 2012
  • Winter 2011/2012
  • IPEC Summer 2011
  • Summer 2011
  • IPEC Winter 2011
  • Winter 2010/2011
  • IPEC Summer 2010
  • Summer 2010
  • IPEC Winter 2010
  • Winter 2009/2010
  • IPEC Summer 2009
  • Summer 2009
  • Heads and tails
  • Cryptographic passports & biometrics
  • Seminar Secure Internet Protocols
  • Seminar Advanced Topics in Cryptography
  • Oberseminar Computer Security, Summer 2009
  • IPEC Winter 2009
  • Winter 2008/2009
  • IPEC Summer 2008
  • Summer 2008
  • IPEC Winter 2008
  • Winter 2007/2008
  • IPEC Summer 2007
  • Summer 2007
  • IPEC Winter 2007
  • Winter 2006/2007
  • IPEC Summer 2006
  • Summer 2006
  • IPEC Winter 2006
  • Winter 2005/2006
• Special events
• crypt@b-it
• Schüler-Krypto

Cryptographic passports & biometrics

Corresponding entry in Aachen Campus, Bonn University (Lecture, Tutorial).

Responsible

Prof. Dr. Joachim von zur Gathen

Lecture

Michael Nüsken

Tutorial

Konstantin Ziegler

Time & Place

• Tuesday, 13³⁰-15⁰⁰, b-it bitmax
• Wednesday, 13³⁰-15⁰⁰, b-it bitmax
• Tutorial : Tuesday, 15¹⁵-16⁴⁵, b-it bitmax

Exam

Pre-exam meeting: 18 August 2009, 11⁰⁰, b-it cafeteria.

The exam will be on

• 26 August 2009 in the time between 10⁰⁰ and 13⁰⁰ o'clock in b-it Rheinsaal.

  There was a post-exam meeting on 31 August 2009, 14⁰⁰ in the b-it cafeteria. At this occasion you could also review our ranking of your exam.

The make-up exam will be on

• 16 October 2009 in the time between 9⁰⁰ and 12⁰⁰ o'clock in b-it 2.1.

For a post-exam meeting arrange an appointment to review our ranking of your exam.

Links & Literature

• ICAO, Machine Readable Travel Documents: PKI for Machine Readable Travel Documents offering ICC Read-Only Access, Veresion 1.1 pdf
• BSI, Technical Guideline: Advanced Security Mechanisms for Machine Readable Travel Documents -- Extended Access Control (EAC), Version 1.11 pdf
• Why ICAO selected the face as primary biometric identifier specified to epassports, on p. 16-17 in this pdf
• For ICAO Doc 9303 Part 1, Volume 2, sixth edition you might try a suitable search engine with a string like "icao doc 9303 part1 volume2
• Bundesamt für Sicherheit in der Informationstechnik, Technical Guideline TR-03110 Advanced Security Mechanisms for Machine Readable Travel Documents, Version 2.01 pdf
• Fingerprint Patterns
  First simple description with good pictures.
• Taking Legible Fingerprints (FBI), Statewide Fingerprint Imaging System (State of California), Fingerprinting analysis (The Forensic Science Project).
  Some pages that all describe fingerprint patterns.
• NCIC FPC (Fingerprint Classification) , NCIC Fingerprint Codes .
  These refers to a fingerprint classification system used by the FBI, which is based on the Henry classification.
• Distribution of NCIC FPC Including 17'951'192 Males , 4'313'521 Females .
  This is a statistics about the distribution of fingerprints in a large criminal file maintained by the FBI according to a system based on the Henry classification.
• Division of Health Improvement, Fingerprint Techniques Manual (PDF).
• James Wayman, Anil Jain, Davide Maltoni, Dario Maio (Eds.) (2005). Biometric Systems. Springer, ISBN 1-85233-596-3.

Notes and exercises

The lecture notes (PDF) contain all slides, the white board on the PKI and the white board picture from the preexam session. (Only the two additional pages: PDF.) However, some information can only be found in Doc 9303 and related documentation. A good basis for the biometrics is chapter 2 in the book Wayman et. al. (2005).

• Exercise 1: pdf, due monday, 20 April 2009.
• Exercise 2: pdf, due monday, 27 April 2009.
• Exercise 3: pdf, due monday, 11 May 2009.
  
• Exercise 4: pdf, due monday, 18 May 2009.
• Exercise 5: pdf, due monday, 25 May 2009.
• Exercise 6: pdf, due monday, 8 June 2009.
• Exercise 7: pdf, due monday, 15 June 2009.
• Exercise 8: pdf, due monday, 22 June 2009.
• Exercise 9: pdf, due monday, 29 June 2009.
• Exercise 10: pdf, due monday, 06 July 2009.
• Exercise 11: pdf, due monday, 13 July 2009.
• Exercise 12: pdf, due monday, 20 July 2009.

Excursion

On Monday, 27 April 2009, we have the unique opportunity to visit the Eurocrypt 2009.

We will meet at 8⁴⁵ in the morning in the Martim Hotel Cologne at Heumarkt 20, 50667 Cologne. As I do not yet know the location: our meeting point is in front of the room where the first lecture takes place, leftmost rear entry. Travel information can be found on the conference's website.

Note that the first talk starts at 9⁰⁰, so please be on time.

Possible connections to get there:

• 07⁵³ Bonn Hbf --RB11206--> Köln Hbf 08²²,
  1 km walk to Hotel Maritim
• 07⁵³ Bonn Hbf --RB11206--> Köln Süd 08¹⁴,
  08¹⁹ Dasselstr./Südbahnhof, Köln --STR9--> Köln, Heumarkt 08²⁸

Allocation

4+2 SWS, 8 credits. Optionally, 3+2 SWS, 6 credits.

Successful completion of the course yields 8 credit points. For students who only want 6 credit points, a breakpoint at about 3/4 of the teaching time will be defined, and only the course material up to that point will be relevant for their exams and grades.

• Media Informatics: Computer and Communication Technology.
• Recommendation for University of Bonn - Computer Science: A or A1, respectively.

Prerequisites

None. Basic knowledge in cryptography might be helpful, as for example the parallel course Cryptography. Yet, this is not required.

Contents

Passports shall carry more and more sensitive information in a easily accessible way in the future. This information may, apart from name, origin and the like, contain fingerprints or retina scans. And it is stored in electronic form, and it can be accessed by wireless transmissions. This raises a lot of new problems:

• The passport holder cannot immediately control the contents of the stored information.
• Unauthorized eavesdroppers might be able to gather or actively read information from the passport unnoticed. So one could think that identifying a certain person passing at a certain place, or tracking her path through a department store might be possible.
• Personal rights of a person are touched when acquiring and storing biometric information.

The course will try to give an overview what and how things are implemented. We will discuss the concerns of and threats to holders, society and government. Biometrical information has long been used to identify persons. Already, in 1901 Scotland Yard started to use fingerprints to identify criminals. Since then various other methods have been introduced: iris scan, face recognition, retina scans, hand geometry to name just the most prominent. Since about 1965 people have tried to automate all these identification methods. This has shown many difficulties. It is still not clear which information identify a person: for example, though it is widely believed that fingerprints do, only few scientific studies are available. And it turns out to be pretty difficult to find a reliable automatic pattern matcher. Mind that it is not like searching a given fixed string in a dictionary. You have to find the template(s) that are most similar to a given one, or tell that there is none within given bounds.