Speakers » Dennis Kügler

Dennis Kügler

Head of Section ‘Chip-Security Analysis’, Federal Office for Information Security (BSI), Germany



Ten years of electronic passports – Attack vectors and future challenges

 

  • Overview of hardware security of ePassports;
  • Analysis of attack vectors and efforts for execution of attacks;
  • Implications for practical security and counter-measures.


Recent security incidents with regard to web-based authentication facilitate a trend towards two-factor authentication. For authentication of travelers at borders, two-factor authentication started more than ten years ago with the introduction of electronic passports. Here, one factor is the biometric information stored securely (digitally signed) on the passport, whereas the second factor is the possession of the passport itself. Both factors can be subject to attacks: Skimming and eavesdropping refer to attacking the first factor by breaking access and session keys, respectively, for unauthorized access to biometric information. Cloning is an attack on the second factor, namely creating a genuine copy by extracting static authentication keys from the chip. In this presentation, we will give an overview of state-of-the-art skimming, eavesdropping and cloning attacks using side channel analysis and active manipulation of the security chip, analyze the impact with regard to security chips deployed in older and current generations of ePassports, and sketch future advancements in chip security, such as software updates of chips in the field.


Biography
Dr Dennis Kügler has been a government representative in the New Technologies Working Group of the International Civil Aviation Organization since 2003. From 2011 to 2015 he headed the section ‘eID Technologies and Smartcards’ at the Federal Office for Information Security. In 2015, he took over the section ‘Chip-Security Analysis’, which provides advice on, and the requirements for, the implementation of hardware-based security mechanisms involved in the German government’s various digitization projects. The (long-term) security of ePassports and other official identity documents is of particular interest, and one major topic of the group is a regular review of security of documents after issuance using sophisticated attack technologies.


Share this page :
Follow us on :

Premier Sponsors


See more

Sponsors


See more

Premier Partners


See more

Media Partners


See more

Supporting Associations


See more