Product Manager – Cryptovision
Speaks at ID WORLD on Secure Identification
Klaus Schmeh is a consultant at the Germany-based company cv cryptovision. He has been active in the field of IT security for more than 12 years. He is the author of eight books and more than 100 articles on cryptography, which is more than any other person in Germany has published in this area. His current professional focus are the cryptographic aspects of e-ID cards. His recently published book is a reference book on electronic identity documents (the first one on the market). Klaus Schmeh has a special skill in explaining complex technical aspects to an audience with little technical experience. He is a frequent lecturer, who has given presentations at more than 70 conferences in Europe, Asia, and the USA.
“Cryptologic techniques for securing e-ID documents”
An electronic identity document can be the target of different kinds of attacks: complete falsification, cloning, alteration, camouflaging, skimming, usage by wrong person, illegal acquiry, denial of service, and marking. There is a wide range of cryptographic techniques that may serve to prevent these attacks. Many electronic identity documents – including the ICAO e-Pass and vitually all national e-ID systems – make intensive use of these methods. This presentation gives an overview including the main advantages and disadvantages of the most important techniques. Many practical examples are given (e.g. from e-ID systems in Belgium, Finland, Germany, Italy, and Spain). Only techniques that prevent the attacks mentioned above are covered; it is out of scope to discuss cryptographic funtionality that is used for additional e-ID applications (e.g. online authentication, digital signatures, electronic voting, …). It will be outlined that cryptographic techniques used to protect electronic identity documents can be devided into three groups: card authentication, terminal authentication, and secure data exchange. Card authentication can be achieved in four different ways: digitally signing of content (static data authentication), asymmetric challenge-response (dynamic data authentication), symmetric message authentication, and symmetric challenge-response. The presentation will explain why some governments have chosen certain of these techniques, while others have not. The ICAO MRTD standard will be used as an example to explain the main design principles.