1 mon. december 3, 2001a secure national id card group 8 chris marinak mike cuvelier adam sowers...
TRANSCRIPT
Mon. December 3, 2001
A Secure National ID Card 1
A Secure National ID CardA Secure National ID Card
Group 8Chris MarinakMike CuvelierAdam SowersSaud Bangash
Mon. December 3, 2001
A Secure National ID Card 2
OutlineOutline
Why do we need a national identity card?
Brief background / historyHow our design works Security vs. PrivacyQuestions
Mon. December 3, 2001
A Secure National ID Card 3
The Problem…The Problem…
Lots of people wish they could be Dave Evans
Mon. December 3, 2001
A Secure National ID Card 4
The Problem…The Problem…
Naturally, there are many imposters
Mon. December 3, 2001
A Secure National ID Card 5
The SolutionThe Solution
A standard national identification card with biometric data
All citizens and immigrants will be required to have an ID card
Use will be mandatory in various critical locations
Card readers have connection to general authorization database
Mon. December 3, 2001
A Secure National ID Card 6
BackgroundBackground
More than 100 other nations have a national ID system–Most European Nations
Nothing has ever materialized in the United States– Closest was 1996 Immigration Bill
Recent Congressional Hearings
Mon. December 3, 2001
A Secure National ID Card 7
The Basic GoalThe Basic Goal
To establish a system that can accurately verify a person is who they say they are
???
Mon. December 3, 2001
A Secure National ID Card 8
System RequirementsSystem Requirements
Card can securely hold personal identification information
System of readers can be used to verify cardholder matches card data– Airports– Firearms background check, etc.
Central database maintains a list of flags for each person
Mon. December 3, 2001
A Secure National ID Card 9
System RequirementsSystem Requirements
Readers and database can securely communicate
Government agencies can securely access the database flags–Wanted criminal– Suspected terrorist, etc.
A nationwide network to support communication (public or private)
Mon. December 3, 2001
A Secure National ID Card 10
InfrastructureInfrastructure
This system will be very expensive to create (~ $3 Bil.) and maintain (???)– Communication network– Cards– Card Readers– Card Makers–Maintenance and Support Personnel
Mon. December 3, 2001
A Secure National ID Card 11
System DesignSystem Design
Card Reader
Gov’tDatabase
Card Maker
FBI NSA CIA…
Mon. December 3, 2001
A Secure National ID Card 12
Levels of SecurityLevels of Security
Low security – face of card– Basic identification information (photo,
address, DOB, …)– Used at bars, banks, etc.
High security – smart card– Holds similar information, but also
stores thumbprint and voice print.
Mon. December 3, 2001
A Secure National ID Card 13
Security ImplementationSecurity Implementation
Card– The card data is encrypted with private
key from RSA key pair. Database–We will assume the database is
perfectly secure
Why??
Because he says so…
Mon. December 3, 2001
A Secure National ID Card 14
The Secure ChannelThe Secure Channel
Uses a scheme similar to SSHEach reader has an RSA key pair and
identification numberThe database also has an RSA key
pairDatabase and reader use RSA to
establish a secret key and use AES for data exchange
Mon. December 3, 2001
A Secure National ID Card 15
Security vs. PrivacySecurity vs. Privacy
As always, increased security has its price on privacy
Our card will only be used in areas that already invade on privacy– Airports– Gun background checks
No data will be logged so citizens cannot be tracked
Mon. December 3, 2001
A Secure National ID Card 16
Final ThoughtsFinal Thoughts
A secure national ID system is feasible (check out our report for more info)
We have tried to minimize any invasions of privacy, but some things are impossible to prevent
Debates are likely to heat up in the coming months
Is the added security worth inherent losses in privacy???
Mon. December 3, 2001
A Secure National ID Card 17
Questions???Questions???
Mon. December 3, 2001
A Secure National ID Card 18
The CardThe Card
For most purposes, the card will be used like a driver’s license
For high-security areas, a reader that connects to the database will decrypt the card data
Only government authorized sites will have a card reader
Mon. December 3, 2001
A Secure National ID Card 19
The ReaderThe Reader
Cardholder will put thumb on readerReader will check thumbprint against
print on the cardReader will check the database to
authenticate the cardholderReader will display pass or fail
Mon. December 3, 2001
A Secure National ID Card 20
Low SecurityLow Security
Many applications will maintain same security as today– Alcohol Purchases– Check Cashing
Similar security as existing state IDs (except better tamper-proofing)
Mon. December 3, 2001
A Secure National ID Card 21
High SecurityHigh Security
Areas of high security will receive added security with the card
Many already require privacy infringements– Airports– Gun purchases– Nuclear facilites, etc.
Cardholder will be aware of high-security check (by authorizing connection)
Mon. December 3, 2001
A Secure National ID Card 22
The Secure ChannelThe Secure Channel
Reader DatabaseReader requests a connection - sends unique reader ID.
Random string encrypted with reader’s public key
Reader sends back random string encrypted with database public key
Random string is used as key for symmetric encryption using AES
If a match, database sends back person’s public key for decryption and any flags
Reader sends person’s ID and card serial #
Mon. December 3, 2001
A Secure National ID Card 23
The DatabaseThe Database
Every card issued will have a record in the database
Person’s IDCard Serial
NumberPublic Key Flags
Each card reader also has a record
Reader’s Location (IP Addr.)
Reader Serial Number
Public KeyAccess Perm.
Mon. December 3, 2001
A Secure National ID Card 24
The DatabaseThe Database
Each personal record has flag fields– Convicted felon– Wanted criminal– Suspected terrorist, etc.
Flag field only contains binary flag, no details
Flags can only be seen and modified by proper agency– FBI, CIA, NSA, etc.
Mon. December 3, 2001
A Secure National ID Card 25
The DatabaseThe Database
Knows network location of readerSecurely stores the public key of
each readerWill send only relevant flags– Airports will not know whether a person
is authorized to purchase a gun
Mon. December 3, 2001
A Secure National ID Card 26
Anticipated AttacksAnticipated Attacks
Fake card faces– Will not work for high security
Recreated ID’s with Smart Cards– Different card serial number– Won’t have private key associated with public
key in database
Spoofed Readers– Will not be in proper network location– Will not have reader’s private key
Mon. December 3, 2001
A Secure National ID Card 27
Anticipated Attacks (cont’d)Anticipated Attacks (cont’d)
Readers log personal information– Readers made by third party
Attacks on database security–We will assume the database is
perfectly secure
Why??
Because he says so…