Transcript National ID Card

A Secure National ID Card
Group 8
Chris Marinak
Mike Cuvelier
Adam Sowers
Saud Bangash
Mon. December 3, 2001
A Secure National ID Card
1
Outline
Why do we need a national identity
card?
 Brief background / history
 How our design works
 Security vs. Privacy
 Questions

Mon. December 3, 2001
A Secure National ID Card
2
The Problem…

Lots of people wish they could be
Dave Evans
Mon. December 3, 2001
A Secure National ID Card
3
The Problem…

Naturally, there are many imposters
Mon. December 3, 2001
A Secure National ID Card
4
The Solution
A standard national identification
card with biometric data
 All citizens and immigrants will be
required to have an ID card
 Use will be mandatory in various
critical locations
 Card readers have connection to
general authorization database

Mon. December 3, 2001
A Secure National ID Card
5
Background

More than 100 other nations have a
national ID system
– Most European Nations

Nothing has ever materialized in the
United States
– Closest was 1996 Immigration Bill

Recent Congressional Hearings
Mon. December 3, 2001
A Secure National ID Card
6
The Basic Goal

To establish a system
that can accurately verify
a person is who they say
they are
???
Mon. December 3, 2001
A Secure National ID Card
7
System Requirements
Card can securely hold personal
identification information
 System of readers can be used to
verify cardholder matches card data

– Airports
– Firearms background check, etc.

Central database maintains a list of
flags for each person
Mon. December 3, 2001
A Secure National ID Card
8
System Requirements
Readers and database can securely
communicate
 Government agencies can securely
access the database flags

– Wanted criminal
– Suspected terrorist, etc.

A nationwide network to support
communication (public or private)
Mon. December 3, 2001
A Secure National ID Card
9
Infrastructure

This system will be very expensive to
create (~ $3 Bil.) and maintain (???)
– Communication network
– Cards
– Card Readers
– Card Makers
– Maintenance and Support Personnel
Mon. December 3, 2001
A Secure National ID Card
10
System Design
Card
Maker
Card
Reader
Gov’t
Database
FBI
Mon. December 3, 2001
A Secure National ID Card
NSA
…
CIA
11
Levels of Security

Low security – face of card
– Basic identification information (photo,
address, DOB, …)
– Used at bars, banks, etc.

High security – smart card
– Holds similar information, but also
stores thumbprint and voice print.
Mon. December 3, 2001
A Secure National ID Card
12
Security Implementation

Card
– The card data is encrypted with private
key from RSA key pair.

Database
– We will assume the database is
perfectly secure
Why??
Because he says so…
Mon. December 3, 2001
A Secure National ID Card
13
The Secure Channel
Uses a scheme similar to SSH
 Each reader has an RSA key pair and
identification number
 The database also has an RSA key
pair
 Database and reader use RSA to
establish a secret key and use AES
for data exchange

Mon. December 3, 2001
A Secure National ID Card
14
Security vs. Privacy
As always, increased security has its
price on privacy
 Our card will only be used in areas
that already invade on privacy

– Airports
– Gun background checks

No data will be logged so citizens
cannot be tracked
Mon. December 3, 2001
A Secure National ID Card
15
Final Thoughts

A secure national ID system is feasible
(check out our report for more info)
 We have tried to minimize any invasions
of privacy, but some things are impossible
to prevent
 Debates are likely to heat up in the coming
months
Is the added security worth inherent losses in
privacy???
Mon. December 3, 2001
A Secure National ID Card
16
Questions???
Mon. December 3, 2001
A Secure National ID Card
17
The Card
For most purposes, the card will be
used like a driver’s license
 For high-security areas, a reader that
connects to the database will decrypt
the card data
 Only government authorized sites
will have a card reader

Mon. December 3, 2001
A Secure National ID Card
18
The Reader
Cardholder will put thumb on reader
 Reader will check thumbprint against
print on the card
 Reader will check the database to
authenticate the cardholder
 Reader will display pass or fail

Mon. December 3, 2001
A Secure National ID Card
19
Low Security

Many applications will maintain same
security as today
– Alcohol Purchases
– Check Cashing

Similar security as existing state IDs
(except better tamper-proofing)
Mon. December 3, 2001
A Secure National ID Card
20
High Security

Areas of high security will receive added
security with the card
 Many already require privacy
infringements
– Airports
– Gun purchases
– Nuclear facilites, etc.

Cardholder will be aware of high-security
check (by authorizing connection)
Mon. December 3, 2001
A Secure National ID Card
21
The Secure Channel
Reader
Database
Reader requests a
connection - sends
unique reader ID.
Random string encrypted
with reader’s public key
Reader sends back
random string
encrypted with
database public key
Random string is used as key for
symmetric encryption using AES
Reader sends
person’s ID and
card serial #
Mon. December 3, 2001
If a match, database
sends back person’s
public key for
decryption and any
flags
A Secure National ID Card
22
The Database

Every card issued will have a record
in the database
Person’s ID

Card Serial
Number
Public Key
Flags
Each card reader also has a record
Reader’s Location
(IP Addr.)
Mon. December 3, 2001
Reader Serial
Number
Public Key
A Secure National ID Card
Access
Perm.
23
The Database

Each personal record has flag fields
– Convicted felon
– Wanted criminal
– Suspected terrorist, etc.

Flag field only contains binary flag, no
details
 Flags can only be seen and modified by
proper agency
– FBI, CIA, NSA, etc.
Mon. December 3, 2001
A Secure National ID Card
24
The Database
Knows network location of reader
 Securely stores the public key of
each reader
 Will send only relevant flags

– Airports will not know whether a person
is authorized to purchase a gun
Mon. December 3, 2001
A Secure National ID Card
25
Anticipated Attacks

Fake card faces
– Will not work for high security

Recreated ID’s with Smart Cards
– Different card serial number
– Won’t have private key associated with public
key in database

Spoofed Readers
– Will not be in proper network location
– Will not have reader’s private key
Mon. December 3, 2001
A Secure National ID Card
26
Anticipated Attacks (cont’d)

Readers log personal information
– Readers made by third party

Attacks on database security
– We will assume the database is
perfectly secure
Why??
Because he says so…
Mon. December 3, 2001
A Secure National ID Card
27