For the unaware, cryptographic protocols are a type of security mechanism that enables secure private connections, allowing two parties to communicate information with both privacy and integrity. These are used in NFC identity verification, enabling the highly secure communication of privacy-sensitive information safely and quickly. But what makes these protocols so safe, and how have they created the most secure method of remote identity verification? We will explain in this blog.
There are four kinds of cryptographic protocols used in NFC identity verification using mobile phones- passive authentication, access control, secure messaging, and clone detection. Let’s explore how they work in our remote NFC identity verification software ReadID. As cryptographic protocols are used to enable secure communication between two entities, we will refer to point A and point B throughout this article to simplify explanations of each protocol.
In the scenario of passive authentication, point A refers to the issuing state, and point B is the customer of Inverid. Information placed in the chip of an identity document is being transferred to the servers of the customer verifying identities.
In passive authentication, the chip in the identity document does not have to do anything, as it simply conveys information given to it by the issuing state (point A). This information is formatted in data groups, which are collectively signed with a certificate or digital signature by the issuing state.
In order to verify identities and provide our customers (point B) with the information they need, we must check if the information is authentic and comes from a real source, and if the chip and document themselves are also authentic. Passive authentication checks the digital signature in the chip, and ReadID checks that this signature is authentic against country signing certificates in our database, therefore verifying if the information is authentic or not.
Verification of document authenticity with optical verification solutions is not as clear cut, however. Optical Character Recognition (OCR) technologies rely on the ability of an algorithm to recognise physical security features, such as holograms, put in the identity document by the printer. Although an attacker would need specialist equipment to replicate these physical features, there is a known false acceptance rate by OCR identity verification technologies, as they rely on machine learning algorithms and images taken by smartphone cameras of varying quality. With NFC, the authenticity of the information inside the chip is never in doubt if the country signing certificate is in our database, and with over 170 countries worldwide issuing chipped identity documents, the amount of country signing certificates available to ReadID is ever-growing.
Access control refers to the security protocols in place to ‘open’ the document’s chip and allow the transfer of privacy-sensitive information to occur.
There are two main variants of access control protocols, named BAC and PACE. In this kind of information transfer, point A refers to ReadID/the end user’s phone, and point B refers to the chipped identity document. These security protocols are vital and must be implemented by issuing states in order to protect the end user’s data from local attackers targeting the interface between A and B, and without them, ReadID cannot access said data at all.
To ‘unlock’ the chip, we have to prove to the passport that we have scanned the Machine Readable Zone (MRZ). This is because if someone was to spy on the communication taking place between point A and point B, they could easily see the scan of the MRZ and get access to the personal information in the chip. Therefore, to prevent eavesdropping, the MRZ is not sent directly to the chip in this communication between point A and point B. Point A requests a challenge from point B, which will send some random information back in exchange. It is important to note that each time a challenge is requested from the chip, it will send back a different piece of random information. Point A then sends the same piece of random information back encrypted with the MRZ. The chip within point B is capable of running computations and can encrypt the random information with the MRZ as well. If the result is the same, then point A is given access to the information in the chip. If an attacker doesn’t have the MRZ, they are unable to answer the challenge, and therefore cannot know or create the encrypted MRZ response to the challenge and cannot gain access to the chip and its data.
Both BAC and PACE will, additionally, set up a secure messaging channel by encrypting subsequent traffic using a session key.
A downside of BAC is that it has no forward secrecy. This means that as computers improve, the protocol gets weaker. This means that, given an encrypted exchange of information, eventually BAC can technically be brute forced, although this is extremely uncommon- but not impossible. If a party only knows the random challenge information, then they can generate MRZs with a computer until they generate the correct one and get access to the chip and therefore personal information that way.
There is an alternative security protocol called PACE, which cannot be brute forced like BAC can. PACE is a much more involved protocol than BAC. Unless a party was a direct middleman in the encrypted traffic, and therefore saw the session key, they could not bypass the PACE protocol. PACE is considerably safer and longer lasting in the face of computer improvements than BAC.
Clone detection is about detecting if the passport chip contents has been duplicated or copied into a fraudulent document. It is not so much about proving that it comes from an authentic issuing state- it is the passport (point B) telling us (point A) itself that it is the actual, authentic, and original passport by proving that the private key is there and corresponds correctly with the public key.
If you aim to clone a passport, an attacker can generate their own matching private and public key to put into a cloned chip, and it would pass clone detection protocols, but fail passive authentication. This is because the keys within the data groups now no longer match the digital signature used to sign the logical data structure that we mentioned at the start of the blog post.
There are two clone detection protocols defined in the standards.
Active Authentication uses a private key inside the chip of the document we mentioned before. Point A (ReadID) will send a random challenge to B (the chip). The chip will prove possession of the private key by signing that random challenge. ReadID can verify the signature in the response using the public key read from one of the data groups. Although the chip content of an electronic identity document can be copied, the private key cannot. Therefore, a cloned passport cannot prove that it has the private key, thus failing active authentication.
Chip Authentication also refers to a private key inside the chip. This time the chip (point A) proves possession of that private key by requesting that A create a random key pair and send the public key to B. Both A and B then use their own private key and the other party’s public key to derive a session key to be used in a new secure channel. The authentic passport can succeed (proving that it has the correct private key), but a cloned passport will fail in setting up the secure channel.
As previously mentioned, OCR technology relates on machine learning and artificial intelligence, which is only as good as the models it is trained on and relies on the quality of smartphone cameras to recognise physical security features and characters to recognise information printed in the MRZ. This leads to known false accept rates and errors in reading results due to mistaken characters, and of course can create issues for customers and end users. Furthermore, this means OCR is not necessarily reliable for use cases that require the highest levels of confidence, such as Disclosure and Barring Service Checks in the UK or Know Your Customer onboarding checks for banks and other financial institutions.
On the other hand, NFC identity verification solves these issues thanks to the integration of cryptographic protocols into the process. With these advanced security measures, customers can be assured that the documents and personal information they are reading are authentic, genuine, and correct, as well as ensuring they remain compliant with legislation and regulations relevant to their use case. Cryptographic protocols like clone detection can make a customer instantly aware that a fraudulent document is being used to interact with their services. Therefore, ReadID operates at the highest trust levels, ideal for processes like British Disclosure and Barring Service checks (DBS) checks. Further adding to the assurance NFC-First identity verification creates is the fact that the chip contains an original colour high-resolution image of the document holder. This is ideal for overlaying with further biometric identification methods, such as face verification, for maximal assurance that the end user is the rightful holder of the document. As well as controlling how we access and preventing modification of electronic identity document data, cryptographics also ensure communication between all points in the remote identity verification process are encrypted, keeping personal data safe from eavesdroppers.
In conclusion, although cryptographic protocols may be a complex concept, they are a cornerstone of secure identity verification and make NFC-First the ideal choice for a wide range of use cases, especially those that require the highest trust levels or layer biometrics in their processes.