Title: Chris%20Marinak
1A Secure National ID Card
Group 8 Chris Marinak Mike Cuvelier Adam
Sowers Saud Bangash
2Outline
- Why do we need a national identity card?
- Brief background / history
- How our design works
- Security vs. Privacy
- Questions
3The Problem
- Lots of people wish they could be Dave Evans
4The Problem
- Naturally, there are many imposters
5The Solution
- A standard national identification card with
biometric data - All citizens and immigrants will be required to
have an ID card - Use will be mandatory in various critical
locations - Card readers have connection to general
authorization database
6Background
- More than 100 other nations have a national ID
system - Most European Nations
- Nothing has ever materialized in the United
States - Closest was 1996 Immigration Bill
- Recent Congressional Hearings
7The Basic Goal
- To establish a system that can accurately verify
a person is who they say they are
???
8System Requirements
- Card can securely hold personal identification
information - System of readers can be used to verify
cardholder matches card data - Airports
- Firearms background check, etc.
- Central database maintains a list of flags for
each person
9System Requirements
- Readers and database can securely communicate
- Government agencies can securely access the
database flags - Wanted criminal
- Suspected terrorist, etc.
- A nationwide network to support communication
(public or private)
10Infrastructure
- This system will be very expensive to create (
3 Bil.) and maintain (???) - Communication network
- Cards
- Card Readers
- Card Makers
- Maintenance and Support Personnel
11System Design
Card Maker
Card Reader
Govt Database
FBI
NSA
CIA
12Levels of Security
- Low security face of card
- Basic identification information (photo, address,
DOB, ) - Used at bars, banks, etc.
- High security smart card
- Holds similar information, but also stores
thumbprint and voice print.
13Security Implementation
- Card
- The card data is encrypted with private key from
RSA key pair. - Database
- We will assume the database is perfectly secure
Why??
Because he says so
14The Secure Channel
- Uses a scheme similar to SSH
- Each reader has an RSA key pair and
identification number - The database also has an RSA key pair
- Database and reader use RSA to establish a secret
key and use AES for data exchange
15Security vs. Privacy
- As always, increased security has its price on
privacy - Our card will only be used in areas that already
invade on privacy - Airports
- Gun background checks
- No data will be logged so citizens cannot be
tracked
16Final Thoughts
- A secure national ID system is feasible (check
out our report for more info) - We have tried to minimize any invasions of
privacy, but some things are impossible to
prevent - Debates are likely to heat up in the coming months
Is the added security worth inherent losses in
privacy???
17Questions???
18The Card
- For most purposes, the card will be used like a
drivers license - For high-security areas, a reader that connects
to the database will decrypt the card data - Only government authorized sites will have a card
reader
19The Reader
- Cardholder will put thumb on reader
- Reader will check thumbprint against print on the
card - Reader will check the database to authenticate
the cardholder - Reader will display pass or fail
20Low Security
- Many applications will maintain same security as
today - Alcohol Purchases
- Check Cashing
- Similar security as existing state IDs (except
better tamper-proofing)
21High Security
- Areas of high security will receive added
security with the card - Many already require privacy infringements
- Airports
- Gun purchases
- Nuclear facilites, etc.
- Cardholder will be aware of high-security check
(by authorizing connection)
22The Secure Channel
Reader
Database
Reader requests a connection - sends unique
reader ID.
Random string encrypted with readers public key
Reader sends back random string encrypted with
database public key
Random string is used as key for symmetric
encryption using AES
Reader sends persons ID and card serial
If a match, database sends back persons public
key for decryption and any flags
23The Database
- Every card issued will have a record in the
database
Persons ID Card Serial Number Public Key Flags
- Each card reader also has a record
Readers Location (IP Addr.) Reader Serial Number Public Key Access Perm.
24The Database
- Each personal record has flag fields
- Convicted felon
- Wanted criminal
- Suspected terrorist, etc.
- Flag field only contains binary flag, no details
- Flags can only be seen and modified by proper
agency - FBI, CIA, NSA, etc.
25The Database
- Knows network location of reader
- Securely stores the public key of each reader
- Will send only relevant flags
- Airports will not know whether a person is
authorized to purchase a gun
26Anticipated Attacks
- Fake card faces
- Will not work for high security
- Recreated IDs with Smart Cards
- Different card serial number
- Wont have private key associated with public key
in database - Spoofed Readers
- Will not be in proper network location
- Will not have readers private key
27Anticipated Attacks (contd)
- Readers log personal information
- Readers made by third party
- Attacks on database security
- We will assume the database is perfectly secure
Why??
Because he says so