Technical challenges for identification in mobile environments

This report describes technical challenges and requirements for identification of individuals in mobile (i.e. non-stationary) environments as e.g. required by the ¿European Mobile Identification Interoperability Group¿ (MOBIDIG). It is intended to support relevant stakeholders as law enforcement agencies or immigration offices, active in the area of identification of individuals in mobile environments. It offers some guidance for future technical work at the MOBIDIG to be respected in their work plan. Furthermore, it may be used as a first orientation for the general future work for identification in mobile environments using digital or electronically stored data. After the introduction and some background of MOBIDIG and its policy context, the document presents the intention, main objectives and some information about the scope of work of the group. The following proposals, suggestions and recommendations presented are explicitly focusing on technology. Organizational and procedural issues are out of focus of this document and need to be addressed separately in further documents.JRC.DG.G.6-Security technology assessmen

Cryptographic security mechanism of the next generation digital tachograph system

JRC is in the process of evaluating the impact of update of the cryptographic security mechanisms for the next generation Digital Tachograph. The purpose of this document is to give background information about the cryptographic security mechanisms and vulnerabilities regarding the security mechanisms of the current Digital Tachograph System along with suggestions for the next generation Digital Tachograph security mechanisms. This document can be referred as an important reference to update the technical appendixes of the Tachograph regulation.JRC.G.7-Digital Citizen Securit

Trust in Mobile Commerce

This paper describes how a citizen, in our case a user of a mobile phone, is confronted with several aspects of trust when he/she uses different mobile commercial objects in a digital world. In particular, the topic of m-commerce and how a client mitigates trust all the way from his/her mobile device to the merchant is dealt with. To assess the trust chain, especially in respect to privacy and data protection, objects (for example a voucher) are used to model the mobile commerce domain.QC 20130423</p

How to Achieve and Enhance Interoperability of e-passports

The electronic passport (ePassport) is composed of a classical passport booklet and a passive contactless smartcard, where the chip and antenna are integrated in a page or cover. The technical specifications of ePassports are standardized by ICAO (International Civil Aviation Organisation - a part of the UN) in the Standard number 9303 (currently in its 6th edition). This document refers to many ISO standards. The communication with the ePassport is based on ISO 14443 (on the low communication level) and 7816 (on the higher communication level). The data stored in the ePassport are organised in 16 data groups (DG1-DG16) and 2-3 metafiles (EF.COM, EF.SOD, EF.CVCA). The presentation will cover the following authentication aspects related to electronic passports: - ICAO Mandatory - Passive authentication (authenticity of data) - ICAO Optional - Basic Access Control (limits remote readability) - Active Authentication (authenticity of chip) - European Extended Access Control - Chip Authentication (authenticity of chip) - Terminal Authentication (authorization to read biometric data) - Holder Authentication - Facial image, Fingerprint, Iris - Signature Further on the presentation will give some indication on related standardization and on practical interoperability issues.JRC.G.6-Sensors, radar technologies and cybersecurit

Secure Bluetooth for Trusted m-Commerce

Bluetooth is a wireless short-range communication technology, intended to replace the wires and cables connecting portable or fixed electronic devices. Created by telecom vendor Ericsson in 1994, from the first Bluetooth enabled de-vice in 1999, to 2008 more than 2 billion devices were using Bluetooth. In 2010 have been sold 906 million mobile phones Bluetooth enabled, and in 2011 there were more than 40 million Bluetooth enabled health and medical devices on the market. Still in 2011, one third of all new vehicles produced worldwide included Bluetooth technology. This pa-per will give first an overview on the general characteristics of Bluetooth technology today. It will go then deeper in the analysis of Bluetooth stack’s layers and the security features offered by the specifications. In the last part of the paper known vulnerabilities and potential threats will be presented, as well as a comprehensive list of known attacks. The pa-per concludes with the proposal of a design for Secure Architecture for Bluetooth-Enhanced Mobile “Smart” Commerce Environments.JRC.G.7-Digital Citizen Securit

Secure Bluetooth for Trusted m-Commerce

Our today’s world is becoming digital and mobile. Exploiting the advantages of wireless communication protocols is not only for telecommunication purposes, but also for payments, interaction with intelligent vehicles, etc. One of the most widespread wireless capabilities is the Bluetooth protocol. Just in 2010, 906 million mobile Bluetooth enabled phones had been sold, and in 2011, there were more than 40 million Bluetooth enabled health and medical devices on the market. Still in 2011, one third of all new vehicles produced worldwide included Bluetooth technology. Security and privacy protection is key in the digital world of today. There are security and privacy risks such as device tracking, communication eavesdropping, etc., which may come from improper Bluetooth implementation with very severe conse- quences for the users. The objective of this paper is to analyze the usage of Bluetooth in m-commerce and m-payment fields. The steps undertaken in this paper in order to come to a proposal for a secure architecture are the analysis of the state of the art of the relevant specifications, the existing risks and the known vulnerabilities the related known attacks. Therefore, we give first an overview of the general characteristics of Bluetooth technology today, going deeper in the analysis of Bluetooth stack’s layers and the security features offered by the specifications. After this analysis of the specifications, we study how known vulnerabilities have been exploited with a comprehensive list of known attacks, which poses serious threats for the users. With all these elements as background, we conclude the paper proposing a design for Secure Architecture for Bluetooth-Enhanced Mobile “Smart” Commerce Environments.Qc 20140205</p

Trust in Mobile Commerce

This paper describes how a citizen, in our case a user of a mobile phone, is confronted with several aspects of trust when he/she uses different mobile commercial objects in a digital world. In particular, the topic of m-commerce and how a client mitigates trust all the way from his/her mobile device to the merchant is dealt with. To assess the trust chain, especially in respect to privacy and data protection, objects (for example a voucher) are used to model the mobile commerce domain.QC 20130423</p

How to achieve interoperability of electronic passports

Electronic passport combines the classical passport booklet with a contactless chip. The chip stores information about the passport holder and the issuing institution in up to 16 data groups. The e-passport in general can store biometric information in the form of a facial photograph, fingerprint image and/or template and iris image. Within the EU it was decided to use the facial image and fingerprint images only. Due to function of a passport it is clear that interoperability is very important in this area. Passport must be usable at any border in the world. This holds true also for the electronic part. Not only must the inspection system be able to read the data from the passport. It must be also able to verify and interpret the data. Interoperability of electronic passports is a process which starts with specification standards continues with interoperability testing which can be divided into conformity tests and crossover tests. Fingerprints in the European passports are protected with an additional mechanism (EAC), not standardized at the ICAO level yet. To achieve interoperability in this area, EAC interoperability testing events are coordinated by the BIG (Brussels Interoperability Group).JRC.G.6-Sensors, radar technologies and cybersecurit

Trust in Mobile Commerce

This paper describes how a citizen, in our case a user of a mobile phone, is confronted with several aspects of trust when he/she uses different mobile commercial objects in a digital world. In particular, the topic of m-commerce and how a client mitigates trust all the way from his/her mobile device to the merchant is dealt with. To assess the trust chain, especially in respect to privacy and data protection, objects (for example a voucher) are used to model the mobile commerce domain.QC 20130423</p

Old and new stakeholder functions in m-commerce

Mobile e-commerce (m-commerce) – very much following classical purchase schemes - is dealing with electronic tokens that represent valuables for obtaining goods or services. M-commerce deals with such electronic tokens by using similar functionalities applicable by three principle stakeholders: the individual operating with a mobile device, the service provider that issues an electronic token to the individual, and the venue accepting an electronic token and subsequently delivering the goods or services to the individual. Through an analysis of business processes the purpose of each function can be described together with an assessment of potential failures combined with appropriate mitigation strategies. The paper demonstrates within three typical m-commerce scenarios how electronic tokens are shifted and used within the business processes, which failures may occur and how they could be handled.JRC.G.7-Digital Citizen Securit