Unlocking NFC eID Security: Understanding BAC Key Derivation

Foundational SecurityBAC (Basic Access Control) key derivation is the cornerstone of secure data access for NFC eIDs, preventing unauthorized reading of sensitive chip data.

MRZ as the Root of TrustThe Machine Readable Zone (MRZ) on a passport or ID card is essential; its data (document number, date of birth, date of expiry) is used to generate the cryptographic keys.

Cryptographic ProcessKey derivation involves specific secure hashing algorithms (like SHA-1) and key derivation functions to transform MRZ data into session keys for encrypted communication.

ICAO 9303 StandardBAC is mandated by ICAO 9303, ensuring global interoperability and a standardized security mechanism for electronic Machine Readable Travel Documents (eMRTDs).

In the world of digital identity, the security of NFC-enabled electronic identity documents (eIDs) like e-passports and national ID cards is paramount. These documents contain sensitive personal data stored on a microchip, and protecting this information from unauthorized access is a critical challenge. This is where Basic Access Control (BAC) comes into play, specifically its fundamental process: BAC key derivation.

BAC is the first line of defense for eIDs, a security mechanism mandated by the International Civil Aviation Organization (ICAO) in its Doc 9303 standard. It establishes a secure communication channel between the eID chip and a reading device, ensuring that only authorized readers can access the chip's contents. At the heart of BAC's effectiveness is the meticulous process of deriving cryptographic keys, which we'll explore in detail.

The Role of the Machine Readable Zone (MRZ) in BAC Key Derivation

The journey of BAC key derivation begins with a seemingly simple component of every eID: the Machine Readable Zone (MRZ). This is the two or three-line alphanumeric code printed at the bottom of the identity document's biodata page. While it appears as plain text, the MRZ holds the crucial public information necessary to initiate the secure communication protocol.

Specifically, three pieces of data from the MRZ are used:

1. Document Number: The unique identifier of the travel document.
2. Date of Birth (DOB): The holder's date of birth in YYMMDD format.
3. Date of Expiry (DOE): The document's date of expiry in YYMMDD format.

These three data elements are chosen because they are publicly available on the document itself, allowing a legitimate reader to obtain them, yet they are specific enough to generate a unique set of keys for each individual document. Any discrepancy in these inputs will result in a failure to establish the secure channel, thus protecting the chip's data.

The Cryptographic Process: How BAC Keys Are Derived

The cryptographic process for BAC key derivation is a standardized procedure designed to generate two essential keys: the Symmetric Cipher Key (K_ENC) and the Message Authentication Code Key (K_MAC). These keys are then used to encrypt and authenticate all subsequent communication between the reader and the eID chip.

The derivation involves several steps, as defined by ICAO 9303 Part 11 and relevant cryptographic standards:

1. Concatenation of MRZ Data: The three MRZ data elements (Document Number, DOB, DOE) are first processed. Any check digits associated with these fields are included, and padding may be applied if necessary to reach a specific length (e.g., the document number is padded with '<' characters if shorter than 9 digits).

2. Hashing with SHA-1: The concatenated and padded MRZ data is then fed into a secure hashing algorithm, typically SHA-1 (Secure Hash Algorithm 1). This produces a 160-bit (20-byte) hash value, often referred to as K_seed.

   Example: K_seed = SHA-1(DocumentNumber && DocumentNumberCheckDigit && DateOfBirth && DateOfBirthCheckDigit && DateOfExpiry && DateOfExpiryCheckDigit)

3. Key Derivation Function (KDF): The K_seed is further processed using a key derivation function to generate K_ENC and K_MAC. This typically involves using K_seed as input to a cryptographic function (like Triple DES in CBC mode) with specific constants (e.g., '00000001' and '00000002') to produce the 128-bit (16-byte) keys.

   Example (simplified): K_ENC = derive_key(K_seed, constant_1) K_MAC = derive_key(K_seed, constant_2)

These derived keys are ephemeral, meaning they are generated for each session and are never stored on the reader or the chip. This ensures forward secrecy: even if a session key is compromised, it cannot be used to decrypt past or future sessions.

Basic Access Control: Securing the Communication Channel

Once K_ENC and K_MAC are successfully derived by both the reader and the eID chip (after the reader presents its derived keys to the chip for verification), a secure messaging channel is established. This channel provides two critical security services:

1. Confidentiality (Encryption): All data exchanged between the reader and the chip is encrypted using K_ENC. This prevents eavesdropping and ensures that sensitive information, such as biometric data (facial image, fingerprints), cannot be intercepted by unauthorized parties. This is crucial for protecting the privacy of the individual.

2. Integrity and Authenticity (MAC): Messages are authenticated using K_MAC. A Message Authentication Code (MAC) is calculated for each message, ensuring that the data has not been tampered with during transmission and that it originates from a legitimate source (either the chip or the authorized reader). This prevents data manipulation and spoofing attacks.

The establishment of this secure channel is a prerequisite for accessing any sensitive data elements on the chip. Without successfully completing the basic access control protocol, the chip will refuse to transmit protected information. This robust mechanism is why simply tapping an eID with an NFC-enabled phone without knowing the MRZ data will not yield any sensitive personal information.

How Didit Helps with NFC eID Security

Didit understands the intricacies of secure identity verification, especially when dealing with advanced technologies like NFC eIDs. Our platform supports NFC document reading, which leverages the standardized BAC key derivation process to ensure the highest level of data security and authenticity. By integrating NFC capabilities, Didit provides:

• Government-Grade Assurance: We read the cryptographic chip data, which provides a higher level of assurance than visual inspection alone, as it validates the chip's digital signature according to ICAO standards.
• Enhanced Fraud Detection: The secure channel established by BAC helps detect sophisticated fraud attempts, as any manipulation of the chip data or unauthorized access is prevented.
• Streamlined Compliance: Our solution adheres to international standards like ICAO 9303, helping businesses meet stringent regulatory requirements for identity verification and anti-money laundering (AML).
• Seamless User Experience: While the underlying security is complex, Didit's platform abstracts this complexity, offering a smooth and intuitive verification flow for end-users, quickly capturing and validating the necessary data.

By offering NFC document reading as part of our comprehensive identity verification suite, Didit empowers businesses to verify identities with unparalleled security and reliability, building trust in an increasingly digital world.

Ready to Get Started?

Explore how Didit's advanced identity verification solutions, including NFC eID reading, can enhance your security and compliance posture. Visit our product page for more details or contact us for a personalized demo. You can also try our demo center to experience our technology firsthand.

FAQ

What is BAC key derivation in NFC eIDs?

BAC key derivation is the cryptographic process used in NFC eIDs (like e-passports) to generate symmetric encryption and authentication keys. These keys are derived from specific data found in the document's Machine Readable Zone (MRZ) and are used to establish a secure, encrypted communication channel between the eID chip and a reader, ensuring basic access control and protecting sensitive data.

Why is the MRZ important for BAC key derivation?

The MRZ (Machine Readable Zone) is crucial for BAC key derivation because it contains the public, yet unique, data (document number, date of birth, and date of expiry) that serves as the input for the key generation process. This ensures that only a reader with access to the physical document and its MRZ can derive the correct keys to unlock the chip's protected content.

What security benefits does Basic Access Control (BAC) provide?

Basic Access Control (BAC) provides two primary security benefits: confidentiality and integrity. Confidentiality is achieved through encryption of the communication channel using derived keys, preventing eavesdropping. Integrity is ensured by authenticating messages with a Message Authentication Code (MAC), which prevents data tampering and verifies the origin of the messages. This protects sensitive data on the eID chip from unauthorized access.

Is BAC key derivation still secure against modern attacks?

While BAC provides a foundational layer of security, its reliance on SHA-1 and Triple DES for key derivation and encryption means it is considered less robust against modern cryptographic attacks compared to newer protocols like PACE (Password Authenticated Connection Establishment). ICAO 9303 recommends implementing PACE for enhanced security, although BAC remains widely used and legally compliant for NFC eID security.