You are on page 1of 6

28th.

June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 1 K. Keus

Needs for Mobile Identification


-
The European MOBIDIG

WS on ‘Interoperable Communications for Safety and Security’,


JRC IPSC, Ispra
28th June 2010, Ispra, Italy

Agenda
28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 2 K. Keus

„ The Mobile Identification Interoperability Group:


MOBIDIG
„ Framework Conditions
„ Scope and Applications
„ Objectives

„ Data Communication related to MOBIDIG


requirements
„ Architectures
„ Options
„ Requirements

1
Background | Some Framework Conditions
28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 3 K. Keus

„ Mobile computing devices are improving rapidly. This has important potential as an enabling
technology for policing and immigration, particularly in identifying people, at the border and
elsewhere.

„ A smart new generation of mobile computing devices on their own will not solve the problems of
identification. How the technology is applied and used is crucial to its success.

„ Mobile technology does not provide an ‘out of the box’ total solution - it needs to be configured and
integrated with existing systems.

Ö MOBIDIG (The Mobile Identification Interoperability Group): has been created so that police and
immigration services in the European Union can benefit from the sharing of expert advice and
experience from individual Member States.

Needs | From stationary to mobile


28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 4 K. Keus

Mobile ID devices may be employed for a variety of


applications, where stationary booking station type environment
is not possible, nor easily attainable (existing procedures and
technology for stationary environments are not transferable
and not applicable for mobile requirements).

Common applications include (e.g.):


„ Mobile immigration and border control needs in non
stationary environments (e.g. to inspect e-passports in
trains or busses)
„ Identification and verification in law enforcement
applications (e.g. common use and joint inspection of
national eID documents)
„ Access control for buildings, computers and networks in
flexible application environments1

1) This issue will not be addressed here

2
MOBIDIG | Main Scope
28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 5 K. Keus

for border control and law enforcement applications:

„ Identification and
verification of people’s
identity ‰ data held in identity enabling
documents,
through the use of
‰ identity data held on local and/ or

„ Authentication of identity
remote databases (e.g. in those
enabling documents cases where an individual cannot or
will not provide identity
documentation).

MOBIDIG | Specific uses for Police and Immigration Applications


(extract)
28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 6 K. Keus

„ Authentication of travel and identity documents:


„ using PKI technology to give very high assurance about the integrity of the document, chip and the data
it contains
„ to negotiate approved access (EAC protocol) to sensitive personal data on the chip – fingerprints - for
additional assurance that the holder of the document is the correct, authorised holder
„ Fingerprint checks against central biometric systems:
„ to confirm identity and/or to screen against special alert watchlists, e.g. police or immigration
„ Biographic checks against central identity systems:
„ to check what is known about e.g. a named individual (is he / she wanted by the police? Has a criminal
record?) or travel / identity document (lost / stolen?)
„ Casework operations:
„ at remote locations requiring more conventional desktop services and access to systems, and possibly
enrolment of biometrics
„ Rapid deployment:
„ E.g. to respond to a large number of arrivals at a small, remote port or even somewhere that is not
classed as a port.
„ Mapping applications:
„ using GPS technology to determine current position and link this to applications: logging and reporting
position and time, displaying reference information known about nearby locations, navigation.

3
Data Communication I | Architectures I
28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 7 K. Keus

„ Data communications:
„ handset and communications network
„ the connection to core systems
„ handling of incoming communications from mobile devices into the
central network (management: security issues, firewalls,
authentication, etc.).
„ communications and security issues in relation to local connection
of components for a mobile solution:
„ the device connected to a single integrated unit (master unit, keyboard,
screen, and communications module; potentially fingerprint reader
and document reader too)
„ separated components: in which case how are they connected together?

Ö: Conclusion
„ Mobile 2 Central (M2C)
„ Mobile 2 Mobile (M2M)
„ Network / Combination of devices (NoD)
„ …

Data Communication II | Communication Architectures II


28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 8 K. Keus

GSM/GPRS/UMTS a
Wi Max (802.16d/e)
Satellite
a
Bluetooth a
WLAN
802.11 b/g
RRS

TETRA

PMR (Professional Mobile Radio)


4
Data Communication III | Primary Options
28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 9 K. Keus

„ Commercial networks: 3G or forthcoming 4G networks as used for mobile phone networks.


Probably cheaper option, connectivity can be an issue2. Security? Availability?

„ Emergency services networks based on Tetra standard -highly resilient network for use by
emergency services: national implementations and trials (e.g. Netherlands C2000, UK
Airwave, Germany (local trials), several bilateral trials). Desirable, but likely to be at a higher
cost than a conventional commercial solution and may offer less bandwith (speed of data
2
transmission) than 3G and certainly 4G connection ?

„ Others? Integration with professional (police) radio network? Other?

„ Bluetooth for ‘nearby area’? Security?

„ NFS for ‘near field communication’? Performance? Security?


2:
• 2G: Mobile cellular network based on GSM. First offering mobile data connection, using GPRS (known as 2.5G); later, EDGE.
• 3G: 3rd generation mobile communications technology—superior replacement for GPRS / GSM for mobile cellular data communications.
• 4G: Forthcoming successor standard to 3G for mobile communications with data transfer rates of 1 Gbps (stationary) or 100 Mbps (mobile).

Data Communication IV | Special Requirements I:


Security Requirements and related Countermeasures
28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 10 K. Keus

„ Security Requirements:
„ Confidentiality,
„ Integrity,
„ Availability,
„ Interception,
„ Cloning & Replication
„…

„ Some Security Countermeasures:


„Encryption of communications and of data held on the device (ensuring confidentiality)
„Virtual Private Network (VPN): secure end-to-end connection incl. authentication (ensuring integrity)
„Tamper-proofing: technology against eaves dropping / interception
„Backup communication lines / recovery and continuity services to ensure resilience against availability
attacks (e.g. DoS)
„Hardware Security Modules (HSMs): protection against a device being attacked to prevent data being
accessed (Possible contents: encryption private keys, watchlist contents, access codes for central
systems)
„Remote diagnoses and service: e.g. deletion or blocking or limitations on functionality: commands
may be issued from a central control point instructing a mobile device that has been lost or stolen to
delete any sensitive data including access codes or authorisations that it is holding.

5
Data Communication IV | Special Requirements II
28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 11 K. Keus

„ Reliability of information

„ Privacy

„ Performance (incl. bandwidth (in special for biometrics data), throughput,


response time, …)

„ Grid and sensor net (communication network)

„ New Sensor technologies

„ …

28th. June 2010 – WS Interoperable Communications for Safety and Security: Needs for Mobile Identification - The European MOBIDIG 12 K. Keus

Thank you for your attention !

Questions?

You might also like