|
P packet Flooding Attack � Network Bandwidth Denial of Service (DoS) Packet-Dropping AttackBog'liq gu2011 AQLLI SHAHAR, TEST, 1-мактаб тўгарак жадвал, BUYRUQ. YASIN BREND, TAQRIZ YANGI, 2, Tarjima SPLINES, DIFFERENTIAL EQUATIONS, AND OPTIMAL, (11-ozbetinshe K.U.A)Q.Zafar, APPLIKATSIYADA QIRQISHNI HAR HIL USULLARINI BAJARISH, EDUCATION SYSTEM OF UZBEKISTON, O’zbekistonning va jahon hamjamiyati, OCHILOVA NIGORANING, 7 yosh inqirozi uning sabablari va alomatlari, TEXNIKA MADANIYATI, AAAPassport Security. Fig. Logo usually printed on the front
cover of ePassports
and DG (“Encoded face”) are the only mandatory infor-
mation; DG to DG are optional and may contain a
digitalized signature, some biometrics, a public key, etc;
and DG to DG are reserved for future use. Addition-
ally, LDS defines two special elementary files, EF.COM and
EF.SOD, that respectively contain the list of the present
DGs and some cryptographic material described below.
Finally, LDS defines some elementary files storing symmet-
ric and asymmetric cryptographic keys for internal use.
The security of the ePassport is assured through sev-
eral cryptographic mechanisms. The Passive Authentica-
tion (PA) prevents counterfeiting of ePassports. The Active
Authentication (AA) assures that the inspected ePassport
is not a clone of a legitimate one. The Basic Access Con-
trol (BAC) prevents someone to get access to the content
of the LDS without physically handling the document.
The Secure Messaging (SM) protects the communication
between the IC and the Inspection System (IS). Finally, the
Extended Access Control (EAC), introduced recently, grants
the access to the DGs to authorized IS only.
Passive Authentication
PA is a mandatory security mechanism whose aim is to
prove that the content of EF.SOD and LDS are authen-
tic and not modified. To assure so, EF.SOD contains the
hash value of each DG present in LDS and a signature cal-
culated by the issuing State over these values. EF.SOD is
implemented as specified in RFC .
The signature can be checked by IS using the Document
Signer (DS) X. certificate, available from EF.SOD along
with the hash values and the signature. Alternatively, the
DS certificates should be available from the ICAO Public
Key Directory (PKD).
In turn, a DS certificate can be checked using the Coun-
try Signing CA (CSCA) X. certificate. The ICAO PKD
does not publish the CSCA certificates but uses them for
checking the received DS certificates before publication. As
a consequence, the CSCA certificates should be exchanged
according to bilateral agreements between the States. Cer-
tificate revocation lists should also be exchanged through
these agreements, but are available from the ICAO PKD,
though.
According to DOC , PA should use one of the fol-
lowing signature schemes: RSA, DSA, and ECDSA. Those
States implementing the RSA algorithm shall use RFC
PKCS#. DOC recommends to use RSASSA-PSS with
modulus of minimum size , bits and , bits for
the CSCA keys and the DS keys, respectively. Those States
implementing the DSA algorithm shall use FIPS -. The
minimum sizes for the moduli p and q should be , and
bits, and , and bits for the CSCA keys and
|
| |
