The Next Generation of Secure Documents: The e-Passport
Overview of the Last Article
Our last article continued into the review and examination of Biometrics. This type of security tool, while it has been around for a long time, is just now starting to be widely deployed on a large scale across many applications. There are a number of predominant Biometric modalities which are available in the marketplace today and are grouped under both Physical based and Behavioral based categories.
As it was also described, the advancements which are occurring in the Biometrics Industry are transpiring at a very rapid pace. Because of this, there are three potential new Biometric modalities which are emerging and are as follows:
FREE role-guided training plans
This involves confirming the identity of an individual based upon their DNA strand.
This is being explored in confirming the identity of an individual based on the geometrical shape of their ear.
This is showing the greatest promise, and confirms the identity of an individual based upon their unique walking stride.
Overview into the e-Passport
There is also a new application of Biometric Technology which is starting to emerge as well. This is known as the e-Passport, or also called the "Biometric Passport." We are all familiar with the traditional paper passport, as this becomes a critical tool of identity for overseas travels. However, however, this document is fraught with its own security vulnerabilities, such as:
- The production of counterfeit passports;
- The accidental issuance of genuine passports to impostors;
- The tampering of the information which resides in the passport (such as the data page, or the picture of the passport holder);
- Corrupt government officials are issuing passports when they have no authorization to do so.
To combat these security vulnerabilities, the concept of the e-Passport evolved. This is essentially very similar to the traditional paper passport, but it possesses one major difference: It contains an embedded chip (also known as the "microchip") which has a very miniature database for housing all of the information and data about the passport holder, primarily their Biometric Templates.
The most commonly used templates for the e-Passport are those which are associated with Fingerprint, Iris, and Facial Recognition. Either one type of template can be used to verify and/or identify the e-Passport holder or all three of them can be used in a rapid, multimodal fashion (just like a Synchronous based approached).
Because each and every individual possesses these physiological traits which are unique to themselves, the e-Passport offers significant security advantages over the traditional paper passport:
- The use of Biometric Technology in an e-Passport infrastructure serves to facilitate and even enhance the qualities of background checks which are conducted by the e-Passport applicant;
- The fraudulent misuse and tampering of an e-Passport are greatly reduced;
- Through the use of at least three different Biometric Templates, the statistical probability of Identity Theft occurring is also eradicated;
- A Public Key Infrastructure (using the principles of Asymmetric Cryptography) can be used to help further confirm the actual authenticity and integrity of the Biometric Templates stored in the microchip of each e-Passport holder.
The Technological Components of an e-Passport Infrastructure
The e-Passport infrastructure primarily resides at the points of destination and the geographic locations where the e-Passports are processed and distributed. In the most simplistic terms, this is where the traveler will "flash" their e-Passport in front of the reader, and if verified, he or she will then be allowed to embark into the country of destination. However, an e-Passport infrastructure can be very complex both regarding design and deployment.
The actual configuration of hardware and software varies upon each country which participates in the use of the e-Passport, but in general, it consists of the following components (or some variation of it):
- The Software for the e-Passport Infrastructure;
- The Hardware for the e-Passport Infrastructure;
- The e-Passport Reader.
The Software for the e-Passport Infrastructure
This consists of the following subcomponents:
Software for the capture of the Biometric information and data:
The best example of this is the fingerprint recognition device, along with its optical sensor, and the special software (and its associated APIs) which is needed to process the raw images of the fingertip.
Software to ensure Quality Assurance of the deployment of the Biometric Templates into the microchip and databases:
Unlike the other Biometric applications reviewed in previous articles, the population size for an e-Passport infrastructure is considered to be very large, in the range of over 200 million individuals. The Biometric Templates of all of these people will not only be stored into the microchips but also into the various Biometric databases around the world. Because of this, specialized Quality Assurance software has to be developed and implemented to make sure that the processes which govern such deployments are running as smoothly as possible.
Software for the Databases and Data Warehousing:
As described, since an e-Passport infrastructure will be continuously used by millions of individuals worldwide, the databases which contain the Biometric Templates will need to be just as large, if not even larger. Thus, specialized software is needed to keep these databases running in the most optimal conditions as possible. Also, other specialized types of mathematical algorithms can be created to comb through all of the Verification and/or Identification transactions to discern any hidden trends.
The Hardware for the IT Infrastructure
Apart from the e-Passport readers and the Biometric devices themselves, one of the most critical aspects of an e-Passport infrastructure is the actual microchip itself. There are many kinds of microchips which can be implemented into the e-Passport. For example, the microchip can possess either a very simple or a very complex design.
The choice in which type of microchip to use is dependent of course, on the type of Biometric Templates which will be stored in them. For example, if just Fingerprint Templates will be stored, then a generic microchip will suffice. However, if three (or even more) Biometric Templates will be stored, then a much more sophisticated microchip will be required to meet this Multimodal requirement.
In fact, the International Civil Aviation Organization (also known as the ICAO) has specified two types of microchips which can be used in the e-Passport: 1) Type A, which is the generic version; and 2) Type B, which is the much more sophisticated version. The ICAO has also specified that the processing speed between the microchip and the e-Passport reader must be at least that of 424 kbps (and faster if there is more than one Biometric Template which is stored and being processed).
Since the microchip can be considered to be at the heart of the e-Passport infrastructure, special attention needs to be given to the Operating System which resides in it. This is contained in the Logical Directory Structure of the microchip, and it also specifies how the Biometric Template(s) will be stored.
The e-Passport Reader
The e-Passport Reader is a crucial component of the e-Passport infrastructure. There are two subcomponents to this, and are:
The Host System:
These are the servers which are physically networked to the e-Passport Reader, and process the information and data which is transmitted to it from the microchip.
The Host Application:
This is a specific type of software package which resides in the Host System. For example, this could be a border control application which is used to confirm further and/or verify the identity of the traveler in question.
At this point, a Public Key Infrastructure (PKI) can be deployed. Both Public and Private Keys can be created not only to protect further the Biometric Templates which get transmitted from the microchip to the e-Passport Reader and vice versa, but they can also be used to maintain the integrity of them as well (in other words, ensuring that the Biometric Templates have not been altered in any way).
In fact, the ICAO has specified two separate protocols as it relates to the PKI:
The Secure In-Country Key Generation:
This specifies that each and every country which participates in the use of the e-Passport must create its own secure facility from which the Private and Public Keys can be properly generated.
The ICAO Directory Services:
In this regard, the ICAO actually provides a service which generates and distributes the Public and Private Keys to the participating countries.
Finally, the e-Passport infrastructure makes use what is known as the "Radio-Frequency Identification" Protocol, also known as the "RFID." This is what enables for the communications and data transmissions to take place. In fact, the microchip of the e-Passport consists of a miniature RFID antenna to send information back and forth to the e-Passport Reader.
It should be noted that the RFID Protocol is clear text based, meaning that any data which is transmitted can be very easily captured and deciphered by a malicious third party with the appropriate network sniffing tools.
The Security Vulnerabilities Associated with The e-Passport
Given the size and complexity of an e-Passport infrastructure, it also is prone to many types of Cyber based attacks.
The following are examples of some of the security vulnerabilities associated with it:
This occurs when a newly issued e-Passport contains the Biometric information and data from either a stolen or a hijacked e-Passport.
This type of attack occurs when a hacker can gain access to the Biometric Templates when they are being transmitted from the RFID antennae to the e-Passport reader.
With this, the Biometric information and data which is stored in the microchip can literally be "skimmed" off if the hacker possesses a very sophisticated type of network sniffing device.
Denial of Service Attacks:
This can happen when the servers which are networked to the e-Passport reader become heavily bombarded with meaningless network traffic and/or malformed data packets. As a result, the servers either become crippled or totally non-functioning.
Man in the Middle Attacks:
This happens when an attacker is in the direct line of communication between the microchip and the e-Passport reader, in an attempt to hijack any easily accessible information and data.
No Key Revocation:
One of the cardinal rules of a PKI network base is to keep both the Public and Private Keys refreshed during random or differing intervals. However, in the case of an e-Passport infrastructure, the refreshment occurs very infrequently. For example, this may not happen until every ten years or so. As a result, these keys can become "stale" and are easily guessed by the attacker.
To help combat some of these Cyber-based threats, two types of protocols were created specifically for the e-Passport infrastructure. These are known as the "Chip Authentication Protocol" and the "Reader Authentication Protocol." With the former, the line of wireless communications between the RFID antennae and the e-Passport reader is automatically reset in between the identification of individuals. With the latter, only valid and authentic e-Passports can be processed.
Summary and Conclusions
This article has examined the overall view of an e-Passport infrastructure. It can also be referred to as the "Biometric Passport" as well because the microchip of the e-Passport can contain at least three or even more different types of Biometric Templates.
Although other types of security information can be contained about the individual (such as biographical data), it is the Biometric Templates which are the most widely used.
As it was also reviewed, the e-Passport infrastructure is prone to different types of Cyber based attacks. This is primarily due to its many components and heavy reliance upon a networked configuration. In this regard, conducting different types of Penetration Testing will also be very important, especially when it comes to discovering any hidden or unforeseen security holes and vulnerabilities.
The areas which need to be thoroughly Penetration Tested are as follows:
The durability of the infrastructure:
The systems which are involved in an e-Passport infrastructure must be designed and made so that they last for a long time.
The security of the infrastructure:
All relevant networking protocols which are involved in the transmission of information and data and in the identification of the individual must be as hacker proof as possible. They must be tested on an almost daily basis. This also includes testing the microchip design, the RFID protocol, and the Logical Directory Structure.
The functionality and the processes of the infrastructure:
The entire e-Passport infrastructure must be designed and implemented so that in the face of a Cyber based attack, all of the associated processes and functionalities can revert to their backup systems in just a matter of minutes, to ensure 24 X 7 X 365 continuity. In this regard, any backup/recovery and disaster recovery plans must be thoroughly tested.