Anything to declare?
The main impulse for e-passports is security. As the British passport authority says on its website: “The increasing threat of identity fraud means we must strengthen security features.” By including a digital version of biometric details in the passport, the aim is to ensure that no-one else will be able to use it.
In addition, the e-passport will allow automated immigration and simpler visa procedures, and add to the convenience of travel.
But people are a bit worried about e-passports. They worry mainly about the passport’s RFID chip, which allows contactless reading. Most of their concerns are exaggerated. For example, it isn’t possible for someone to stand near immigration control and read everyone’s passport as they file by.
Long expiration date
Standards for e-passports have been set by the International Civil Aviation Organization (ICAO). The information traditionally found on the biographical page, such as name and date of birth, as well as the photo, are digitized and encoded into hashes (Hash codes, or simply hashes, are the values returned when large amounts of data are converted). The sum of the hashes is itself hashed. These hashes, and the original data to which they refer, can only be read if the reader has access to a key.
“Cryptographic technology does decay over time,” says Tim Moses, director of Advanced Security Technology at Entrust, which provides software security for e-passports, “but the cryptography is absolutely sound today.” Industry estimates suggest that this cryptography is safe until at least 2030, which will see the current e-passports safely through their ten-year life.
The current technology is already a second generation, dealing with weaknesses in the first. The new passports can authenticate the terminal, so that unauthorized readers can’t eavesdrop, and encryption and certification have been improved, making it possible to include fingerprints or iris patterns in the digitized information. These additional biometrics are being rolled out now.
But there are critics: Lukas Grunwald is a name which makes many e-passport professionals see red. Indeed, in a recent issue of the ICAO’s MRTD Report, security consultant Barry Kefauver describes Grunwald as “irrational,” accusing him of making “one unfounded claim after another.”
Grunwald, CTO at German security company DN-Systems Enterprise Internet Solutions, has cloned a chip, which in itself is of little danger, since the information on the chip continues to relate to the holder. But he also claims to have introduced code on the cloned chip which has crashed readers, and he says that means one could introduce malware which could hijack terminals. “You could instruct the reader to let in the next five people – your fellow terrorists – and then block everyone else,” he suggests.
The official key
Tim Moses recognizes that such a scenario is theoretically possible, but considers that it couldn’t happen in practice. “Any terminal at a border post should be designed not to execute code,” he says. “Any terminal which didn’t do that would be very lax.”
Terminals check digital keys against a list of official keys provided by issuing authorities, but this isn’t working properly yet. The ICAO operates its own Public Key Directory (PKD) and countries feed their public keys to it, changing them several times a year to keep ahead of the hackers. But that requires trust, and trust between countries is by no means universal. Very few countries have joined that list.
Grunwald believes that lack of trust will continue to prevent the proper exchange of keys, but, in an attempt to deal with this, the ICAO has introduced a new concept, under which countries may publish the certificates they have gathered through bilateral agreements on a Master List. But until then, many border posts are reading passports without using the most secure authorization processes.
Moses admits that the problem hasn’t been solved yet. “If keys are not managed appropriately,” he says, “then sound cryptography does not help. But it’s recognized as an issue, and it’s not being ignored.”
In the end, Moses says the main threat to e-passports is the same as in all fields of security: “The weakest point is usually human involvement.”
Most experts, both supporters and critics, agree that the main risks are in the procedures rather than in the technology itself. But there is one secure backup: the immigration official, who looks carefully at the picture and compares it with the holder, noticing whether he looks particularly nervous today.