Biometric Passport: Security and Privacy Aspects of Machine Readable Travel Documents

Authors: Hesam Kolahan, Tejendra Thapaliya

Supervisor: Prof. Andreas Meier, Luis Teran

Download PDF: Here

 

Biometric Passports

Abstract

E-passports are widely deployed in most of the developed countries that stores the biometric information on a tiny Radio Frequency Identification (RFID) chip. The stored information is used to authenticate the identity of individual via wireless interface to reader. E-passport uses two technologies, RFID and Biometrics. The objective of the e-passport is to provide strong authentication, prevent identity fraud issues and border control. Even though, Biometrics is advanced authentication mechanism, it leads to many privacy and security issues. Major privacy and security issues on RFID chips were identified and analyzed. Similarly, Biometric security threats that applied to e-passport have been analyzed and some recommendations were provided. Cryptography technology and several protocols are used to countermeasure the threats and attacks.  Due to increase in standard of attack level and insufficient specification for e-passports are creating difficulties in providing security goals.

 

Table of Contents

1.      Introduction
1.1.       Objective and Problem Definition
2.      Biometrics
2.1.       Machine Readable Travel Document (MRTD)
2.2.       E-Passport
2.3.       Radio Frequency Identification (RFID)
2.4.       Chip Inside Symbol
3.      Privacy and Security Issues
3.1.       Eavesdropping
3.2.       Reverse Engineering
3.3.       Clandestine Scanning and Tracking
3.4.       Cloning
3.5.       Biometric Data-Leakage
3.6.       Cryptographic Weaknesses
3.7.       Skimming
4.      Biometric System Model
5.      Biometric Security Threats
6.      Cryptography in e-passports
6.1.       The ICAO specification
6.2.       Passive Authentication (PA)
6.3.       Active Authentication (AA)
6.4.       Basic Access Control (BAC)
6.5.       Extended Access Control (EAC)
6.6.       Cryptography Threats
7.      Discussions on Security and privacy risks with the E-Passport
8.      Recommendation
9.      Conclusion
10.    References

 

References

[1] ICAO. Doc 9303 Part III Volume I, http://www2.icao.int/en/MRTD/Downloads/Doc 9303/Doc 9303 English/Doc 9303 Part 3 Vol 1.pdf, 3rd edition 2008.

 [2] ICAO. Doc 9303 Part I Volume I, http://www2.icao.int/en/MRTD/Downloads/Doc 9303/Doc 9303 English/Doc 9303 Part 1 Vol 1.pdf, 6th edition 2006.

[3] ICAO. Doc 9303 Part I Volume II, http://www2.icao.int/en/MRTD/Downloads/Doc 9303/Doc 9303 English/Doc 9303 Part 1 Vol 2.pdf, 6th edition 2006.

[4] ICAO. Request For Information (RFI) 2007/2008, Technical report, Technical Advisory Group on Machine Readable Travel Documents, Canada, March 2007.

[5] ICAO. Doc 9303 Part III Volume II, http://www2.icao.int/en/MRTD/Downloads/Doc 9303/Doc 9303 English/Doc 9303 Part 3 Vol 2.pdf, 3rd edition 2008.

[6] G. Davida, Y. Desmedt. Passports and Visas Versus IDs, In Advances in Cryptology EUROCRYPT’88, Davos, Switzerland, Lecture Notes in Computer Science 330, pp. 183–188, Springer-Verlag, 1988.

[7] G. Davida, Y. Desmedt. Passports and Visas Versus IDs, Journal of Cryptology, vol. 11, pp. 253–258, 1992.

[8] Radio Frequency Identification, SearchNetworking.com RFID, http//searchnetworking.techtarget.com/sDefinition,290660,sid7_gci80598700.html – Bing, 2010.

[9] A. Juels, D. Molnar, and D. Wagner, Security and Privacy Issues in E-passports, Proc. of the First Int. Conf on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM05), p.74-88, September 05-09, 2005.

[10] M.R. Rieback, B. Crispo, and A.S. Tanenbaum, The evolution of RFID security, IEEE Pervasive Computing, vol. 5(1): 62-69, 2006.

[11] M. Barni, T. Bianchi, D. Catalano, M. D. Raimondo, R. D. Labati, P. Failla, D. Fiore, R. Lazzeretti, V. Piuri, F. Scotti, and A. Piva, Privacy-Preserving Fingercode Authentication, In The 12th ACM, Workshop on Multimedia and Security (MM&Sec10), Rome, Italy, Sept 2010.

[12] M. Abid and H. A??, Towards a Secure e-Passport Protocol Based on Biometrics, Journal of Information, Assurance and Security (JIAS) (Special Issue on Access Control and Protocols), 4(4):338–345, 2009.

[13] N. Ratha, J. H. Connell, and R. M. Bolle, An analysis of minutiae matching strength, In Proc. Audio and Video-based Biometric Person Authentication (AVBPA), volume 5306, pages 223– 228, 2001.

[14] T. Putte and J. Keuning, Biometrical ?ngerprint recognition: don’t get your ?ngers burned, In Proc. IFIP TC8/WG8.8, Fourth Working Conf. Smart Card Research and Adv. App., pages 289 –303, 2000.

[15] D. Maltoni, D. Maio, A. K. Jain, and S. Prabhakar, Handbook of Fingerprint Recognition, Springer, 2003.

[16] Department of State, 22 CFR Part 51, Public Notice 4993, RIN 1400-AB93, Electronic Passport, Federal Register, 70(33), Action: Proposed Rule. http://a257.g.akamaitech.net/7/257/2422/01jan20051800/edocket.access.gpo.gov/2005/05-3080.htm, 18 February 2005.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>