The increasing threat of identity fraud means the government must strengthen the security features in passports. The International Civil Aviation Organization (ICAO) chose facial recognition as the primary biometric with iris and fingerprint as backup. ICAO is a multi-national, transnational organization that sets the standards and rules by which international flights are conducted. One of their top mission priorities is to regulate border crossings by airplane. As such, they have taken on the task of developing the standards which all nations will adhere to when sending or receiving international passengers on flights across their respective borders. The goal of the passport specifications as developed by ICAO are meant, quite simply, to create the most secure document in the world. The use of biometric information to link a person to a passport can help to counter identity fraud. In practice, biometric verification can be used at border controls and to verify the image on a passport renewal application against images held on record. The use of biometric information to link a person to a passport serves a dual role:
o helps to detect counterfeit or manipulated documents
o confirms the identify of the individual
2. Biometric in the passport
2.1. Facial recognition: Facial recognition technology has quietly matured to the point where software can scan live video feeds in real-time, find faces in the video stream, capture them, and match them against photographs in databases in merely a few seconds. Facial recognition maps various features on the face, for example, the distances between eyes, nose, mouth and ears. The measurements are digitally coded and this can then be used for comparison and verification purposes. Biometric technology is perfectly safe as facial biometrics can be taken from a good quality passport photo.
When the person enters a place where he is presumed to volunteer his face for biometric examination, he will be required to remove hats and facial coverings. An e-Passport scanned the passport, pulled the physical image up, scanned the chip and pulled the digital image up, placed the two side by side for comparison, verified they were identical, took a picture of the person standing in front of them, used facial recognition to compare the person to the pictures, all while comparing the pictures to a watch-list database for a match. Four points of comparison keyed on one photograph, with three comparison methods. engaged: visual comparison by the operator, one-to-one match against the photos on the passport, and one-to-many match against the watch-list databases.
3. The Physical e-passport
There are three threats to the security of the e-Passport; forgeries, falsifications, and illegal issuance. Forgeries involve the complete creation of a false passport. Falsifications take an existing legally issued passport and change the data on it. And illegal issuance is to convince the government to actually issue a legal passport to someone they didn’t want to, or to steal blank passports and issue them fraudulently. The substrate of the passport, or the paper, is highly recommended to include several features that you’ll probably recognize from all the Monopoly(TM) money floating around the globe nowadays. UV reactive paper lights up all special and pretty under an ultraviolet lamp. Dual-tone watermarks are difficult for all but the top-end photocopiers to duplicate. Chemical reactions like those special pens they use to check a $20 can be built into the paper. Fluorescent fibers, colored flecks, and plastic threads are all options to make it difficult to reproduce legitimate looking passport paper.
The printing on the passport is also subject to a wide variety of security methods. These include background art and text, often in rainbow colored print. There can be UV printing that is invisible to the naked eye but shows up clearly under the same UV lamp. Micro printing and printed watermarks are also included. In addition, today’s printing techniques allow all of the above to be personalized to the passport. So there could be the bearer’s name micro-printed or UV-printed into the paper. Or perhaps the background art includes a UV version of the photograph. Personalization makes it impossible to get a generic template for the printer to run off a bunch of legitimate looking passports, because each one must be customized. And printing the data for the passport is not printing on the paper, but into the paper, laminate, or plastic. The result is that an ink-jet printed passport actually has ink injected into the substrate. Laser engraving into the laminate offers the same challenges, particularly when that laser engraving is personalized.
4. RFID Chip
Radio Frequency Identification (RFID) is an automatic identification method, relying on storing and remotely retrieving data using devices called RFID tags or transponders. Chip-based RFID tags contain silicon chips and antennae. The International Standards Organization has specification 14443 for contact-less chip design for identification. It is a radio-frequency ID chip, that’s the contact-less part. Mandatory minimum data size is 32K. ICAO has specified the LDS, or Logical Data System so that all countries will implement data on the chip the same way. The LDS consists of 16 data groups. And here they are:
4.1. MRZ – the same data that is in the Machine Readable Zone visible on the passport.
4.2. Facial image sample – this is the mandatory digital photograph sample to be used for facial recognition. Usually about 20K in size.
4.3. Fingerprint image sample – Optional storage for fingerprint biometrics, should the issuing country choose to include it.
4.4. Iris image sample – Optional storage for iris biometrics, should the issuing country choose to include it.
4.5. Secondary facial image storage – Optional storage of a second image. This is for profile images, angled images.
4.7. Signature image storage – Optional image of the bearer’s signature.
4.8. Substrate security features – Optional. This tells a chip reader what security measures to look for in the paper
4.9. Data structure security features – Optional. This tells a chip reader what security measures to look for in the data structure.
4.10. Data security features – Optional. This tells a chip reader what security measures to look for in the data itself.
4.11. Additional personal details – Optional name, alias, address, or document numbers.
This is stored in national characters (whereas the rest of the document is stored in the Latin alphabet).
4.12. Additional details about the document – Issuing agency, issue date, image of the document, observations, and amendments.
4.13. Optional data field – Anything the country wants to put here.
4.15. Active Authentication Public Key – (in the future, this will be used to verify an authorized reader is attempting to access the chip).
4.16. Emergency contact information – People to contact in case of emergency and their contact information.
The data on a passport includes a hash value of the data in the MRZ (Machine Readable Zone). A hash takes a string of characters and performs a calculation on them to get the hash value. For example, if we say each letter of the alphabet’s numeric value is its position, A = 1, B = 2, C = 3, and we have a hash formula of +4, then the hash value of “ABD” = 568, because A (1) + 4 = 5, and B (2) + 4 = 6. So the passport contains the data, plus the hash value of the data. Next step is to secure the hash value. This is done by encrypting the hash value with a 2048 bit encryption scheme. If you’re familiar with PGP, this stuff is the same. The hash is encrypted with a 2048 bit private key, which can only be unlocked using the appropriate public key. So when a government issues a passport, it calculates the hash value, and then encrypts it with its ultra-secure private key. That private key is recorded in the inaccessible-to-all-but-itself private memory of the chip. When a reader wants to validate a passport, it looks at the data on the passport and applies the hash calculation. Then it takes the country’s public key and uses it to try and open the encrypted hash value stored in the passport. The chip matches the public key presented by the reader to the private key stored in secured memory and if they match, decrypts the hash value.
The reader then compares the two hash values to see if they match. The public keys are shared among the issuing countries and to ICAO in what is called the Public Key Directory (PKD). This is a wide open directory of keys and anyone can download all the keys.
5. Is the biometric passport secure?
The new biometric passport has many new security features including a chip. The new design will be harder to forge, the new security features will show if the passport is genuine or that it has been tampered with and the facial biometrics on the chip will help link the passport holder to the document. The data on the chip (your photo and personal information as printed on page 31 of the passport) will be protected against skimming and eavesdropping, through the use of advanced digital encryption techniques. The chip will complement the security features currently inherent in the passport, including the ‘machine readable zone’ (found on the personal data page of the passport).
6. How is the biometric passport protected?
The chip in the new biometric e-Passport is part of a suite of new security features to help fight passport fraud and forgery. It is protected through three layers of security:
1.A digital signature to show the encoded data is genuine and which country has issued the passport.
2.A protection against unauthorized readings (“skimming”) through Basic Access Control, a secure access protocol.
The data will be locked down using a Public Key Infrastructure (PKI), which provides protection against encoded data being changed. PKI is a digital encryption technology, which enables validation of the data as being genuine.