How Safe is the New e-Passport? Ask Around and You Get Varying Perceptions
The Government Accounting Office, for one, believes that better use of electronic passport security features could improve fraud detection. The Department of State has developed a comprehensive set of controls to govern the operation and management of a system to generate and write a security feature called a digital signature on the chip of each e-passport it issues. When verified, digital signatures can help provide reasonable assurance that data placed on the chip by State have not been altered or forged. However, the Department of Homeland Security does not have the capability to fully verify the digital signatures because it has not deployed e passport readers to all of its ports of entry and it has not implemented the system functionality necessary to perform the verification. Because the value of security features depends not only on their solid design, but also on an inspection process that uses them, the additional security against forgery and counterfeiting that could be provided by the inclusion of computer chips on e passports issued by the United States and foreign countries, including those participating in the visa waiver program, is not fully realized. Protections designed into the U.S. e-passport computer chip limit the risks of malicious code being resident on the chip, a necessary precondition for a malicious code attack to occur from the chip against computer systems that read them. GPO and State have taken additional actions to decrease the likelihood that malicious code could be introduced onto the chip.
Concerning the security of e-Passports, two hackers – whose work has been covered extensively on blogs and CNN.com -- showed how a biometric passport issued in the name of long-dead rock ‘n’ roll king Elvis Presley could be cleared through an automated passport scanning system being tested at an international airport. Using a doctored passport at a self-serve passport machine, the hacker was cleared for travel after just a few seconds and a picture of the King himself appeared on the monitor’s display. According to the hackers, “what we did for that chip is create passport content for Elvis Presley and put it on a chip and sign it with our own key for a non-existent country. And a device that was used to read chips didn’t check the country’s signatures.” Fingerprint scans, eye scans and digital photographs are now frequently used with passports to check a traveler’s biometrics — unique physical characteristics that can identify a specific individual. Biometric passports — with data stored on embedded chip — are now standard issue in Europe, the U.S. and a number of other countries
Tweat your observations on e-Passports to http://twitter.com/securitymag
Unique FREE event on March 3, 2010 · 10:00 a.m. - 6:00 p.m.
EST – Jointly sponsored by Security Magazine, SDM Magazine and smartHOME, iSecurity
is an online event designed to put the information you need, the people you
want to network with and the solution providers you want to hear from at your
fingertips. Leveraging the power of our virtual trade show platform with the
unique and vital information from our community of experts and thought leaders,
iSecurity is designed to give you the information you need - FAST.
Register at http://www.sdmmag.com/isecurity2010/HTML/BNP_GUID_9-5-2006_A_10000000000000741662
From your desktop, you'll be able to:
Attend live conference sessions
Chat in real-time with industry experts
View technology demonstrations
Visit exhibits
Download collateral
Network with peers
Register at http://www.sdmmag.com/isecurity2010/HTML/BNP_GUID_9-5-2006_A_10000000000000741662
