Enable screen reader
Recent technological advances have allowed many governments to increase their defenses against threats to national security. One of these new measures is the biometric passport, which has grown out of the necessity to overcome the misuse of paper travel documents. Some of the problems that have been encountered with the use of paper passports are copying and manipulation, selling of valid passports to a third party, and counterfeit or forged passports. Due to the difficulty of discerning a real passport from a fake, agents must undergo extensive training that still does not adequately protect against these threats.
One of the initial attempts to increase border ...view middle of the document...
To verify, a biometric system compares the supplied biometric identifier with the stored reference template on file for the individual. Based on its comparison, the system confirms or denies the individual’s claimed identity. If a match is found, it is likely the person has been identified (Down and Sands 1).
Recent events have spurred global awareness of the need for secure environments, and to this end there are several clear advantages of using biometrics in network security, such as eliminating the use of passwords (which are easily forgotten or obtained by evildoers) and tokens (which are easily lost or stolen). Additionally, the user must be physically present, decreasing the likelihood of an unauthorized user remotely accessing the protected system. These advantages, coupled with an increase in affordable computing performance and a decrease in implementation costs, have afforded biometrics a central role in an ever-increasing number of applications.
The International Civil Aviation Organization (ICAO) has developed standards for securely protecting digitized biometrics of the holder stored in the passport. These specifications currently include one mandatory measure, “passive authentication,” and other optional mechanisms, such as “active authentication” and “basic access control.” See Table 1 for a summary of the mechanisms.
Passive Authentication securely ensures the authenticity of the data stored in the smart card by using a digital signature generated and signed by the issuing nation.
The verification process is performed in the following order:
Retrieve stored biometric data as well as trusted Country Signing CA Certificate from the smart card.
Verify the certificate.
Compute hash values from the data and compare to hash values from issuing nation.
Active authentication authenticates the individual chip using public-key cryptography, thereby
ensuring the passport has not been cloned. The public key is housed on the readable portion of the smart-card, while the private key is stored within secure memory. In this protocol, the inspection system creates a random challenge, which is signed by the private key from inside the smart card. The encrypted message is transmitted back and decrypted using the smart-card’s public key, then compared with the original challenge to determine authenticity.
Basic Access Control also helps reduce the attacks from smart card cloning by blocking access from unauthorized RFID reader. The passport readable zone (or smart card), openly located inside a passport, is used by the card reader to get two types of data:
less-sensitive data (e.g. facial image, easily obtained from other sources) and
sensitive data (e.g. fingerprints, difficult to obtain from other sources)
Optically scanned data, printed on the passport (26 bits, including passport number, date of birth, expired date, and three check digits), is used by the terminal to derive two keys, KENC and KMAC...