With the aim to reduce passport fraud the MRTD specs primarily addressed methods to prove the authenticity of passport and its data, and the passport holder. The technology used for this includes PKI (Public Key Infrastructure), dynamic data signing and biometrics. The latter (biometrics) however is still under discussion and not yet fully crystallized in the specifications.
PKI (Public Key Infrastructure) technology was chosen to prove the authenticity of the passport data. This technology is successfully applied on the internet for e-commerce, and has gained high popularity. Certificate based authentication requires only reading the certificate by the inspection system, which can then use a cryptographic computation to validate the authenticity using the public key of the issuing country. This method is called passive authentication and satisfies with RFID chips without public key cryptographic facilities, since it involves only static data reading. Although the authenticity of the data can be verified, passive authentication does not guarantee the authenticity of the passport itself: it could be a clone (electronically identical copy).
The cloning problem is addressed with an optional signing mechanism called active authentication. This method requires the presence of a asymmetric key-pair and public key cryptographic capabilities in the chip. The public key, signed by the issuing country and verified by passive authentication, can be given to the inspection system, which allows verification of a dynamic challenge signed with the private key. While the private key is well protected by the chip it effectively prevents cloning since the inspection system can establish the authenticity of the passport chip with the active authentication mechanism.
For the incorporation of modern electronic technology in the existing paper documents it was decided to use (contactless) RFID chips. These chips can be embedded in a page of the document and put no additional requirements on the physical appearance of the passport. A question that arises here is whether this is the only reason to apply RFIDs instead of contact based cards. Other reasons could be related to the form factor of contact smart cards which complicates embedding in a passport booklet, or the fact that contacts may be disturbance sensitive due to travel conditions. With the choice for RFID the privacy issue arises. RFIDs can be accessed from distances up to 30 cm, and the radio waves between a terminal and an RFID can be eavesdropped from a few meters distance. An adversary with dedicated radio equipment can retrieve personal data without the passport owner’s consent. This risk is particularly notable in a hostile world where terrorists want to select victims based upon their nationality, or criminals commit identity theft for a variety of reasons.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.