To protect passport holder privacy the optional Basic Access Control (BAC) mechanism was designed. This mechanism requires an inspection system to use symmetric encryption on the radio interface. The key for this encryption is static and derived from three primary properties of the passport data: 1) date of birth of holder; 2) expiry date of the passport; 3) the passport number. This data is printed in the Machine Readable Zone (MRZ) a bottom strip (see figure Figure 3) of one of the passport pages. In a normal access procedure the MRZ data is read first with an OCR scanner. The inspection system derives the access key from the MRZ data and can then set up an encrypted radio communication channel with the chip to read out all confidential data. Although this procedure can be automated it sets high requirements to inspection systems and also impacts inspection performance.
The BAC mechanism does provide some additional privacy protection, but there are two limitations that limit the strength of this mechanism:
- The BAC key is individual but static, and is computed and used for each access. An adversary needs to get hold of this key only once and will from then on always be able to get access to a passportís data. A passport holder may perceive this as a disadvantage considering the possibility that a passport contains dynamic data.
- The BAC key is derived from data that may lack sufficient entropy: the date of expiry is always in a window of less than ten years, the date of birth can often be estimated and the document number may be related to the expiry date.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.