Alliance: E-passports secure

The Smart Card Alliance has refuted recent claims of techniques that can make it easier to copy data contained in e-passports, threatening the security of the new program.

Those reports “demonstrate a lack of understanding of how the multiple security layers in place at the U.S. border work in the new e-passport system,” said Randy Vanderhoof, executive director of the alliance.

Lukas Grunwald, chief technology officer at DN-Systems Enterprise Internet Solutions, a German security consulting firm, demonstrated at last week’s Black Hat conference in Las Vegas what he said was a relatively simple way to clone the data held in the e-passport’s chip using a program he had developed after studying the e-passport standards set by the United Nations’ International Civil Aviation Organization.

That would allow him or others to produce a passport that looked the same as the original, though he said the digital signature used to authenticate the data on the chips prevented anyone from changing the data.

However, Vanderhoof said people should not be concerned about the security of the new passports or the privacy of the data contained in them.

The printed information in the passport, including the holder’s photograph, is stored digitally in the chip, and border control agents scan that data and display it on a screen. If the data on the screen and the person presenting the passport don’t match, it will be apparent immediately.

Also, Vanderhoof said, the data on the chip can’t be changed or manipulated, and the e-passport’s design requires that it be given to border agents and opened before any information stored on the chip is communicated. Then a unique code printed on the inside of the passport cover has to be optically scanned before the communication is allowed.

The information exchanged between the reader and the e-passport chip is also encrypted, Vanderhoof said.

Together, these capabilities mean that no one could use a lost or stolen passport, or even a copy of one, to enter the United States illegally, he said.

All new passports that will be issued starting in 2007 are expected to include the electronic capabilities.

About the Author

Brian Robinson is a freelance writer based in Portland, Ore.

Featured

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.