Alliance: E-passports secure

The Smart Card Alliance has refuted recent claims of techniques that can make it easier to copy data contained in e-passports, threatening the security of the new program.

Those reports “demonstrate a lack of understanding of how the multiple security layers in place at the U.S. border work in the new e-passport system,” said Randy Vanderhoof, executive director of the alliance.

Lukas Grunwald, chief technology officer at DN-Systems Enterprise Internet Solutions, a German security consulting firm, demonstrated at last week’s Black Hat conference in Las Vegas what he said was a relatively simple way to clone the data held in the e-passport’s chip using a program he had developed after studying the e-passport standards set by the United Nations’ International Civil Aviation Organization.

That would allow him or others to produce a passport that looked the same as the original, though he said the digital signature used to authenticate the data on the chips prevented anyone from changing the data.

However, Vanderhoof said people should not be concerned about the security of the new passports or the privacy of the data contained in them.

The printed information in the passport, including the holder’s photograph, is stored digitally in the chip, and border control agents scan that data and display it on a screen. If the data on the screen and the person presenting the passport don’t match, it will be apparent immediately.

Also, Vanderhoof said, the data on the chip can’t be changed or manipulated, and the e-passport’s design requires that it be given to border agents and opened before any information stored on the chip is communicated. Then a unique code printed on the inside of the passport cover has to be optically scanned before the communication is allowed.

The information exchanged between the reader and the e-passport chip is also encrypted, Vanderhoof said.

Together, these capabilities mean that no one could use a lost or stolen passport, or even a copy of one, to enter the United States illegally, he said.

All new passports that will be issued starting in 2007 are expected to include the electronic capabilities.

About the Author

Brian Robinson is a freelance writer based in Portland, Ore.

Featured

  • Cybersecurity
    CISA chief Chris Krebs disusses the future of the agency at Auburn University Aug. 22 2019

    Shared services and the future of CISA

    Chris Krebs, the head of the Cybersecurity and Infrastructure Security Agency at DHS, said that many federal agencies will be outsourcing cyber to a shared service provider in the future.

  • Telecom
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA softens line on looming EIS due date

    Think of the September deadline for agencies to award contracts under the General Services Administration's $50-billion telecommunications contract as a "yellow light," said GSA's telecom services director.

  • Defense
    Shutterstock photo id 669226093 By Gorodenkoff

    IC looks to stand up a new enterprise IT program office

    The intelligence community wants to stand up a new program executive office to help develop new IT capabilities.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.