Alliance: E-passports secure
- By Brian Robinson
- Aug 09, 2006
The Smart Card Alliance has refuted recent claims of techniques that can make it easier to copy data contained in e-passports, threatening the security of the new program.
Those reports “demonstrate a lack of understanding of how the multiple security layers in place at the U.S. border work in the new e-passport system,” said Randy Vanderhoof, executive director of the alliance.
Lukas Grunwald, chief technology officer at DN-Systems Enterprise Internet Solutions, a German security consulting firm, demonstrated at last week’s Black Hat conference in Las Vegas what he said was a relatively simple way to clone the data held in the e-passport’s chip using a program he had developed after studying the e-passport standards set by the United Nations’ International Civil Aviation Organization.
That would allow him or others to produce a passport that looked the same as the original, though he said the digital signature used to authenticate the data on the chips prevented anyone from changing the data.
However, Vanderhoof said people should not be concerned about the security of the new passports or the privacy of the data contained in them.
The printed information in the passport, including the holder’s photograph, is stored digitally in the chip, and border control agents scan that data and display it on a screen. If the data on the screen and the person presenting the passport don’t match, it will be apparent immediately.
Also, Vanderhoof said, the data on the chip can’t be changed or manipulated, and the e-passport’s design requires that it be given to border agents and opened before any information stored on the chip is communicated. Then a unique code printed on the inside of the passport cover has to be optically scanned before the communication is allowed.
The information exchanged between the reader and the e-passport chip is also encrypted, Vanderhoof said.
Together, these capabilities mean that no one could use a lost or stolen passport, or even a copy of one, to enter the United States illegally, he said.
All new passports that will be issued starting in 2007 are expected to include the electronic capabilities.
Brian Robinson is a freelance writer based in Portland, Ore.