e-passports: origin and future barry j. kefauver oas workshop san salvador june 9, 2008
TRANSCRIPT
E-Passports:Origin and Future
Barry J. KefauverBarry J. Kefauver
OAS WorkshopOAS Workshop
San SalvadorSan Salvador
June 9, 2008June 9, 2008
Current Status There are over 40 countries issuing chip-based There are over 40 countries issuing chip-based
passportspassports More than 50% of the world’s passports are now More than 50% of the world’s passports are now
chip-basedchip-based There remain over 50 countries that need to develop There remain over 50 countries that need to develop
machine-readable passport programs before the machine-readable passport programs before the April 2010 deadlineApril 2010 deadline
Work continues to refine and enhance, but Work continues to refine and enhance, but implementations go quite wellimplementations go quite well
The ICAO TAG met in May and decided on a work The ICAO TAG met in May and decided on a work program for the coming several yearsprogram for the coming several years
Fundamental Truth vs Urban Myth
14443 and 180006c/Gen 214443 and 180006c/Gen 2 SkimmingSkimming - - Reading the electronic data in an IC chip surreptitiously with a reader Reading the electronic data in an IC chip surreptitiously with a reader
in the vicinity of the travel document.in the vicinity of the travel document. EEavesdroppingavesdropping - - When data from an IC chip are intercepted by an intruder while it is When data from an IC chip are intercepted by an intruder while it is
being read from an authorized reader.being read from an authorized reader. CloningCloning - Copying the data that has been placed on a chip- Copying the data that has been placed on a chip - “Although he can clone the tag, (the hacker) says it's not possible, as far - “Although he can clone the tag, (the hacker) says it's not possible, as far
as he can tell, to change data on the chip, such as the name or birth date, as he can tell, to change data on the chip, such as the name or birth date, without being detected. That's because the passport uses cryptographic without being detected. That's because the passport uses cryptographic hashes to authenticate the data.”hashes to authenticate the data.”
Shielding and the Faraday cageShielding and the Faraday cage
Testing History Canberra, Australia Morgantown, West Virginia, USA - A very significant event - Participants Sydney, Australia - Improved, but much work to be done Laboratory testing at US NIST Several other operational tests, e.g. BWI, Tsukuba, Berlin - Each one reflected improved interoperability
The So-What Test
Pragmatics of mischiefPragmatics of mischief
- Distance - Distance
- Power- Power
- Visibility- Visibility At what price?At what price? And then “what” do you have?And then “what” do you have?
Biometrics
The only reason why we have a chipThe only reason why we have a chip The early days post 9/11The early days post 9/11 Evolution to the presentEvolution to the present Germany launched fingerprint November Germany launched fingerprint November
20072007 Coming challengesComing challenges
Not Just a Chip
The e-passport is everything that non-e passports are, but in addition, with a chip
Inks OVD’s of many hues and flavors Paper and accompanying measures to protect Watermarks of various technologies Security printing Many other physical features
False News Makes For Headlines
We broke the Dutch PassportWe broke the Dutch Passport There were only politicians who drafted There were only politicians who drafted
93039303 JPEG 2000 flaw crashes any readerJPEG 2000 flaw crashes any reader Belgian passport failsBelgian passport fails UK passport not for its purposeUK passport not for its purpose E-passport is a “beacon” for terroristsE-passport is a “beacon” for terrorists
New Initiatives
Information and data sharing, real time communications Information and data sharing, real time communications capabilitycapability
Centralized civil registry databasesCentralized civil registry databases Shift from counterfeits to fraudulent genuinesShift from counterfeits to fraudulent genuines Numerous online enrollment and other-services programs Numerous online enrollment and other-services programs
are being deployedare being deployed A need for standards to smooth informationA need for standards to smooth information gathering and sharing prior to departure gathering and sharing prior to departure Identity theft has captured worldwide attention and Identity theft has captured worldwide attention and
concernconcern
So---Now What
The story needs to be toldThe story needs to be told What it does FOR you rather than TO youWhat it does FOR you rather than TO you Now is the time to tell the biometrics storyNow is the time to tell the biometrics story
