Results: RFID and Identity Management in everyday life - ITAS
Results: RFID and Identity Management in everyday life - ITAS
Results: RFID and Identity Management in everyday life - ITAS
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Case ID 23, level 3<br />
Title Passport<br />
Researcher Sil Wijma<br />
Tim<strong>in</strong>g 2006<br />
Geography Europe<br />
Environment Border control, identification<br />
Case #23: the European Biometric Passport<br />
Technology Passport with <strong>RFID</strong> tag, 13,56 MHz, different readers.<br />
Maturity Pilot<br />
Function Identification<br />
Owner Different European countries<br />
Ma<strong>in</strong>ta<strong>in</strong>er International Civil Aviation Organization (ICAO)<br />
Users Citizens<br />
Other actors Different governments, different manufacturers (Philips, Oberthur Card Systems, Setec, etc.),<br />
European Union <strong>and</strong> different consumer organisations such as Bits of Freedom (BOF).<br />
Case story <strong>RFID</strong> passport <strong>in</strong> Europe<br />
European countries are <strong>in</strong>troduc<strong>in</strong>g <strong>RFID</strong>-tags <strong>in</strong> passports to improve security of the passports. This<br />
is partly because of dem<strong>and</strong>s from the USA to store biometric data on the passport <strong>and</strong> because of<br />
the wish to improve the security of the passports. Nations participat<strong>in</strong>g <strong>in</strong> the U.S. Visa Waiver<br />
Program have to implement new passports with biometric features that support facial recognition.<br />
Biometric data such as a digital photo is therefore stored on the passport-chip. The ma<strong>in</strong> target of<br />
this is to prevent look alike fraud. The International Civil Aviation Organization (ICAO) has developed<br />
st<strong>and</strong>ards for the use of biometric data <strong>in</strong> passports [31]. The ICAO is busy with the possible use of<br />
biometric data s<strong>in</strong>ce 1997 [30].<br />
The ICAO decided <strong>in</strong> May 2003 to use facial recognition <strong>in</strong> travel documents [30]. The European<br />
Union followed <strong>in</strong> September 2003 with the decision to use a photograph <strong>and</strong> two f<strong>in</strong>gerpr<strong>in</strong>ts [30].<br />
The technical specifications were determ<strong>in</strong>ed on the 28th of February 2005 [35]. At first only digital<br />
photographs will be saved on the chip <strong>in</strong>side the passports. Later additional biometric data can be<br />
added, such as f<strong>in</strong>gerpr<strong>in</strong>ts, DNA-profiles <strong>and</strong> iris-scans. Add<strong>in</strong>g f<strong>in</strong>gerpr<strong>in</strong>ts was more difficult then<br />
first thought <strong>and</strong> therefore all European Countries have to store f<strong>in</strong>gerpr<strong>in</strong>ts on the chip <strong>in</strong>side the<br />
passports from the 28th of June 2009 [23]. There are different uses of the biometric passports:<br />
verification (one to one), identification (one to many) <strong>and</strong> screen<strong>in</strong>g [27].<br />
The European Union first wanted biometric passports to be <strong>in</strong>troduced <strong>in</strong> January 2005, but delays<br />
occurred. The first country to use the biometric passports was Belgium that issues the passports<br />
s<strong>in</strong>ce November 2004 [different chip?]. Germany followed <strong>in</strong> November 2005 [20].<br />
One of the ways the data on a passport is secured is ‘basic access control’ (BAC). This is a way to<br />
prevent skimm<strong>in</strong>g. Some <strong>in</strong>formation of the passport <strong>and</strong> its holder is summarized <strong>in</strong> a Mach<strong>in</strong>e<br />
Readable Zone (MRZ). The MRZ consists of two l<strong>in</strong>es of optically readable text with (among other<br />
data) the name of the holder <strong>and</strong> passport number. A reader has to read the MRZ before be<strong>in</strong>g able<br />
to retrieve data from the chip <strong>in</strong>side the passport [26]. This means a passport has to be opened to be<br />
read. Basic access control is important although it is then questionable why a contact less chip is<br />
needed. Researchers also found out that some <strong>in</strong>formation on the passport chip is retrievable without<br />
access to the MRZ [26]. Because of this there are ideas to use metal to prevent any reader from<br />
access<strong>in</strong>g the chip <strong>in</strong> the passports. The USA for example uses metal fibres <strong>in</strong> the front cover <strong>in</strong><br />
order to prevent unauthorised read<strong>in</strong>g [48].<br />
When access to the chip is granted <strong>in</strong>formation will be exchanged. This <strong>in</strong>formation<br />
exchange between chip <strong>and</strong> reader is secured (secure messag<strong>in</strong>g). This means the <strong>in</strong>formation is<br />
encrypted <strong>and</strong> uses a message authentication code (MAC) [26]. Further the <strong>in</strong>tegrity of the data on<br />
the chip is checked with Passive Authentication (PA) <strong>and</strong> Active Authentication (AA) further prevents<br />
clon<strong>in</strong>g. But there are reports that the passports can be cloned, although it was not possible to alter<br />
47