IBM Research Report Preventing Security and Privacy Attacks on Machine Readable Travel Documents (MRTDs)

After the tragic terror attacks of 9/11, the U.S. Congress resolved to bring about a major overhaul of the immigration process at border posts by passing the Enhanced Border Security and Visa Entry Reform Act of 2002. Section 303(c) of that act requires that countries that participate in the US Visa Waiver Program (VWP) have a program to issue machine readable passports that are tamper resistant and incorporate biometric and document authentication identifiers. In the interest of international reciprocity, the U.S. will issue similar machine readable passports to U.S. citizens. The Technical Advisory Group of the International Civil Aviation Organization (TAG/ICAO) has issued specifications for the deployment of Machine Readable Travel Documents (MRTD) that are equipped with a smart card processor for the purposes of biometric identification of the holder. Some countries, such as the United States, intend to issue machine readable passports that serve only as passports. Other countries, such as the United Kingdom, intend to issue more sophisticated multi-application passports that can also serve as national identity cards. We have conducted a detailed security analysis of these specifications, and we present the results in this paper. We also illustrate possible, hypothetical scenarios that in turn, could cause a compromise in the security and privacy of holders of such travel documents. Finally, we suggest improved cryptographic protocols and high-assurance smart card operating systems to prevent these compromises and to support electronic visas as well as passports.

[1]  Paul A. Karger,et al.  A New Mandatory Security Policy Combining Secrecy and Integrity , 2000 .

[2]  Satoshi Hoshino,et al.  Impact of artificial "gummy" fingers on fingerprint systems , 2002, IS&T/SPIE Electronic Imaging.

[3]  Tsutomu Matsumoto Gummy and conductive silicone rubber fingers: Importance of vulnerability analysis , 2002 .

[4]  Ahmad-Reza Sadeghi,et al.  Secure object identification: or: solving the Chess Grandmaster Problem , 2003, NSPW '03.

[5]  B. Gladman,et al.  Security Engineering: a Guide to Building Dependable Distributed Systems Physical Tamper Resistance 14.1 Introduction , 2022 .

[6]  Raymond N. J. Veldhuis,et al.  Practical Biometric Authentication with Template Protection , 2005, AVBPA.

[7]  P A Karger,et al.  SECURITY AND PRIVACY THREATS TO ITS , 1995 .

[8]  R.K. Guy,et al.  On numbers and games , 1978, Proceedings of the IEEE.

[9]  Hugo Krawczyk,et al.  Authenticating Mandatory Access Controls and Preserving Privacy for a High-Assurance Smart Card , 2003, ESORICS.

[10]  Ross J. Anderson,et al.  Combining cryptography with biometrics effectively , 2005 .

[11]  William A. Arbaugh,et al.  Real 802.11 Security: Wi-Fi Protected Access and 802.11i , 2003 .

[12]  Hugo Krawczyk,et al.  SIGMA: The 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and Its Use in the IKE-Protocols , 2003, CRYPTO.

[13]  David A. Wagner,et al.  Security and Privacy Issues in E-passports , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[14]  Rafail Ostrovsky,et al.  Secure Remote Authentication Using Biometric Data , 2005, EUROCRYPT.

[15]  Hugo Krawczyk,et al.  Security issues in a CDPD wireless network , 1995, IEEE Wirel. Commun..

[16]  Axel Schairer,et al.  Verification of a Formal Security Model for Multiapplicative Smart Cards , 2000, ESORICS.

[17]  Anil K. Jain,et al.  Audio- and Video-Based Biometric Person Authentication: 5th International Conference, AVBPA 2005, Hilton Rye Town, NY, USA, July 20-22, 2005, Proceedings (Lecture Notes in Computer Science) , 2005 .

[18]  Samy Bengio,et al.  Special Uses and Abuses of the Fiat-Shamir Passport Protocol , 1987, CRYPTO.

[19]  Edgar A. Whitley,et al.  The identity project: an assessment of the UK Identity Cards Bill and its implications , 2005 .

[20]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[21]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[22]  Yvo Desmedt,et al.  Identification Tokens - or: Solving the Chess Grandmaster Problem , 1990, CRYPTO.

[23]  N Nazario Standard Security Label for Information Transfer | NIST , 1994 .

[24]  Hugo Krawczyk,et al.  Security Analysis of IKE's Signature-Based Key-Exchange Protocol , 2002, CRYPTO.