Biniam (ቢንያም ይባልህ) A biometric passport, also known as an e-passport, ePassport or a digital passport, is a combined paper and electronic passport
A biometric passport, e-passport, ePassport or a digital passport, is a combined paper and electronic passport
|Biniam Yibaleh BINIAM|
A biometric passport, also known as an e-passport, ePassport or a digital passport, is a combined paper and electronic passport that contains biometric information that can be used to authenticate the identity of travelers. It uses contactless smart card technology, including a microprocessorchip (computer chip) and antenna (for both power to the chip and communication) embedded in the front or back cover, or center page, of the passport. Document and chip characteristics are documented in the International Civil Aviation Organization's (ICAO) Doc 9303. The passport's critical information is both printed on the data page of the passport and stored in the chip. Public Key Infrastructure (PKI) is used to authenticate the data stored electronically in the passport chip making it expensive and difficult to forge when all security mechanisms are fully and correctly implemented.
The currently standardized biometrics used for this type of identification system are facial recognition, fingerprint recognition, and iris recognition. These were adopted after assessment of several different kinds of biometrics including retinal scan. The ICAO defines the biometric file formats and communication protocols to be used in passports. Only the digital image (usually in JPEG or JPEG2000 format) of each biometric feature is actually stored in the chip. The comparison of biometric features is performed outside the passport chip by electronic border control systems (e-borders). To store biometric data on the contactless chip, it includes a minimum of 32 kilobytes of EEPROM storage memory, and runs on an interface in accordance with the ISO/IEC 14443 international standard, amongst others. These standards intend interoperability between different countries and different manufacturers of passport books.
Some national identity cards (e.g. in the Netherlands, Albania and Brazil) are fully ICAO9303 compliant biometric travel documents. However others, such as the USA passport card, are not.
Biometric passports are equipped with protection mechanisms to avoid and/or detect attacks:
- Non-traceable chip characteristics. Random chip identifiers reply to each request with a different chip number. This prevents tracing of passport chips. Using random identification numbers is optional.
- Basic Access Control (BAC). BAC protects the communication channel between the chip and the reader by encrypting transmitted information. Before data can be read from a chip, the reader needs to provide a key which is derived from the Machine Readable Zone: the date of birth, the date of expiry and the document number. If BAC is used, an attacker cannot (easily) eavesdrop transferred information without knowing the correct key. Using BAC is optional.
- Passive Authentication (PA). PA prevents modification of passport chip data. The chip contains a file (SOD) that stores hash values of all files stored in the chip (picture, fingerprint, etc.) and a digital signature of these hashes. The digital signature is made using a document signing key which itself is signed by a country signing key. If a file in the chip (e.g. the picture) is changed, this can be detected since the hash value is incorrect. Readers need access to all used public country keys to check whether the digital signature is generated by a trusted country. Using PA is mandatory.
- Active Authentication (AA). AA prevents cloning of passport chips. The chip contains a private key that cannot be read or copied, but its existence can easily be proven. Using AA is optional.
- Extended Access Control (EAC). EAC adds functionality to check the authenticity of both the chip (chip authentication) and the reader (terminal authentication). Furthermore it uses stronger encryption than BAC. EAC is typically used to protect fingerprints and iris scans. Using EAC is optional. In the EU, using EAC is mandatory for all documents issued starting 28 June 2009.
- Shielding the chip. This prevents unauthorized reading. Some countries – including at least the US – have integrated a very thin metal mesh into the passport's cover to act as a shieldwhen the passport cover is closed. The use of shielding is optional.
Since the introduction of biometric passports several attacks are presented and demonstrated:
- Non-traceable chip characteristics. In 2008 a Radboud/Lausitz University team demonstrated that it's possible to determine which country a passport chip is from without knowing the key required for reading it. The team fingerprinted error messages of passport chips from different countries. The resulting lookup table allows an attacker to determine from where a chip originated. In 2010 Tom Chothia and Vitaliy Smirnov documented an attack that allows an individual passport to be traced, by sending specific BAC authentication requests.
- Basic Access Control (BAC). In 2005 Marc Witteman showed that the document numbers of Dutch passports were predictable, allowing an attacker to guess/crack the key required for reading the chip. In 2006 Adam Laurie wrote software that tries all known passport keys within a given range, thus implementing one of Witteman's attacks. Using online flight booking sites, flight coupons and other public information it's possible to significantly reduce the number of possible keys. Laurie demonstrated the attack by reading the passport chip of a Daily Mail's reporter in its envelope without opening it. Note that in some early biometric passports BAC wasn't used at all, allowing attacker to read the chip's content without providing a key.
- Passive Authentication (PA). In 2006 Lukas Grunwald demonstrated that it is trivial to copy passport data from a passport chip into a standard ISO/IEC 14443 smartcard using a standard contactless card interface and a simple file transfer tool . Grunwald used a passport that did not use Active Authentication (anti-cloning) and did not change the data held on the copied chip, thus keeping its cryptographic signature valid. In 2008 Jeroen van Beek demonstrated that not all passport inspection systems check the cryptographic signature of a passport chip. For his demonstration Van Beek altered chip information and signed it using his own document signing key of a non-existing country. This can only be detected by checking the country signing keys that are used to sign the document signing keys. To check country signing keys the ICAO PKD can be used. Only 5 out of 60+ countries are using this central database. Van Beek did not update the original passport chip: instead an ePassport emulator was used. Also in 2008, The Hacker's Choice implemented all attacks and published code to verify the results. The release included a video clip that demonstrated problems by using a forged Elvis Presley passport that is recognized as a valid US passport.
- Active Authentication (AA). In 2005 Marc Witteman showed that the secret Active Authentication key can be retrieved using power analysis. This may allow an attacker to clone passport chips that use the optional Active Authentication anti-cloning mechanism on chips – if the chip design is susceptible to this attack. In 2008 Jeroen van Beek demonstrated that optional security mechanisms can be disabled by removing their presence from the passport index file. This allows an attacker to remove – amongst others – anti-cloning mechanisms (Active Authentication). The attack is documented in supplement 7 of Doc 9303 (R1-p1_v2_sIV_0006) and can be solved by patching inspection system software. Note that supplement 7 features vulnerable examples in the same document that – when implemented – result in a vulnerable inspection process.
- Extended Access Control (EAC). In 2007 Luks Grunwald presented an attack that can make EAC-enabled passport chips unusable. Grunwald states that if an EAC-key – required for reading fingerprints and updating certificates – is stolen or compromised, an attacker can upload a false certificate with an issue date far in the future. The affected chips block read access until the future date is reached.
Privacy proponents in many countries question and protest the lack of information about exactly what the passports' chip will contain, and whether they impact civil liberties. The main problem they point out is that data on the passports can be transferred with wireless RFID technology, which can become a major vulnerability. Although this could allow ID-check computers to obtain a person's information without a physical connection, it may also allow anyone with the necessary equipment to perform the same task. If the personal information and passport numbers on the chip are not encrypted, the information might wind up in the wrong hands.
On 15 December 2006, the BBC published an article on the British ePassport, citing the above stories and adding that:
- "Nearly every country issuing this passport has a few security experts who are yelling at the top of their lungs and trying to shout out: 'This is not secure. This is not a good idea to use this technology'", citing a specialist who states "It is much too complicated. It is in places done the wrong way round – reading data first, parsing data, interpreting data, then verifying whether it is right. There are lots of technical flaws in it and there are things that have just been forgotten, so it is basically not doing what it is supposed to do. It is supposed to get a higher security level. It is not."
and adding that the Future of Identity in the Information Society (FIDIS) network's research team (a body of IT security experts funded by the European Union) has "also come out against the ePassport scheme... [stating that] European governments have forced a document on its citizens that dramatically decreases security and increases the risk of identity theft.
Most security measures are designed against untrusted citizens (the "provers"), but the scientific security community recently also addressed the threats from untrustworthy verifiers, such as corrupt governmental organizations, or nations using poorly implemented, unsecure electronic systems. New cryptographic solutions such as private biometrics are being proposed to mitigate threats of mass theft of identity. These are under scientific study, but not yet implemented in biometric passports.
Another concern is that the photograph looks blurry and less clear, as a result of the way it has been prepared.
Transliteration of non-English names
Names containing non-English letters are usually spelled using the local script in the non-machine-readable zone of the passport, but are transliterated according to the standards of theInternational Civil Aviation Organization (ICAO) in the machine-readable zone, e.g. the German umlauts (ä, ö, ü) and the letter ß are transcribed as AE/OE/UE and SS, respectively, thus Müller becomes MUELLER, Groß becomes GROSS, and Größmann becomes GROESSMANN.
The ICAO transcription is mostly used for computer-generated and internationally used documents such as airplane tickets, but in some cases (such as on US visas) English transliteration is used. German credit cards use in the non-machine-readable zone either the correct or the transliterated spelling.
The three possible spelling variants of the same name (e.g. Müller / Mueller / Muller) in different documents sometimes lead to confusion, and the use of two different spellings within the same document (such as in the passports of German-speaking countries) may give border agents unfamiliar with foreign orthography the impression that the document is a forgery.
In response to this confusion, some Austrian passports contain a note in German, English, and French that AE/OE/UE/SS are the common transliterations of Ä/Ö/Ü/ß.
Names originally written in a non-Latin writing system may present another problem if there are no internationally recognized transliteration standards. For example, the Russian name Горбачёв is transcribed "Gorbachev" in English, "Gorbatschow" in German,"Gorbatchov" in French and "Gorbachov" in Spanish (i.e. using the phonology of the target language).
Countries using biometric passports
Main article: Passports of the European Union
European passports planned to have digital imaging and fingerprint scan biometrics placed on the RFID chip. This combination of thebiometrics aims to create an unrivaled level of security and protection against fraudulent identification papers. Technical specifications for the new passports has been established by the European Commission.- The specifications are binding for the Schengen agreementparties, i.e. the EU countries, except Ireland and UK, and three of the four European Free Trade Association countries – Iceland, Norway and Switzerland. - These countries are obliged to implement machine readable facial images in the passports by 28 August 2006, and fingerprints by 29 June 2009. The European Data Protection Supervisor has stated that the current legal framework fails to "address all the possible and relevant issues triggered by the inherent imperfections of biometric systems".- Currently, the British biometric passport only uses a digital image and not fingerprinting, however this is being considered by HM Passport Office. The German passports printed after 1 November 2007 contain two fingerprints, one from each hand, in addition to a digital photograph. The Romanian passports will also contain two fingerprints, one from each hand. The Netherlands also takes fingerprints and is the only EU member that plans to store these fingerprints centrally. According to EU requirements, only nations that are signatories to the Schengen Acquis are required to add fingerprint biometrics.- In these EU nations, the price of the passport will be:
- Austria (available since 16 June 2006) An adult passport costs €75.90, while a chip-free child's version costs €30.- As of March 2009 all newly issued adult passports contain fingerprints.
- Belgium (introduced in October 2004): €71 or €41 for children + local taxes. Passports are valid for 5 years.
- Bulgaria (introduced in July 2009; available since 29 March 2010): 40 BGN (€20) for adults. Passports are valid for 5 years.
- Croatia (available since 1 July 2009) It costs 390 HRK (€53). The chip contains two fingerprints and a digital photo of the holder. Since 18 January 2010 only biometric passports can be obtained at issuing offices inside Croatia. Diplomatic missions and consular offices must implement new issuing system until 28 June 2010.
- Cyprus (available since 13 December 2010) : €70, valid for 10 years
- Czech Republic (available since 1 September 2006): 600 CZK for adults (valid 10 years), 100 CZK for children (valid 5 years). Passports contain fingerprints.
- Denmark (available since 1 August 2006): DKK 600 for adults (valid for 10 years), 115 DKK for children (valid for 5 years) and 350 DKK for over 65 (valid for 10 years). As of January 2012 all newly issued passports contain fingerprints.
- Estonia (available since 22 May 2007): EEK 450 (€28.76) (valid for 5 years). As of 29 June 2009, all newly issued passports contain fingerprints.
- Finland (available since 21 August 2006) €53 (valid for max. 5 years). As of 29 June 2009, all newly issued passports contain fingerprints.
- France (available since April 2006): €86 or €89 (depending whether applicant provides photographs), valid for 10 years. As of 16 June 2009, all newly issued passports contain fingerprints.
- Germany (available since November 2005): ≤23-year old applicants (valid for 6 years) €37.50, >24 years (valid 10 years) €59 Passports issued from 1 November 2007 on include fingerprints.
- Greece (available since 26 August 2006) €84.40 (valid for 5 years). Since June 2009, passports contain fingerprints.
- Hungary (available since 29 August 2006): HUF 7,500 (€26), valid for 5 years, HUF 14,000 (€48.50) valid for 10 years. As of 29 June 2009, all newly issued passports contain fingerprints.
- Ireland (available since 16 October 2006): €80, valid for 10 years. Free for people over 65. (Not Signatory to Schengen Acquis, no obligation to fingerprint biometrics)
- Italy (available since 26 October 2006): €116,-valid for 10 years. As of January 2010 newly issued passports contain fingerprints.
- Latvia (available since 20 November 2007): An adult passport costs Ls15 (€21.36 [prior to 16, July 2012]), valid for 10 or 5 years.
- Lithuania (available since 28 August 2006): LTL 150 (€43). For children up to 16 years old, valid max 5 years. For persons over 16 years old, valid for 10 years.
- Luxembourg (available since 28 August 2006): €30. Valid for 5 years. As of 29 June 2009, all newly issued passports contain fingerprints.
- Malta (available since 8 October 2008): €70 for persons over 16 years old, valid for 10 years, €35 for children between 10–16 years (valid for 5 years) and €14 for children under 10 years (valid for 2 years).
- Netherlands (available since 28 August 2006): Approximately €11 on top of regular passport (€38.33) cost €49.33. Passports issued from 21 September 2009 include fingerprints. Dutch identity cards are lookalike versions of the holder's page of the passport but don't contain fingerprints.
- Poland (available since 28 August 2006): 140 PLN (€35) for adults, 70PLN for students, valid 10 years. Passports issued from 29 June 2009 include fingerprints of both index fingers.
- Portugal (available since 31 July 2006 – special passport; 28 August 2006 – ordinary passport): €65 for all citizens valid for 5 years. All passports have 32 pages.
- Romania (available since 31 December 2008): 302 RON (€67),- valid for 5 years for those over the age of 6, and for 3 years for those under 6. As of 19 January 2010, new passport includes both facial images and fingerprints.
- Slovakia (available since 15 January 2008) An adult passport(>13years costs 33.€19 valid for 10 years, while a chip-free child's(5–13 years) version costs 13.€27 valid for 5 years and for children under 5 years 8.€29, but valid only for 2 years.
- Slovenia (available since 28 August 2006): €42.05 for adults, valid for 10 years. €35.25 for children from 3 to 18 years of age, valid for 5 years. €31.17 for children up to 3 years of age, valid for 3 years. All passports have 32 pages, a 48-page version is available at a €2.50 surcharge. As of 29 June 2009, all newly issued passports contain fingerprints.
- Spain (available since 28 August 2006) at a price of €25 (price at the 22 April 2012). They include fingerprints of both index fingers as of October 2009. (Aged 30 or less a Spanish passport is valid for 5 years, otherwise they remain valid for 10 years).
- Sweden (available since October 2005): SEK 350 (valid for 5 years). As of 1 January 2012, new passport includes both facial images and fingerprints.
- UK (introduced March 2006): £72.50 for adults and £46 - for children under the age of 16.- (Not Signatory to Schengen Acquis, no obligation to fingerprint biometrics.)
(feat.) ZIGGY MARLEY
Redemption Song Lyrics
Bad Card Lyrics- Bob Marley
You a-go tired fe see me face;
Can't get me out of the race.
Oh, man, you said I'm in your place
And then you draw bad cyard -
A-make you draw bad cyard,
And then you draw bad cyard.
Can't get me out of the race.
Oh, man, you said I'm in your place
And then you draw bad cyard -
A-make you draw bad cyard,
And then you draw bad cyard.