E-passport- The possibilities of accessing the data without the knowledge of the passport holder
Advancement in technology has its own drawbacks also. It might make us insecure at times. There are possibilities of some sort of identity theft happening when we go far ahead with internet facilities. How to get an e-passport is simpler than how to protect it from being trapped. As far as e-passport is concerned, the threat of theft could appear in the form of Skimming, eavesdropping on communication between the reader and the chip, tracking passport holder and even cloning the passport chips in order to commit some identity theft.
Skimming is an act of collecting data from an end user who is not willingly submitting the sample at that point of time. At the same time eavesdropping is an interception of information since it moves through electronic chips.
How to arrest this Malice
In this US, the authorities use an embedded metallic substance in the passport. This is considered to be one of the simplest methods of deterring the unauthorized reading of an e- passport. E-passport is attached with RF mechanism on its cover as a blocking material. With this technology, before one wants to read an e-passport he/she has to open it physically. It is one of the simplest and most practical ways of preventing the unauthorized reading of passport.
To reduce the risk of eavesdropping, a BAC system has been introduced effectively which is proved to be one of the best methods to arrest the risk of it. BAC requires initial interaction between an embedded microchip and the reader includes protocols for setting up a secure communication channel. It ensures that only RFID readers can read the data on an e-passport. In this system if someone tries to read the data or scan an e-passport, there is a protocol that works on pair keys and derives a session key. If the reader is an authorized person, it releases the data; otherwise the attempt will become futile.
Tracking is another method with which the tracking of data on an e-passport is curtailed. There is a chip on the passport that is protected by BAC mechanism disallow another person to access the data in the passport unless it is the inspection system embedded on it proves it authorized. The passport authorities in the US use Random UID (Unique Identifier) to communicate with the user so as to prevent using UID for tracking.
Cloning:
Cloning is nothing but substituting the chip of an e-passport with a fake chip storing the data copied from another passport. The simplest way to whittle away the threat is to identify the data derived belongs to another live e-passport. This can easily be done by just comparing the data stored on the chip with the data stored on the e-passports page in the official data. This can be traced with the photos on the original e.passport details. And this can be traced wit the person travelling with an e-passport with the Public Key Infrastructure (PKI) which has all data of the e-passport holder in its data. If it matches with the traveler’s data, it can be assume original and tamper proof.
We have been talking only about how to protect an e-passport. Once it is issued and monitored well, let us see the formalities of getting an e passport in the US. One has to submit the passport application form to get it and submit the passport renewal form in time to get it renewed. Let us get into to the new technological developments plugging the holes of tampering it by others….