A biometric passport , also known as an e-passport or ePassport , is a combined paper and electronic passport (hence the e- , as in e-mail ) that uses biometrics to authenticate the identity of travelers. It uses contactless smart card technology, including a microprocessor chip (computer chip) and antenna (for both power to the chip and communication) embedded in the front or back cover, or center page, of the passport. Document and chip characteristics are documented in the International Civil Aviation Organisation's (ICAO) Doc 9303. The passport's critical information is both printed on the data page of the passport and stored in the chip. Public Key Infrastructure (PKI) is used to authenticate the data stored electronically in the passport chip making it virtually impossible to forge.
The currently standardized biometrics used for this type of identification system are facial recognition, fingerprint recognition, and iris recognition. These were adopted after assessment of several different kinds of biometrics including retinal scan. The ICAO defines the biometric file formats and communication protocols to be used in passports. Only the digital image (usually in JPEG or JPEG2000 format) of each biometric feature is actually stored in the chip. The comparison of biometric features is performed outside the passport chip by electronic border control systems (e-borders). To store biometric data on the contactless chip, it includes a minimum of 32 kilobytes of EEPROM storage memory, and runs on an interface in accordance with the ISO/IEC 14443 international standard, amongst others. These standards ensure interoperability between different countries and different manufacturers of passport books.
Note that the USA Passport card is not a biometric passport. The passport card does not follow the ICAO's Doc 9303, can only be used in a limited number of countries and uses a simple RFID chip instead of the contactless smart card technology that is used for biometric passports. Contactless smart card technology includes a microprocessor, data access control, communications security and other functionality as programmed.
Data protection
Biometric passports are equipped with protection mechanisms to avoid and / or detect attacks:
- Non-traceable chip characteristics. Random chip identifiers reply to each request with a different chip number. This prevents tracing of passport chips. Using random identification numbers is optional.
- Basic Access Control (BAC). BAC protects the communication channel between the chip and the reader by encrypting transmitted information. Before data can be read from a chip, the reader needs to provide a key which is derived from the Machine Readable Zone : the date of birth, the date of expiry and the document number. If BAC is used, an attacker cannot (easily) eavesdrop transferred information without knowing the correct key. Using BAC is optional.
- Passive Authentication (PA). PA prevents modification of passport chip data. The chip contains a file (SOD) that stores hash values of all files stored in the chip (picture, finger print, etc.) and a digital signature of these hashes. The digital signature is made using a document signing key which itself is signed by a country signing key. If a file in the chip (e.g. the picture) is changed, this can be detected since the hash value is incorrect. Readers need access to all used public country keys to check whether the digital signature is generated by a trusted country. Using PA is mandatory.
- Active Authentication (AA). AA prevents cloning of passport chips. The chip contains a private key that cannot be read or copied, but its existence can easily be proven. Using AA is optional.
- Extended Access Control (EAC). EAC adds functionality to check the authenticity of both the chip (chip authentication) and the reader (terminal authentication). Furthermore it uses stronger encryption than BAC. EAC is typically used to protect finger prints and iris scans. Using EAC is optional. In the EU, using EAC is mandatory for all documents issued starting June 28 2009.
- Shielding the chip. This prevent unauthorized reading. Some countries - including at least the US - have integrated a very thin metal mesh into the passport's cover to act as a shield when the passport cover is closed. The use of shielding is optional.
Attacks
Since the introduction of biometric passports several attacks are presented and demonstrated:
- Non-traceable chip characteristics. In 2008 a Radboud / Lausitz University team demonstrated that it's possible to determine where a passport chip is from without knowing the key required for reading it. The team fingerprinted error messages of passport chips from different countries. The resulting lookup table allows an attacker to determine where a chip is from.
- Basic Access Control (BAC). In 2005 Marc Witteman presented that document number of Dutch passports were predictable, allowing an attacker to guess / crack the key required for reading the chip. In 2006 Adam Laurie wrote software that tries all known passport keys within a given range, thus implementing one of Witteman's attacks. Using online flight booking sites, flight coupons and other public information it's possible to significantly reduce the number of possible keys. Laurie demonstrated the attack by reading the passport chip of a Daily Mail's reporter in its envelope without opening it. Note that in some early biometric passports BAC wasn't used at all, allowing attacker to read the chip's content without providing a key.
- Passive Authentication (PA). In 2006 Lukas Grunwald demonstrated that it is trivial to copy passport data from a passport chip into a standard ISO 14443 smartcard using a standard contact-less card interface and a simple file transfer tool. Grunwald used a passport that did not use Active Authentication (anti-cloning) and did not change the data held on the copied chip to keep its cryptographic signature valid. In 2008 Jeroen van Beek demonstrated that not all passport inspection systems check the cryptographic signature of a passport chips. For his demonstration Van Beek altered chip information and signed it using his own document signing key of a non-existing country. This can only be detected by checking the country signing keys that are used to sign the document signing keys. To check country signing keys the ICAO PKD can be used. Only 5 out of 60+ countries are using this central database. Van Beek did not update the original passport chip: instead an ePassport emulator was used. Also in 2008, The Hacker's Choice implemented all attacks and published code to verify the results. The release included a video clip that demonstrated problems using a forged Elvis Presley passport that is recognized as a valid US passport.
- Active Authentication (AA). In 2005 Marc Witteman presented that the secret Active Authentication key can be retrieved using power analysis. This allows an attacker to clone passport chips that use the optional Active Authentication anti-cloning mechanism. In 2008 Jeroen van Beek demonstrated that optional security mechanisms can be disabled by removing their presence from the passport index file. This allows an attacker to remove - amongst others - anti-cloning mechanisms (Active Authentication). The attack is documented in supplement 7 of Doc 9303 (R1-p1_v2_sIV_0006) and can be solved by patching inspection system software. Note that supplement 7 features vulnerable examples in the same document that - when implemented - result in a vulnerable inspection process.
- Extended Access Control (EAC). In 2007 Luks Grunwald presented an attack that can make EAC-enabled passport chips unusable. Grunwald states that if an EAC-key - required for reading fingerprints and updating certificates - is stolen or compromised, an attacker can upload a false certificate with an issue date far in the future. The affected chips block read access until the future date is reached.
Note that attacks on the Passport card are not applicable to the biometric passport.
Opposition
Privacy activists in many countries question and protest the lack of information about exactly what the passports' chip will contain, and whether they impact civil liberties. The main problem they point out is that data on the passports can be transferred with wireless RFID technology, which can become a major vulnerability. Although this could allow ID-check computers to obtain a person's information without a physical connection, it may also allow anyone with the necessary equipment to perform the same task. If the personal information and passport numbers on the chip aren't encrypted, the information might wind up in the wrong hands.
On December 15, 2006, the BBC published an article on the British ePassport, citing the above stories and adding that:
and adding that the Future of Identity in the Information Society (FIDIS) network's research team (a body of IT security experts funded by the European Union) has "also come out against the ePassport scheme... European governments have forced
Report a lost or stolen passport : Directgov - Travel and transport
To replace your passport at the same time as reporting it lost or stolen, see 'Replace a lost, stolen or damaged passport'. Replace a lost, stolen or damaged passport
Replace a Stolen Passport
Download the United States Passport Replacement application. It is important to replace your passport if it is misplaced or stolen. Learn how to replace a US Passport.
ICA - Loss of Singapore Passport
Apply for a replacement passport in person at ICA upon your return to Singapore ; Note: By law a lost passport has to be reported within 14 days of the loss, but it is strongly ...
Passport replacement - Cotonou, Benin
Passports Passport replacement. A consul can issue a new passport or a replacement for a lost or stolen passport. If you believe your passport has been stolen, first report the theft ...
Replace a Lost Passport
Download the United States Passport Replacement application. It is important to replace your passport if it is lost or misplaced. Learn how to replace a US Passport.
Correcting or Changing Information in Your Passport
What about replacement passports for minors? The same requirements apply to minors as apply for adults. 14. Will my old passport be returned if I apply for a replacement?
Lost or Stolen Passports
To Replace a Lost or Stolen Valid Passport: Complete Application for Passport, Form DS-11. You must appear in person at a Passport Agency or Acceptance Facility.
Replace a lost, stolen or damaged passport : Directgov - Travel and ...
How to replace your lost, stolen or damaged passport, how much it costs, how to apply and how long it takes
Passport Replacement
Passports Replacing your U.S. Passport . The loss or theft of your passport can itself be a stressful event. Unfortunately, you must also take steps to replace your passport and ...
Replacement Passport
Immigration appointment service extendedNews.gov.hkThe extension will shorten applicants' waiting time for collecting their new or replacement passport and Document of Identity for