A biometric passport (also known as e-passport , ePassport or digital passport ) is a traditional passport with a chip embedded electronic microprocessors containing biometric information that can be used to authenticate the identity of the passport holder. It uses unencrypted smart card technology, including microprocessor chips (computer chips) and antennas (for power to chip and communications) embedded in front or back cover, or middle page, passport. Important passport information printed on the passport data page and stored in the chip. Public key infrastructure (PKI) is used to authenticate electronically stored data in a passport chip making it costly and difficult to forge when all security mechanisms are fully and correctly implemented. Many countries are moving toward the issue of biometric passports. In December 2008, 60 countries issued the passport, increasing to 120 by June 2017.
The standard biometrics currently used for this type of identification system are facial recognition, fingerprint recognition, and iris recognition. It was adopted after assessment of several types of biometrics including retinal scans. The document and chip characteristics are documented in the International Civil Aviation Organization (ICAO) Doc 9303. ICAO defines the biometric file format and the communication protocol to be used in the passport. Only digital images (usually in JPEG or JPEG2000 format) of any biometric feature are actually stored in the chip. Comparison of biometric features is performed outside the passport chip with an electronic border control system (e-border). To store biometric data on a chip without contacts, it includes at least 32 kilobytes of EEPROM storage memory, and runs on the interface in accordance with ISO/IEC 14443 international standards, among others. These standards mean interoperability between different countries and different passport book manufacturers.
Some national identity cards (eg in the Netherlands, Albania and Brazil) are entirely biometric travel documents in accordance with ICAO9303; but others, such as the United States Passport Card, do not.
Video Biometric passport
Availability
Maps Biometric passport
Data protection â ⬠<â â¬
Biometric passports have a protection mechanism to avoid and/or detect attacks:
- Chip characteristics not trackable
- Random chip identifiers reply to each request with different chip numbers. This prevents passport chip searching. Using a random identification number is optional.
- Basic Access Control (BAC) Ã,
- BAC protects the communication channel between chip and reader by encrypting the transmitted information. Before the data can be read from the chip, the reader needs to provide keys that come from Machine Readable Zones: birth date, expiration date and document number. If BAC is used, the attacker can not (easily) eavesdrop on the transferred information without knowing the correct key. Using BAC is optional.
- Passive Authentication (PA) Ã,
- PA aims to identify modification of passport chip data. The chip contains a file (SOD) that stores the hash values ââof all files stored in the chip (images, fingerprints, etc.) and this hash digital signature. A digital signature is created using a key signing document signed by a country signing key. If the files in the chip (eg images) change, this can be detected because the hash value is wrong. Readers need access to all public state keys used to check whether a digital signature is produced by a trusted country. Using PA is mandatory. According to United States United Intelligence Agency document September 2011 released by Wikileaks in December 2014, "Although fake e-passports do not have the correct digital signatures, supervisors can not detect fraud if a passport comes from countries not participating in the Directory Public Public International Civil Aviation Organization (ICAO PKD).In January 2017, 55 of over 60 countries that issue e-customs passports are included in the PKD program.
- Active Authentication (AA) Ã,
- AA prevents cloning of passport chips. The chip contains a private key that can not be read or copied, but its existence can be easily proven. Using AA is optional.
- Extended Access Control (EAC) Ã,
- EAC adds functionality to check chip authenticity (chip authentication) and reader (terminal authentication). In addition, it uses stronger encryption than BAC. EAC is usually used to protect fingerprints and iris scan. Using EAC is optional. In the EU, using EAC is mandatory for all documents issued starting June 28, 2009.
- Additional Access Control (SAC) Ã,
- SAC was introduced by ICAO in 2009 to address the weaknesses of BAC. It was introduced as a supplement to BAC (to maintain compatibility), but will replace it in the future.
- Protect the chip
- This prevents unauthorized reading. Some countries - including at least the US - have integrated a very thin metal net into the passport cover to act as a shield when the passport cover is closed. Shielding is optional.
To ensure interoperability and functionality of the security mechanisms listed above, ICAO and the German Federal Office for Information Security (BSI) have established several test cases. This testing specification is updated with each new protocol and includes details starting from the paper used and ending with the included chip.
Checkout process
Attack
Since the introduction of biometric passports several attacks have been presented and shown.
- Chip characteristics not trackable
- In 2008, the Radboud/Lausitz University team indicated that it was possible to determine which country the passport chip originated without knowing the key needed to read it. Tim fingerprint passport chip error messages from different countries. The generated search table allows the attacker to determine where a chip is coming from. In 2010 Tom Chothia and Vitaliy Smirnov documented attacks that allowed individual passports to be tracked, by sending a special BAC authentication request. In 2016 Avoine et al. published a survey on security and privacy issues in the passport protocol, where a new technique for tracking passports was introduced, based on the response time of basic orders.
- Basic Access Control (BAC)
- In 2005 Marc Witteman pointed out that the Dutch passport document numbers are predictable, allowing attackers to guess/break keys needed to read the chip. In 2006 Adam Laurie wrote software that tried all passport keys that were known within a certain range, thus applying one of Witteman's attacks. Using online flight booking sites, flight coupons, and other public information allows to significantly reduce the number of keys possible. Laurie demonstrates the attack by reading the journalist's passport chip Letters Daily in the envelope without opening it. Note that in some early biometric passports, BAC is not used at all, allowing attackers to read chip content without providing a key.
- Passive Authentication (PA)
- In 2006, Luke Grunwald pointed out that it is not easy to copy passport data from a passport chip to a standard ISO/IEC 14443 smart card using a standard no-contact card interface and a simple file transfer tool. Grunwald uses a passport that does not use Active Authentication (anti-cloning) and does not alter the data stored on copied chips, thus keeping his cryptographic signatures valid.
- In 2008 Jeroen van Beek pointed out that not all passport inspection systems check for cryptographic signs from passport chips. For the demonstration, Van Beek changed the chip information and signed it using the key to signing its own documents from a non-existent country. This can only be detected by checking the country signing key used to sign the signing key of the document. To check the country signing key, ICAO PKD can be used. Only 5 out of 60 countries use this central database. Van Beek does not update the original passport chip: instead the ePassport emulator is used..
- Also in 2008, The Hacker's Choice implements all attacks and publishes code to verify results. This release includes video clips that indicate a problem by using a fake passport of Elvis Presley that is recognized as a valid US passport.
- Active Authentication (AA)
- In 2005 Marc Witteman pointed out that a secret Authentication key can be retrieved using power analysis. This may allow an attacker to clone a passport chip that uses an optional Active Authentication cloning mechanism on the chip - if the chip design is vulnerable to this attack.
- In 2008 Jeroen van Beek indicated that optional security mechanisms could be disabled by removing their presence from passport index files. This allows an attacker to remove - among other things - an anti-cloning mechanism (Active Authentication). This attack is documented in supplement 7 of Doc 9303 (R1-p1_v2_sIV_0006) and can be solved by patching the inspection system software. Note that supplement 7 presents a vulnerable example in the same document - when implemented - resulting in a vulnerable screening process.
- Extended Access Control (EAC)
- In 2007, Luke Grunwald presented an attack that could make EAC-equipped passport chips unusable. Grunwald states that if EAC-key - required to read fingerprints and update certificates - is stolen or compromised, an attacker may upload a fake certificate with a future issue date in the future. The affected chips blocked read access until a future date is reached.
Opposition
Privacy advocates in many countries question and protest the lack of information about exactly what the passport chip will contain, and whether it affects civil liberties. The main problem they show is that data on passports can be transferred with wireless RFID technology, which can be a major vulnerability. Although this can allow the ID-check computer to get a person's information without a physical connection, it also allows anyone with the tools necessary to perform the same task. If the personal information and passport numbers on the chip are not encrypted, the information may end up in the wrong hands.
On December 15, 2006, the BBC published an article on UK ePassport, quoting the story above and adding that:
- "Almost every country that issued this passport has some security experts screaming at the top of their lungs and trying to shout: 'It's not safe.This is not a good idea to use this technology'", quoting a a specialist who states "It's too complicated In the wrong place - reading the data first, deciphering the data, interpreting the data, then verifying whether it is true.There are many technical weaknesses in it and there are things that have just been forgotten, so basically do not do what it's supposed to do.This should have gotten a higher level of security It's not. "
and added that the research team of Future of Identity in the Information Society (FIDIS) research team (an EU-funded IT security expert body) has "also opposed the ePassport scheme... [declares that] European governments have imposed documents on their people which dramatically reduces security and increases the risk of identity theft. "
Most security measures are designed against "provers", but the recent scientific security community also addresses threats from unreliable verifiers, such as corrupt government organizations, or countries that use electronic systems that are not implemented good and not safe. New cryptographic solutions such as private biometrics are being proposed to reduce the threat of mass identity theft. It is under scientific study, but has not been implemented in biometric passports.
Countries using biometric passports
European Union
It is planned that, except Denmark, Ireland and the UK, EU passports will have digital imaging and biometric fingerprint scanning placed on their RFID chips. This biometric combination aims to create an unrivaled level of security and protection against false identification documents. Technical specifications for new passports have been established by the European Commission. The specifications are binding on the parties of the Schengen agreement, the EU countries, except Ireland and the UK, and three of the four countries of the European Free Trade Association - Iceland, Norway and Switzerland. These countries are required to apply machine-readable face images in their passports on August 28, 2006, and fingerprints on June 29, 2009. The European Data Protection Supervisor has stated that the current legal framework fails to "address all possible and relevant issues that are triggered by imperfections inherent in biometric systems ". Currently, British and Irish biometric passports only use digital images and not fingerprints. The German passport printed after November 1, 2007 contains two fingerprints, one in each hand, next to a digital photo. The Romanian passport will also contain two fingerprints, one from each hand. The Netherlands also took fingerprints and was the only EU member who planned to keep this fingerprint centrally. Under EU conditions, only countries that are signatories of the Schengen acquisition are required to add fingerprint biometrics.
Albanian biometric passports have been available since May 2009, costing 6000 LekÃÆ' (EUR50) and valid for 10 years. The microchip contains ten fingerprints, a carrying photo and all the data written on the passport.
Algeria
Algeria biometric passports were introduced on January 5, 2012 with 10 years validity for adults, and 5 years for minors. Argentina
On June 15, 2012, the government announced the availability of a new biometric passport costing 400 pesos, valid for 10 years
Armenia
In July 2012, Armenia introduced two new identity documents to replace Armenian ordinary passports. One of the documents - ID cards with electronic signatures and other personal data, are used locally locally, and biometric passports with electronic chips are used for travel abroad. The electronic chips of biometric passports contain fingerprint digital images, photographs and electronic signatures from passport holders. Passport will be valid for 10 years.
Australia
Australian biometric passports were introduced in October 2005. A microchip contains the same personal information that is on the ePassport color photo page, including digital photos. SmartGates has been installed at Australian airports to allow Australian ePassport holders and ePassport holders from several other countries to clear immigration control faster, and face recognition technology has been installed at immigration gates.
Azerbaijan
Azerbaijan biometric passports were introduced in September 2013. Biometric passports include information on passport owners' facial features, as well as fingerprints and palms. Each passport will also include a personal identification number. The program includes developing appropriate legislative frameworks and information systems to ensure information security.
Bosnia and Herzegovina
Available since October 15, 2009 and cost 50 KM (EUR25.65). Valid for 10 years for adults and 5 years for younger than 18 years. Produced by Bundesdruckerei. On June 1, 2010, Bosnia and Herzegovina issued their first EAC passport.
Botswana
Botswana began publishing biometric e-passports to its citizens on March 8, 2010.
Brazil
Brazil began issuing ICAO compliant passports in December 2006. But only in December 2010 it began issuing passports with microchips, first in the Brazilian state capital and Goiás. Since late January 2011, the latter is available for publication throughout Brazil. This is valid for 5 years for adults and costs R $ 156.07 (around EUR80). In December 2014, the Federal Police Department extended the validity of documents, from five to ten years.
Brunei
Brunei biometric passport introduced on February 17, 2007. It is manufactured by the German printer Giesecke & amp; Devrient (G & amp; D) follows the requirements of the Visa Waiver Program. The Bruneian ePassport has the same functionality as other biometric passports.
Cambodia
Cambodia began issuing biometric passports to its citizens on July 17, 2014. The 5-year passport fee, issued only for children aged five and under, is 80 USD; while a 10-year passport, issued to all persons older than five years, costs 100 USD.
Canada
All Canadian passports issued on or after July 1, 2013 ePassports have electronic chips encoded with carrier names, sex, and date and place of birth and digital portraits of their faces.
Cape Verde
Cape Verde began issuing biometric passports on January 26, 2016. The cost of a biometric passport is 50 euros with a processing time of 30 days. It should be noted that this scheme will gradually be extended to the Cape Verde diplomatic missions in Boston and Lisbon in the future.
Chile
Chile introduces new biometric passports and national ID cards on September 2, 2013. The new passport booklet is designed to have a 5-year validity.
China
On January 30, 2011, the Ministry of Foreign Affairs of the People's Republic of China launched the publication of an e-passport test for public affairs. Face, fingerprints and other biometric features of the passport holders will be digitized and stored in a contactless smart chip pre-installed in the passport. On July 1, 2011, the Ministry began issuing biometric passports to all individuals doing public affairs abroad on behalf of the Chinese government.
Ordinary biometric passports have been introduced by the Ministry of Public Security starting from May 15, 2012. The passport fee is 200 CNY (approximately US $ 31) for first applicants in China and 220 CNY (or US $ 35) for renewals and passports issued overseas.
Effective from 1 July 2017, the usual biometric passport fee is reduced to 160 CNY (approximately US 24) for applicants and first time updates. As of April 2017, China has issued more than 100 million ordinary biometric passports.
Colombia
The Colombian foreign ministry announced that, from September 1, 2015, new biometric passports will be issued. The only visible change is that a regular Colombian passport will now carry a standard biometric symbol () at the bottom of the front cover of the booklet. the passport fee is COP 163,000 (about USD 56).
Dominican Republic
In the Dominican Republic, biometric passports were issued in May 2004. But Dominican biometric passports do not carry the "inside chip" symbol. In January 2010, the cost of the passport was 1,250 DOP, about 35-40 USD on that date.
Egypt
The Government of Egypt since February 5, 2007 introduced the Electronic Passport (e-Passport) and the Electronic Identity Document for Visa Purposes (e-Doc/I) in accordance with International Civil Aviation Organization (ICAO) standards.
Finnish
Available since August 21st, 2006.
Gabon
Available since January 23, 2014. Gabon's biometric passport carries the symbol "chip inside" ().
Ghana
Available from March 1st, 2010 and GHÃ, à ¢ 50,00-100,00 cost for adults and children. Passports contain several other technological characteristics other than biometric technology. But Ghana's biometric passports do not carry the "chip inside" () symbol, which is a liability for ICAO-standard electronic passports.
Hong Kong
In 2006, the Immigration Department announced that Unihub Limited (a subsidiary of PCCW leading a supplier consortium, including Keycorp) has won a tender to provide technology to produce biometric passports. In February 2007, the first biometric passports were introduced. The cover of a new biometric passport remains essentially the same as the previous version, with the addition of an "electronic passport" logo at the bottom. However, the inner page design has changed a lot. The design is in line with document design recommendations from the International Civil Aviation Organization. The new EPassport is featured in the Stockholm Challenge Event 2008 and is a finalist for the Stockholm Challenge Award in the category of Public Administration. The Hong Kong ePassport SAR design is praised for "a variety of sophisticated technologies seamlessly integrated in the advanced Electronic Passport System (Electronic Passport System)". The HKSAR passport fee is HK $ 370 (or US $ 48) for a 32-page passport and HK $ 460 (or US $ 59) for a 48-page passport.
Iceland
Available since May 23, 2006 and ISK5100 charge (ISK1900 for under 18 and over 67).
India
Recently India has started the first deployment of Biometric e-Passport for all passport holders in India and abroad. New passports have been natively designed by the Central Passport Organization, the Indian Security Press, Nashik and IIT Kanpur. Passport contains security chips with personal data and digital images. Initially, the new passport will have a 64KB chip with a photo of the passport holder and then including the fingerprint holder. Biometric passports have been tested with passport readers abroad and recorded to have a 4 second response time - less than US Passports (10 seconds). Passports do not need to be carried in metal jackets for safety reasons because they have to pass through the reader first, then generate an access key to unlock the chip data for reader access.
India has also granted contracts to Tata Consultancy Services to issue e-passports through seva passports. India plans to open 77 such centers across the country to issue this passport.
On June 25, 2008, the Indian Passport Authority issued its first passport to the President of India, Pratibha Patil. E-passports are under the first stage of deployment and will initially be limited to holders of diplomatic passports. It is available to ordinary citizens starting 2017 and beyond
Indonesia
Indonesia began issuing e-Passports on January 26, 2011. Passports worth Rp655,000 (US $ 66) for 48 pages are valid for 5 years, and Rp405,000 (USD41) for 24-page passports is valid for 5 years.
Iran
Iran began issuing diplomatic passports and biometric services in July 2007. Ordinary biometric passports were issued on February 20, 2011. The new passport fee is around US $ 37 (IRR1,124,000).
Iraq
Beginning February 1, 2010, the Ministry of Internal Affairs of Iraq introduced a new electronic system to issue a new series A biometric passport under contract with the German SAFE ID Solution, the new series is a readable biometric passport engine available for the public at a cost of 25,000 dinars or about USD20.
ireland
On October 16, 2006, the Minister of Foreign Affairs presented the first biometric passport.
Israel
Since July 2013, the Israeli Interior Ministry has issued biometric passports to people who want to receive them. For a 2 year trial period under the Biometric Act, this is optional. Starting August 2013, passports expired in more than 2 years may be replaced with biometric on demand, free of charge. Passports expiring in 2 years will be charged full amount. A review of the program that should have been summed up in 2015 was postponed by the then Ministerial Home Affairs order, due to controversy over the creation of Biometric Database rather than storing biometric data only in passport chips, as is the practice in many other countries. Since 2015, the trial period is extended to 2017. In May 2017, the trial period ended. Newly issued passports must be biometric.
To obtain a biometric passport, an applicant must appear in the office of the Ministry of Interior "to be photographed by a special camera that records information such as facial bone structure, the distance between one's eyes, ears to the eyes and the ratio of facial features to one another, and all this information will be loaded in a new high-tech electronic passport. "
Japanese
The Japanese government began issuing biometric passports in March 2006. With this, Japan has fulfilled the requirements under the US Visa Release Program which calls on countries to launch their biometric passports before October 26, 2006.
Kazakhstan
Kazakhstan has presented its concept of applying biometric passports in 2009.
Kenya
On September 1, 2017 the Immigration and Registration Directorate of the people under the internal ministry and national coordination announced Kenya will launch a roll of newly launched electronic passports. The new passport E-passport will contain microprocessor chips that will contain biometrics such as fingerprint, face and signature including other important information, all of which correspond to ICAO. The launch is highly anticipated because this launch was previously scheduled for April 2017. Applications must be made online through https://www.ecitizen.go.ke/
You are now most likely to travel back to Kenya for biometric data retrieval and passport creation. Kenya plans to cancel its old-style passport on August 31, 2019.
Kosovo
In May 2011, the Home Ministry of the Republic of Kosovo announced that biometric passports would be issued in the summer of 2011 after winning companies were selected and awarded passport production. The first biometric passport was issued in October 2011.
Kuwait
In March 2017, Kuwait State Ministry of Interior began issuing biometric passports. The Interior Minisry announces that by the end of 2018, older non-biometric passports will no longer be valid for use.
Laos
In September 2016, the Lao Foreign Affairs Ministry announced that biometric passports will be launched after 30 June 2016
Lebanon
The Directorate General of General Security of Lebanon ( La SÃÆ'à à à à à à © rà © rà © rà © à © began to issue biometric passports as of 1 August 2016. All new passports of Lebanon ( Passeport de la rÃÆ'à © publique Libanaise ) issued is a machine-readable biometric passport containing a contactless, intelligent RFID chip embedded in the bottom of the front cover under the word "PASSEPORT."
The state-run printing company, Imprimerie Nationale, runs the official printing work of the Lebanese and French governments.
Lesotho
The introductory date is uncertain. However, enabling legislation is proposed in November 2016.
Macau
Applications for electronic passports and electronic travel licenses have been initiated and processed since September 1, 2009. Macedonia
Available from 2 April 2007 and cost 1500 MKD or c. EUR22.
Madagascar
This passport is available since 2014 and costs 110,000 Ariary. Since September 2014, it is mandatory for residents of Malagasy to leave the country with biometric passports.
Malaysia
Malaysia was the first country in the world to issue biometric passports in 1998, after the local company, IRIS Corporation, developed the technology. But Malaysia is not a member of the Visa Release Program (VWP) and its first biometric passports do not conform to the same standards as VWP biometric documents because Malaysian biometric passports are issued several years before VWP requirements. The difference lies in the storage of fingerprint templates, not the fingerprint images in the chip, the rest of the same technology. Also biometric passports are designed to be read only if the receiving country has authorization from the Malaysian Immigration Department. Malaysia began issuing ICAO compliant passports from February 2010.
Malaysia is used to issue passports with validity for 2 years and 5 years, but passports with 2 year validity are withdrawn since January 2015.
The price for Malaysian passport is RM 200 (approx USD 50) with 5 years validity, RM100 (about USD 25) for senior citizens, children under 12 years old, Hajj pilgrims, and students under 21 years old and studying abroad is RM100 and is free for people with disabilities. citizens. Maldives