Part 1 and 2 of this series outlined the software and hardware components of a biometric passport. Cybersecurity consultant Ravi Das now looks at the security vulnerabilities associated with e-passports.
Given the size and complexity of an e-passport infrastructure, it is prone to many types of cyber-based attacks.
The following are examples of some of the security vulnerabilities associated with it:
- Cloning attacks
This occurs when a newly issued e-passport contains the biometric information and data from either a stolen or a hijacked e-passport.
- Eavesdropping attacks
This type of attack occurs when a hacker can gain access to the biometric templates when they are being transmitted from the Radio-Frequency Identification (RFID) antennae to the e-passport reader.
- Adversary attacks
With this, the biometric information and data which is stored in the microchip can literally be “skimmed” off if the hacker possesses a very sophisticated type of network sniffing device.
- Denial of service attacks
This can happen when the servers which are networked to the e-passport reader become heavily bombarded with meaningless network traffic and/or malformed data packets. As a result, the servers either become crippled or totally non-functioning.
- Man in the middle attacks
This happens when an attacker is in the direct line of communication between the microchip and the e-passport reader, in an attempt to hijack any easily accessible information and data.
- No key revocation
One of the cardinal rules of a Public Key Infrastructure (PKI) network base is to keep both the public and private keys refreshed during random or differing intervals. However, in the case of an e-passport infrastructure, the refreshment occurs very infrequently. For example, this may not happen until every ten years or so. As a result, these keys can become “stale” and are easily guessed by the attacker.
To help combat some of these cyber-based threats, two types of protocols were created specifically for the e-passport infrastructure. These are known as the “Chip Authentication Protocol” and the “Reader Authentication Protocol.” With the former, the line of wireless communications between the RFID antennae and the e-passport reader is automatically reset in between the identification of individuals. With the latter, only valid and authentic e-passports can be processed.
Overall, we have provided an overview of an e-passport infrastructure. It can also be referred to as the “biometric passport” as well, because the microchip of the e-passport can contain at least three or even more different types of biometric templates.
Although other types of security information can be contained about the individual (such as biographical data), it is the biometric templates which are the most widely used.
As it was also reviewed, the e-passport infrastructure is prone to different types of cyber-based attacks. This is primarily due to its many components and heavy reliance upon a networked configuration. In this regard, conducting different types of penetration testing will also be very important, especially when it comes to discovering any hidden or unforeseen security holes and vulnerabilities.
The areas which need to be thoroughly penetration tested are as follows:
- The durability of the infrastructure
The systems which are involved in an e-passport infrastructure must be designed and made so that they last for a long time.
- The security of the infrastructure
All relevant networking protocols which are involved in the transmission of information and data and in the identification of the individual, must be as hacker-proof as possible. They must be tested on an almost daily basis. This also includes testing the microchip design, the RFID protocol, and the logical directory structure.
- The functionality and the processes of the infrastructure
The entire e-passport infrastructure must be designed and implemented so that in the face of a cyber-based attack, all of the associated processes and functionalities can revert to their backup systems in just a matter of minutes, to ensure 24 X 7 X 365 continuity. In this regard, any backup or recovery and disaster recovery plans must be thoroughly tested.
Join the conversation. Join our LinkedIn Group.