In Part 1 of this series, Ravi Das examined the software components of a biometric passport. The hardware components will now be discussed.
The hardware for the IT infrastructure
Apart from the e-passport readers and the biometric devices themselves, one of the most critical aspects of an e-passport infrastructure is the actual microchip itself.
There are many kinds of microchips which can be implemented into the e-passport. For example, the microchip can possess either a very simple or a very complex design.
The choice in which type of microchip to use is dependent of course, on the type of biometric templates which will be stored in them. For example, if just fingerprint templates will be stored, then a generic microchip will suffice. However, if three (or even more) biometric templates will be stored, then a much more sophisticated microchip will be required to meet this multimodal requirement.
In fact, the International Civil Aviation Organisation (also known as the ICAO) has specified two types of microchips which can be used in the e-passport:
Type A, which is the generic version; and
Type B, which is the much more sophisticated version.
The ICAO has also specified that the processing speed between the microchip and the e-passport reader must be at least that of 424 kbps (and faster if there is more than one biometric template which is stored and being processed).
Since the microchip can be considered to be at the heart of the e-passport infrastructure, special attention needs to be given to the operating system which resides in it. This is contained in the logical directory structure of the microchip, and it also specifies how the biometric template(s) will be stored.
The e-passport reader
he e-passport reader is a crucial component of the e-passport infrastructure. There are two subcomponents to this, and are:
The host system:
These are the servers which are physically networked to the e-passport reader, and process the information and data which is transmitted to it from the microchip.
The host application:
This is a specific type of software package which resides in the host system. For example, this could be a border control application which is used to confirm further and/or verify the identity of the traveller in question.
At this point, a Public Key Infrastructure (PKI) can be deployed. Both public and private keys can be created not only to protect further the biometric templates which get transmitted from the microchip to the e-passport reader and vice versa, but they can also be used to maintain the integrity of them as well (in other words, ensuring that the biometric templates have not been altered in any way).
In fact, the ICAO has specified two separate protocols as it relates to the PKI:
- The secure in-country key generation:
This specifies that each and every country which participates in the use of the e-passport must create its own secure facility from which the private and public keys can be properly generated.
- The ICAO directory services:
In this regard, the ICAO actually provides a service which generates and distributes the public and private keys to the participating countries.
Finally, the e-passport infrastructure makes use of what is known as the “Radio-Frequency Identification” protocol, also known as the RFID. This is what enables for the communications and data transmissions to take place. In fact, the microchip of the e-passport consists of a miniature RFID antenna to send information back and forth to the e-passport reader.
It should be noted that the RFID protocol is clear text based, meaning that any data which is transmitted can be very easily captured and deciphered by a malicious third party with the appropriate network sniffing tools.
In our next article, we examine the cybersecurity vulnerabilities of the e-passport infrastructure.
Join the conversation. Join our LinkedIn Group.
Ravi Das is a Cybersecurity Consultant and Business Development Specialist. He also does Cybersecurity Consulting through his private practice, RaviDas Tech, Inc. He is also studying for his Certificate In Cybersecurity through the ISC2.