Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

Industry Group Says E-Passport Clone Poses Little Risk

Cloning a passport's inlay, according to the Smart Card Alliance, would be no different than stealing someone else's passport and trying to present that as your own at a border entry point.
By Mary Catherine O'Connor
During the teleconference, Randy Vanderhoof, executive director of the Smart Card Alliance, noted that the data encoded to the chip inside an e-passport is digitally signed and locked by the issuing nation, and could not be altered even if it was cloned. According to Vanderhoof, what Grunwald accomplished could not serve to make electronic passports less secure because the passport inspectors will still examine the chip's encoded photo and compare it with the person who presents the passport. Cloning a passport's inlay, he says "would be no different, in our point of view, than stealing someone else's passport and trying to present that as your own at a border entry point."

"Electronic passports are far more secure than today's printed documents," says Vanderhoof, because the RFID element is used to authenticate the carrier of the passport through a visual inspection. In the Wired story, Frank Moss, deputy assistant secretary of state for passport services at the U.S. State Department, said the e-passport specs were not designed to prevent cloning. "What this person has done is neither unexpected nor really all that remarkable," he told Wired, adding that the RFID inlay is meant to be an additional authenticator of the passport's carrier.

What if a country decided to remove the manual inspection process entirely, however, relying instead only on the data presented to an interrogator at a border crossing? In this approach, which the ICAO specifications allow for and which some countries are reportedly considering, someone other than Grunwald could enter a country by presenting a clone of Grunwald's e-passport, as easily as someone could steal an EZPass and drive through a New York toll booth.

"Obviously it would be better to have anticloning features [on e-passports], but [e-passports] may well be more secure than the [ones without RFID], in which photos can be grafted into real passports or inserted into fake ones," says Ari Juels, principal research scientist for RSA Laboratories, the research arm of RSA Security.

Juels says Grunwald's result "is a useful demonstration, but does not really teach anything new. A system with cloneable passports is roughly equivalent in security to a database with integrity protection. Anyone can claim to be another person; the system relies on a physical identity check for its success."

USER COMMENTS

Chris Kapsambelis 2006-08-10 12:10:49 PM
Passport There are two big differences between stolen Passports and cloned Passports. A stolen Passport will be reported by its owner. A cloned Passport will be an unknown copy. A person can probably clone more that 60 Passports per hour. I don't believe anyone can steal 60 Passports per hour.
Yaakov Ostrover 2006-08-11 08:27:28 PM
Patent The e-passport might be infringing this US patent: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=7&f=G&l=50&co1=AND&d=PTXT&s1=6585154&OS=6585154&RS=6585154

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

PREMIUM CONTENT
Case Studies Features Best Practices How-Tos
RFID JOURNAL EVENTS
Live Events Virtual Events Webinars
ASK THE EXPERTS
Simply enter a question for our experts.
TAKE THE POLL
JOIN THE CONVERSATION ON TWITTER
Loading
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations