Biometric State would ensure secure and efficient border crossings
Dr. Ruwantissa ABEYRATNE
BIOMETRICS STATE: Biometrics is the in-thing, both in fiction and
reality and the biometric State could be closer than we thought. Those
of us who watched the 2002 Spielberg movie ‘Minority Report’ were
introduced to a fictional State that scanned the irises of people while
they were coming out of railway stations or entering buildings.
In reality, biometric identification is prolific at airports and
other areas of border crossing, where it is now quite common to use
machine readable passports, visas and other travel documents.
Aviation has reached the stage where quantum physics not only assists
in the aeronautical aspects of air transport but also contributes to the
day to day activities involving passenger clearance, immigration and
Machine readable passport enables quick verification of personal
data
|
customs.
A brand new technique known as quantum cryptography is on the way,
calculated to eliminate the terrifying vulnerabilities that arise in the
way digitally stored data are exposed to fraudulent use.
New technique
This new technique uses polarized photons instead of electronic
signals to transmit information along cables. Photons are tiny particles
of light that are so sensitive that when intercepted, they immediately
become corrupted.
This renders the message unintelligible and alerts both the sender
and recipient to the fraudulent or spying attempt.
The public key directory - designed and proposed to be used by
customs and immigration authorities who check biometric details in an
electronic passport, is based on cryptography - and is already a viable
tool being actively considered by the aviation community as a fail-safe
method for ensuring the accuracy and integrity of passport information.
The techniques of biometrics employed in a machine readable travel
document (MRTD), be it a visa or passport, enable the user to uniquely
encode a particular physical characteristic of a person into a biometric
identifier or biometric template which can be verified by machine to
confirm or deny a claim regarding a person’s identity.
The MRTD process, which is an initiative of the International Civil
Aviation Organisation (ICAO) goes back to the early nineties.
A passport asserts that the person holding the passport is a citizen
of the issuing State while a visa confirms that the State issuing the
visa has granted the visa holder the non-citizen privilege of entering
and remaining in the territory of the issuing State for a specified time
and purpose.
The Machine Readable Passport (MRP) is a passport that has both a
machine readable zone and a visual zone in the page that has descriptive
details of the owner.
The machine readable zone enables rapid machine clearance, quick
verification and instantaneous recording of personal data.
Besides these advantages, the MRP also has decided security benefits,
such as the possibility of matching very quickly the identity of the MRP
owner against the identities of undesirable persons, whilst at the same
time offering strong safeguards against alteration, counterfeit or
forgery.
Accordingly, biometric identification of a person either correctly
establishes his identity as being consistent with what is claimed in the
passport he is holding or brings to bear the possibility that the person
carrying a particular passport is an impostor.
A biometric is a measurable, physical characteristic or personal
behavioural trait used to recognise the identity, or verify the claimed
identity of a person.
Goals
In the modern context, biometrics are usually incorporated in an MRTD
with a view to achieving five goals, the first of which is global
interoperability enabling the specifications of biometrics deployed in
travel documents across the world to be applied and used in a
universally operable manner.
“Global interoperability” means the capability of inspection systems
(either manual or automated) in different States throughout the world to
exchange data, to process data received from systems in other States,
and to utilise that data in inspection operations in their respective
states.
Global interoperability is a major objective of the standardised
specifications for placement of both eye-readable and machine-readable
data in all MRTDs. This is a critical need if the smooth application of
biometric technology were to be ensured across borders.
The second goal is to ensure uniformity within States in specific
standard setting by States authorities who deploy biometrics in travel
documents issued by them.
The third is technical reliability, where States are required to
ensure that technologies used in deploying biometrics are largely
failure-proof and of sufficient quality and standard to ensure a State
immigration authority reading documents issued by other States that the
details in the document do provide accurate verification of facts.
Fourthly, the technology used has to be practical and not give rise
to the need for applying disparate types of support technology at
unnecessary cost and inconvenience to the user.
The final goal is to ensure that the technology used will be
sufficiently up to date for at least 10 years and also be backwardly
compatible with new techniques to be introduced in the future.
Behavioural traits
Biometrics target the distinguishing physiological or behavioural
traits of the individual by measuring them and placing them in an
automated repository such as machine encoded representations created by
computer software algorithms that could make comparisons with the actual
features.
Physiological biometrics that have been found to successfully
accommodate this scientific process are facial recognition,
fingerprinting and iris-recognition which have been selected by ICAO as
being the most appropriate.
The biometric identification process is fourfold: firstly involving
the capture or acquisition of the biometric sample; secondly extracting
or converting the raw biometric sample obtained into an intermediate
form; and thirdly creating templates of the intermediate data is
converted into a template for storage; and finally the comparison stage
where the information offered by the travel document with that which is
stored in the reference template.
Biometric identification gets into gear each time an MRTD holder (traveller)
enters or exists the territory of a State and when the State verifies
his identity against the images or templates created at the time his
travel document was issued.
This measure not only ensures that the holder of the document is the
legitimate claimant to that document and to whom it was issued, but also
enhances the efficacy of any advance passenger information (API) system
used by the State to pre-determine the arrivals to its territory.
API involves exchange of data information between airlines and
customs authorities, where an incoming passenger’s essential details are
notified electronically by the airline carrying that passenger prior to
his arrival.
The data for API would be stored in the passenger’s machine readable
passport, in its machine readable zone. This process enables customs
authorities to process passengers quickly, thus ensuring a smoother and
faster clearance at the customs barriers at airports.
One of the drawbacks of this system, which generally works well and
has proven to be effective, is that it is quite demanding in terms of
the high level of accuracy required. One of the major advantages, on the
other hand, is the potential carried by the API process in enhancing
aviation security at airports and during flight.
Furthermore, matching biometric data presented in the form of the
traveller with the data contained in the template accurately ascertains
as to whether the travel document has been tampered with or not.
A three way check, which matches the traveller’s biometrics with
those stored in the template carried in the document and a central
database, is an even more efficacious way of determining the genuineness
of a travel document.
The final and most efficient biometric check is when a four way
determine is effected, were the digitized photograph is visually matched
(non electronically) with the three way check described above.
In this context, it is always recommended that the traveller’s facial
image (conventional photograph) should be incorporated in the travel
document along with the biometric templates in order to ensure that his
identity could be verified at locations where there is no direct access
to a central database or where the biometric identification process has
not entered into the legal process of that location.
The public key directory
In order to assure inspecting authorities (receiving States) that
they would know when the authenticity and integrity of the biometric
data stored in the MRTD, which they inspect, are compromised and
tampered with, the Public Key Infrastructure (PKI) scheme was developed
by ICAO.
In May 2003, the ICAO Council considered work conducted by its Air
Transport Committee and the approval by the Committee of a “Blueprint”
for incorporating biometric identification in passports and other MRTDs
for the purpose of ascertaining and verifying identity.
The Committee had taken into consideration a rigorous and sustained
six-year study of technology options for introducing the capability to
link a document positively to the rightful holder and to verify the
authenticity of the document.
The Public Key Directory is a central repository for all public keys
that are established individually by States. A key is a string of
characters which is used to encrypt or decrypt critical information in a
document.
Therefore, the PKI system ensures that digital signatures assigned to
data (and not the data itself) in a MRTD are encrypted or decrypted
using both a private key- which is used by the passport issuing
authority to encrypt the digital signature - and a public key - to be
used by the party reading the document to decrypt the signature.
Both the private key and the public key play critical roles in the
process of encryption and decryption, which is the essence of the public
key directory.
It is integral to the programme to have an efficient and commonly
accepted means of sharing and updating the public keys in effect for all
non-expired passports in existence for all participating countries at a
given time. Each participating State will therefore install its own
secure facilities to generate key pairs.
In each case the private key, used to encrypt digital signatures,
will be held secret by the State. The public key, on the other hand, can
be released for circulation in the public domain.
The reading authority at the point of entry would use the appropriate
public key to decrypt the information in order to verify whether the
data in the MRTD has been altered in any way.
Public key encryption is purely a mathematical process designed to
scramble and unscramble messages using two keys (the public key and the
private key) and numerical data which contain information the process
scrambles the contents of a message.
The keys are shared between the scrambler and the un-scrambler. When
translated to the e-passport the process works in the following way.
Private key
The State which issues the passport encrypts information that is
placed in the passport using its private key.
The State which examines the passport (on arrival of the passenger)
obtains the issuing State’s public key and uses it to decrypt the
information in the passport.
Contrary to popular belief, the PKD is neither a database of
e-passports nor a repository of passport information. It is also not a
look-out list nor is it a list of persons.
Above all, it is not a large database as it remains a database only
of public keys. Public keys do not carry personal information but are
decoders of information that have been encrypted.
The encryption process entitles a reading State to decode the
encrypted digital signature on the mandatory passport data which cannot
readily be deciphered.
Other mandatory data in the machine readable zone of the passport,
such as the facial image (photograph) of the passport holder, which is
readily visible, do not fall within the process of decryption.
Public keys contain information that can and should be released into
the public domain in order to provide for a globally interoperable
system that authenticates the contents of integrated circuit chips in
passports. There is thus no security issue involved in any potential
user’s access to public keys, and distribution via the Internet is
planned.
However, access to the web site will effectively be limited to the
users of the system, and specialised system protocols will be required
in such transactions.
The transmission of key certificates from e-passport issuing States
to ICAO, however, will require protection to ensure that bogus keys are
not inserted into the system.
One of the requirements to be placed on the successful contractor is
to demonstrate the capability and competence to build a system with the
necessary security measures. The rules and regulations will require
adherence to procedures necessary to implement these measures.
Transactions
The operation of the PKD and the transactions between the PKD and the
users will be relatively simple. The PKD will function as a sort of
message board, containing “messages” (public key lists) posted by ICAO
after ICAO has verified them as genuine.
Contributing administrations will be required to send their key lists
to ICAO for posting well in advance of their effective date.
Accessing the PKD to verify individual passports is not contemplated.
Entities using the system will periodically download the whole directory
to update the lists in their own systems and use these lists to verify
individual passports.
This arrangement, together with the redundancy built into the system,
is expected to mitigate the risks associated with any system failure.
However, the expected level of system performance will be stipulated
in the contract with the PKD operator.
The United States, in responding to the events of September 11, 2001,
has become a leader in the use of biometric systems. States of the
European Union have also begun to use biometric identifiers in passports
starting with facial images and graduating to include two fingerprints
by 2009.
The United Kingdom adopted legislation in 2006 to introduce a
biometric identity card for its citizens and hopes to issue a biometric
identity card to everyone who renews a passport.
This card will contain features including fingerprints and iris and
facial scans. India has just concluded a pilot project to test
improvements to a multipurpose national identity card.
Biometric identifiers are by no means a complete guarantee of
security and they cannot ensure that every terrorist can be prevented
from boarding an aircraft. But they certainly represent a step forward
in our quest for safe and efficient border crossings.
The writer is the Coordinator, Air Transport Programmes,
International Civil Aviation Organisation, Montreal, Canada. |