Biometric State would ensure secure and efficient border crossings

Dr. Ruwantissa ABEYRATNE

BIOMETRICS STATE: Biometrics is the in-thing, both in fiction and reality and the biometric State could be closer than we thought. Those of us who watched the 2002 Spielberg movie ‘Minority Report’ were introduced to a fictional State that scanned the irises of people while they were coming out of railway stations or entering buildings.

In reality, biometric identification is prolific at airports and other areas of border crossing, where it is now quite common to use machine readable passports, visas and other travel documents.

Aviation has reached the stage where quantum physics not only assists in the aeronautical aspects of air transport but also contributes to the day to day activities involving passenger clearance, immigration and

 customs.

A brand new technique known as quantum cryptography is on the way, calculated to eliminate the terrifying vulnerabilities that arise in the way digitally stored data are exposed to fraudulent use.

New technique

This new technique uses polarized photons instead of electronic signals to transmit information along cables. Photons are tiny particles of light that are so sensitive that when intercepted, they immediately become corrupted.

This renders the message unintelligible and alerts both the sender and recipient to the fraudulent or spying attempt.

The public key directory - designed and proposed to be used by customs and immigration authorities who check biometric details in an electronic passport, is based on cryptography - and is already a viable tool being actively considered by the aviation community as a fail-safe method for ensuring the accuracy and integrity of passport information.

The techniques of biometrics employed in a machine readable travel document (MRTD), be it a visa or passport, enable the user to uniquely encode a particular physical characteristic of a person into a biometric identifier or biometric template which can be verified by machine to confirm or deny a claim regarding a person’s identity.

The MRTD process, which is an initiative of the International Civil Aviation Organisation (ICAO) goes back to the early nineties.

A passport asserts that the person holding the passport is a citizen of the issuing State while a visa confirms that the State issuing the visa has granted the visa holder the non-citizen privilege of entering and remaining in the territory of the issuing State for a specified time and purpose.

The Machine Readable Passport (MRP) is a passport that has both a machine readable zone and a visual zone in the page that has descriptive details of the owner.

The machine readable zone enables rapid machine clearance, quick verification and instantaneous recording of personal data.

Besides these advantages, the MRP also has decided security benefits, such as the possibility of matching very quickly the identity of the MRP owner against the identities of undesirable persons, whilst at the same time offering strong safeguards against alteration, counterfeit or forgery.

Accordingly, biometric identification of a person either correctly establishes his identity as being consistent with what is claimed in the passport he is holding or brings to bear the possibility that the person carrying a particular passport is an impostor.

A biometric is a measurable, physical characteristic or personal behavioural trait used to recognise the identity, or verify the claimed identity of a person.

Goals

In the modern context, biometrics are usually incorporated in an MRTD with a view to achieving five goals, the first of which is global interoperability enabling the specifications of biometrics deployed in travel documents across the world to be applied and used in a universally operable manner.

“Global interoperability” means the capability of inspection systems (either manual or automated) in different States throughout the world to exchange data, to process data received from systems in other States, and to utilise that data in inspection operations in their respective states.

Global interoperability is a major objective of the standardised specifications for placement of both eye-readable and machine-readable data in all MRTDs. This is a critical need if the smooth application of biometric technology were to be ensured across borders.

The second goal is to ensure uniformity within States in specific standard setting by States authorities who deploy biometrics in travel documents issued by them.

The third is technical reliability, where States are required to ensure that technologies used in deploying biometrics are largely failure-proof and of sufficient quality and standard to ensure a State immigration authority reading documents issued by other States that the details in the document do provide accurate verification of facts.

Fourthly, the technology used has to be practical and not give rise to the need for applying disparate types of support technology at unnecessary cost and inconvenience to the user.

The final goal is to ensure that the technology used will be sufficiently up to date for at least 10 years and also be backwardly compatible with new techniques to be introduced in the future.

Behavioural traits

Biometrics target the distinguishing physiological or behavioural traits of the individual by measuring them and placing them in an automated repository such as machine encoded representations created by computer software algorithms that could make comparisons with the actual features.

Physiological biometrics that have been found to successfully accommodate this scientific process are facial recognition, fingerprinting and iris-recognition which have been selected by ICAO as being the most appropriate.

The biometric identification process is fourfold: firstly involving the capture or acquisition of the biometric sample; secondly extracting or converting the raw biometric sample obtained into an intermediate form; and thirdly creating templates of the intermediate data is converted into a template for storage; and finally the comparison stage where the information offered by the travel document with that which is stored in the reference template.

Biometric identification gets into gear each time an MRTD holder (traveller) enters or exists the territory of a State and when the State verifies his identity against the images or templates created at the time his travel document was issued.

This measure not only ensures that the holder of the document is the legitimate claimant to that document and to whom it was issued, but also enhances the efficacy of any advance passenger information (API) system used by the State to pre-determine the arrivals to its territory.

API involves exchange of data information between airlines and customs authorities, where an incoming passenger’s essential details are notified electronically by the airline carrying that passenger prior to his arrival.

The data for API would be stored in the passenger’s machine readable passport, in its machine readable zone. This process enables customs authorities to process passengers quickly, thus ensuring a smoother and faster clearance at the customs barriers at airports.

One of the drawbacks of this system, which generally works well and has proven to be effective, is that it is quite demanding in terms of the high level of accuracy required. One of the major advantages, on the other hand, is the potential carried by the API process in enhancing aviation security at airports and during flight.

Furthermore, matching biometric data presented in the form of the traveller with the data contained in the template accurately ascertains as to whether the travel document has been tampered with or not.

A three way check, which matches the traveller’s biometrics with those stored in the template carried in the document and a central database, is an even more efficacious way of determining the genuineness of a travel document.

The final and most efficient biometric check is when a four way determine is effected, were the digitized photograph is visually matched (non electronically) with the three way check described above.

In this context, it is always recommended that the traveller’s facial image (conventional photograph) should be incorporated in the travel document along with the biometric templates in order to ensure that his identity could be verified at locations where there is no direct access to a central database or where the biometric identification process has not entered into the legal process of that location.

The public key directory

In order to assure inspecting authorities (receiving States) that they would know when the authenticity and integrity of the biometric data stored in the MRTD, which they inspect, are compromised and tampered with, the Public Key Infrastructure (PKI) scheme was developed by ICAO.

In May 2003, the ICAO Council considered work conducted by its Air Transport Committee and the approval by the Committee of a “Blueprint” for incorporating biometric identification in passports and other MRTDs for the purpose of ascertaining and verifying identity.

The Committee had taken into consideration a rigorous and sustained six-year study of technology options for introducing the capability to link a document positively to the rightful holder and to verify the authenticity of the document.

The Public Key Directory is a central repository for all public keys that are established individually by States. A key is a string of characters which is used to encrypt or decrypt critical information in a document.

Therefore, the PKI system ensures that digital signatures assigned to data (and not the data itself) in a MRTD are encrypted or decrypted using both a private key- which is used by the passport issuing authority to encrypt the digital signature - and a public key - to be used by the party reading the document to decrypt the signature.

Both the private key and the public key play critical roles in the process of encryption and decryption, which is the essence of the public key directory.

It is integral to the programme to have an efficient and commonly accepted means of sharing and updating the public keys in effect for all non-expired passports in existence for all participating countries at a given time. Each participating State will therefore install its own secure facilities to generate key pairs.

In each case the private key, used to encrypt digital signatures, will be held secret by the State. The public key, on the other hand, can be released for circulation in the public domain.

The reading authority at the point of entry would use the appropriate public key to decrypt the information in order to verify whether the data in the MRTD has been altered in any way.

Public key encryption is purely a mathematical process designed to scramble and unscramble messages using two keys (the public key and the private key) and numerical data which contain information the process scrambles the contents of a message.

The keys are shared between the scrambler and the un-scrambler. When translated to the e-passport the process works in the following way.

Private key

The State which issues the passport encrypts information that is placed in the passport using its private key.

The State which examines the passport (on arrival of the passenger) obtains the issuing State’s public key and uses it to decrypt the information in the passport.

Contrary to popular belief, the PKD is neither a database of e-passports nor a repository of passport information. It is also not a look-out list nor is it a list of persons.

Above all, it is not a large database as it remains a database only of public keys. Public keys do not carry personal information but are decoders of information that have been encrypted.

The encryption process entitles a reading State to decode the encrypted digital signature on the mandatory passport data which cannot readily be deciphered.

Other mandatory data in the machine readable zone of the passport, such as the facial image (photograph) of the passport holder, which is readily visible, do not fall within the process of decryption.

Public keys contain information that can and should be released into the public domain in order to provide for a globally interoperable system that authenticates the contents of integrated circuit chips in passports. There is thus no security issue involved in any potential user’s access to public keys, and distribution via the Internet is planned.

However, access to the web site will effectively be limited to the users of the system, and specialised system protocols will be required in such transactions.

The transmission of key certificates from e-passport issuing States to ICAO, however, will require protection to ensure that bogus keys are not inserted into the system.

One of the requirements to be placed on the successful contractor is to demonstrate the capability and competence to build a system with the necessary security measures. The rules and regulations will require adherence to procedures necessary to implement these measures.

Transactions

The operation of the PKD and the transactions between the PKD and the users will be relatively simple. The PKD will function as a sort of message board, containing “messages” (public key lists) posted by ICAO after ICAO has verified them as genuine.

Contributing administrations will be required to send their key lists to ICAO for posting well in advance of their effective date.

Accessing the PKD to verify individual passports is not contemplated. Entities using the system will periodically download the whole directory to update the lists in their own systems and use these lists to verify individual passports.

This arrangement, together with the redundancy built into the system, is expected to mitigate the risks associated with any system failure.

However, the expected level of system performance will be stipulated in the contract with the PKD operator.

The United States, in responding to the events of September 11, 2001, has become a leader in the use of biometric systems. States of the European Union have also begun to use biometric identifiers in passports starting with facial images and graduating to include two fingerprints by 2009.

The United Kingdom adopted legislation in 2006 to introduce a biometric identity card for its citizens and hopes to issue a biometric identity card to everyone who renews a passport.

This card will contain features including fingerprints and iris and facial scans. India has just concluded a pilot project to test improvements to a multipurpose national identity card.

Biometric identifiers are by no means a complete guarantee of security and they cannot ensure that every terrorist can be prevented from boarding an aircraft. But they certainly represent a step forward in our quest for safe and efficient border crossings.

The writer is the Coordinator, Air Transport Programmes, International Civil Aviation Organisation, Montreal, Canada.