Towards Biometric Passports

By sunetrad at 2:22 am on January 16, 2009 | 4 Comments

            The EU recently passed a bill to introduce computerized biometric passports which will include people’s fingerprints as well as their photographs. It joined a host of other countries which have taken similar steps towards increasing the security of their citizens’ identities.

Although the bill received tremendous support, there was opposition from some civil liberties groups towards the creation of a database filled with personal identity information. Their technical reasoning was that “Biometric passports are only as safe as the existing paper documents they will replace” and this will only give criminals a clear channel to travel once they have acquired false biometric IDs. Is that really the truth?

            The whole idea for having biometric passports began in the aftermath of the 9/11 attacks where having them would make it harder for the criminals to forge identification documents.

However, it is true that adding extra security to a system to cover some holes can at times expose it to other vulnerabilities. Biometrics takes a person’s identity which is unique and uses that to build a key. But this type of authentication becomes ineffective once attackers are able to impersonate biometric measurements. Let’s say that the user’s fingerprint is the “key’, and the attacker manages to impersonate it. Now we can’t even revoke the key because the user cannot get a new fingerprint. Also biometric authentication has the disadvantages where a number of false positives and negatives are generated. The article gives two examples where two innocent people in different events (a Madrid train bombing and a murder scene in Scotland) were falsely accused because their fingerprints were falsely identified.

            An interesting point is made in the article where it is stated that if the emphasis switches to biometrics then too much use of technology would get rid of the ‘human element’ in the jobs of security guards. They would risk not observing if a person appears nervous or fidgets while passing through security which would otherwise be good signs that a person may be lying or committing something wrong.

            The parliament rejected the proposal for children to carry biometric passports as for one their fingerprints change as they grow older and that makes it a less reliable form of identification. Since the passport based system is fingerprint-based in the EU, people with no hands would not be able to have such a passport and hence the bill will make them apply for a temporary 12 month passport.

            We know that biometric authentication techniques can have disadvantages. So to have a more effective authentication technique, it should be coupled with another technique. This is called “two-factor authentication”. If along with a passport, they ask for some kind of a PIN or password that only the person knows, then the security process would be more effective. Also the article didn’t mention it, but if the biometric passports use Basic Access Control protection or Extended Access Control protection, then that would bring in strong encryption for the private data such as the person’s personal information and biometric measurements stored on the passport.

 

Article : http://pcworld.idg.com.au/article/273122

 

 

Filed under: Current Events4 Comments »
« Previous Page