UW Computer Security Research and Course Blog

The Technology

SIDA (Secure Identification Display Area) badges are identification devices issued to airport personnel, which establish which areas of the airport an employee is authorised to access. Each airport has its own SIDA badge classification system and issuing authority. The badges themselves are printed on standard credit card-sized media, with elements such as the employee name, picture and card expiration date printed on the front, along with a prominent colouration and/or lettering, which indicates the access level of the employee. On the back is a magstripe, used to grant access at SIDA entry points, typically in combination with a PIN. In addition, personnel who need to frequently enter and exit sterile areas may be issued badges that can be used to bypass sterile area security screening procedures.

Assets and Security Goals

Secure and verifiable identification of airport personnel – It should be easy to distinguish authorised airport personnel with a glance at their badge, so that unauthorised personnel can easily be picked out.

Airport infrastructure – The badge should ensure that unauthorised persons do not have access to areas of the airport that are critical to airport operations and passenger safety.

Airport efficiency – The security procedures surrounding the badge should not be so onerous that it prevents efficient operations or encourages personnel to try to dodge the procedures.

Adversaries and Threats

Terrorists – Anybody who wants to gain access to secure areas so as to disrupt airport operations in such a way as to inspire fear in others.

Rogue personnel – Employees who are cleared to access secure areas and wish to undermine this responsibility, for ideological, financial or other reasons.

Crafty impatient passengers – The general public, who are not interested in harming anybody, but simply want to bypass the hassle of security screenings.

Weaknesses

Lack of centralised issuing authority – Since badges are issued by individual airports, rather than one central authority, the system may be easier to compromise, such as making it easier to find out which officer is handling your badge application so you can bribe them to overlook your background investigation.

Badge design – SIDA badges are generally rather simple affairs, with a solid coloured background on the front, possibly including an embedded hologram, and a magstripe (which can be cloned) on the back, so that it may be easy to forge a copy that passes routine inspection.

Shoulder surfing – Adversaries may be able to pick up PINs without being noticed, since many SIDA entry points are in busy locations of the airport, which is especially dangerous if they are changed infrequently.

Exceptions – SIDA badge holders with the ability to bypass security screening can be tempting assets for adversaries to exploit, who can be used to smuggle prohibited items into the sterile area of the airport.

Defences

A central badging authority, such as the one which issues credentials to seaport workers (called the TWIC – Transportation Worker Identification Credential), may mitigate the risk of badge background investigations being compromised. Additionally, the TWIC itself is more difficult to compromise, with fine print and colour variations, as well as multiple embedded holograms, and multifactor authentication built into its smart chip, including a password and biometric data.

Frequent cycling of PINs would help alleviate the issues associated with shoulder surfing. Adding another security factor such as an iris scan while the individual is entering a PIN may also help.

The only way to be as sure as possible that nothing prohibited gets into the sterile area is to screen all individuals entering the area, regardless of SIDA badge status.

Evaluation of Risks

There are many assets at stake. An adversary who is able to overcome the protections afforded by SIDA badges can wreck havoc, such as disrupting air traffic control systems or loading dangerous materials onto planes, giving them the ability to inflict significant financial and personal damages.

The system has thus far been successful at preventing newsworthy compromises of airport personnel security. However, there are definitely weaknesses that should be addressed. The defences proposed above would likely be relatively straightforward to implement, but the required economic outlay may prove to be prohibitive. Also, one of the weakest links in this system involves the human factor. Even with increased physical badge security, the security personnel that are responsible for validating the badges must be properly trained. An example of a lack of such training is evident in the deployment of TWICs, where factors such as biometrics and passwords are often never even examined, perhaps out of cost concerns.

Another interesting point to note about SIDA badges is that pilots and flight crew who do not have a SIDA badge for a particular airport are generally treated like members of the general public – for example, they have to go through security screenings like everybody else and can’t wander on the tarmac further than the perimeter of their plane. It seems ironic that the people most directly responsible for the safety of passengers may face greater restrictions than concession stand workers at the airport.

Conclusion

With airport security being at the forefront of everybody’s minds since 9/11, we not only need to protect the physical assets of the airport, but the psychological ones as well—another 9/11 would cause a serious breach in the public’s trust and sense of well being, compared to most other imaginable disasters. SIDA badges have been doing their part so far, but the government needs to continue moving forward to patch the holes in what is still a relatively leaky system.