E-Passport Threats

The International Civil Aviation Organization (ICAO) standardized e-passports by specifying how to implement and protect machine-readable travel documents. E-passports have embedded contactless chips that can be read by radio from tip to a few centimeters away. The ICAO chose this technology over magnetic strips and 2D barcodes because it provides reliable connection, large memory capacity, random access, and rewritable memory. As with many other RFID devices, the chip in e-passports uses a 32-bit number for collision avoidance. Every country maintains its own public-key infrastructure (PKI) and exchanges root certificates with other countries via diplomatic means. Agencies issuing e-passports have their own public keys and certificates from the PKI. In this way, a passive authentication mechanism verifies every data group´s digest. With today´s e-passports, private information is limited to the MRZ and a digital picture, but the goal is to eventually add more biometrics at some point, along with a digitized handwritten signature.