Will someone be able to read or access the information on the chip without my knowledge (also known as skimming or eavesdropping)?
We feel that it would be good to point out what we have done to diminish the known nefarious acts of "skimming" data from the chip, "eavesdropping" on communications between the chip and reader, "tracking" passport holders, and "cloning" the passport chip in order to facilitate identity theft crimes.
Skimming is the act of obtaining data from an unknowing end user who is not willingly submitting the sample at that time. Eavesdropping is the interception of information as it moves electronically between the chip and the chip reader.
"Skimming" The Department is using an embedded metallic element in our passports. One of the simplest measures for preventing unauthorized reading of e-passports is to add RF blocking material to the cover of an e-passport. Before such a passport can be read, it has to be physically opened. It is a simple and effective method for reducing the opportunity for unauthorized reading of the passport at times when the holder does not expect it.
"Skimming and Eavesdropping" We have adopted Basic Access Control (BAC) to minimize the risk of "skimming" and "eavesdropping". Basic Access Control requires that the initial interaction between the embedded microchip in the passport and the border control reader include protocols for setting up the secure communication channel. To ensure that only authorized RFID readers can read data, Basic Access Control stores a pair of secret cryptographic keys in the passport chip. When a reader attempts to scan the passport, it engages in a challenge-response protocol that proves knowledge of the pair of keys and derives a session key. If authentication is successful, the passport releases its data contents; otherwise, the reader is deemed unauthorized and the passport refuses read access. This control would require the receiving state to read the passport machine-readable zone (MRZ) to unlock and read the data on the chip. The MRZ information is used for computing the encryption and message authentication keys used for the "secure" exchange. BAC mollifies the possibility of both "skimming" and "eavesdropping".
"Tracking" A chip that is protected by the BAC mechanism denies access to its contents unless the inspection system can prove that it is authorized to access the chip. However, these chips still allow the Unique Identifier (UID) to be communicated with the reader, which could theoretically allow the document bearer to be "tracked". To prevent the use of the UID for "tracking", the Department is using a Random UID feature. A RUID presents a different UID each time the chip is accessed. In order to be considered random, the e-passport must present an RUID that cannot be associated with UID's used in sessions that precede or follow the current session. Each chip uses its onboard hardware random number generator (RNG) module, thereby utilizing a true RNG base to derive a RUID.
"Cloning" It is possible to substitute the chip of an e-passport with a fake chip storing the data copied from the chip of another e-passport. However, the simplest way to mitigate this treat is to verify that the chip data belongs to the presented e-passport. This can be done by comparing the data stored on the chip to data on the e-passports data-page. If the photos and biographical data matches and the passport does not appear to have been tampered with (is not counterfeited), then the e-passport and the data stored on the chip can be considered to be belonging together. Additionally, the introduction of Public Key Infrastructure (PKI) into travel documents provides, for the first time, the means of automatically (without human intervention) confirming that the person presenting the travel document, is the same person shown on the data page, and on the chip, with the assurance that the data was put there by the issuing authority and that the data has not been changed.
