US Border Patrol Unable to Validate E-Passport Data

US Border Patrol Unable to Validate E-Passport Data

E-passports store a cryptographic signature to prevent forgeries and tampering, but CBP has not deployed the software needed to verify the information, causing a security lapse.

U.S. Customs and Border Protection officials have been unable to cryptographically verify passports of visitors coming into the US for more than a decade because they lacked the proper software, according to a letter sent to CBP acting commissioner Kevin K. McAleenan by Sens. Ron Wyden (D-OR) and Claire McCaskill (D-MO). E-passports store a cryptographic signature to prevent forgeries and tampering, but CBP has not deployed the software needed to verify the information, causing a security lapse.

For the last 11 years, the United States has inserted RFID chips in the back panel of its passports, creating “e-Passports”. The chip stores passport information, a biometric identifier, and a cryptographic signature to prevent tampering or forgeries, making it theoretically more secure and more difficult to alter.

However, according to Wyden and McCaskill, CBP currently “lacks the technical capabilities to verify e-passport chips.”

“Specifically, CBP cannot verify the digital signatures stored on the e-passport, which means that CBP is unable to determine if the data stored on the smart chips has been tampered with or forged," according to the senators’ letter.

The security gap was first brought to light by the Government Accountability Office (GAO) in a 2010 report.

"DHS does not have the capability to fully verify the digital signatures because it ... has not implemented the system functionality necessary to perform the verification,” GAO reported. "The additional security against forgery and counterfeiting that could be provided by the inclusion of computer chips on e-passports issued by the United States and foreign countries ... is not fully realized."

The senators have asked CBP to work with the government’s General Services Administration to create a budget for implementing the software needed to use the e-passport verification functionality and present a plan by January 1, 2019.

About the Author

Jessica Davis is the Associate Content Editor for 1105 Media.

Featured

Featured Cybersecurity

Webinars

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3