• The cryptography behind electronic passports Did you know that most modern passports are actually embedded devices containing an entire filesystem, access controls, and support for several cryptographic protocols? • Such passports display a small symbol indicating an electronic machine-readable travel document (eMRTD), which digitally stores the same personal data printed in traditional passport booklets in its embedded filesystem. • Beyond allowing travelers in some countries to skip a chat at border control, these documents use cryptography to prevent unauthorized reading, eavesdropping, forgery, and copying. • This blog post describes how electronic passports work, the threats within their threat model, and how they protect against those threats using cryptography. • It also discusses the implications of using electronic passports for novel applications, such as zero-knowledge identity proofs. • Like many widely used electronic devices with long lifetimes, electronic passports and the systems interacting with them support insecure, legacy protocols that put passport holders at risk for both standard and novel use cases.
Article Summaries:
- Electronic passports are contact‑less chips that store a full filesystem, access controls, and multiple cryptographic protocols to protect personal data. The ICAO‑defined eMRTD application uses a hierarchical file system (master, dedicated, and elementary files) to hold mandatory data groups (DG1 and DG2) and optional biometric or travel‑record data. The chip’s security relies on cryptographic signatures and secure messaging to prevent unauthorized reading, eavesdropping, forgery, and duplication. The post outlines the threat model-distinguishing attackers with physical access from those without-and highlights risks from legacy protocols still in use. It also explores future uses such as zero‑knowledge identity proofs, noting that long‑lived devices can expose passport holders to evolving security threats.
Sources: