e
-
Passport
--
Security
& Privacy Issues
Achmad Rully
arully@computer.org
BCS 2006
2
Intro: Privacy Issue
What is, What isn't
Privacy Goal:
Citizen VS Government
Intro: Privacy Issue
What is, What isn't
BCS 2006
4
Data
It
’
s all about data and its use
Revocable (alterable) data
Data which can be revoked or changed
Ex: handwriting, address, name, etc
Non
-
Revocable (permanent) data
Data which is an eternal feature of the object so that
one cannot revoke or alter it, or it is proven highly
impractical to do that
Ex: some biometric data (fingerprint, eye
-
retina, hand
geometry (palm
’
s vena pattern), DNA, etc)
BCS 2006
5
Revocable Data
Susi, a woman, has lost her smart card ID:
Name
Photo
Address
Password
Badu, a stalker, use the data to stalk Susi
Solution:
Persecute the person
Change address
BCS 2006
6
Non
-
Revocable Data
Budi, a businessman, has lost her ID:
Name
Address
Fingerprint
Pak Ogah, a criminal hacker, use the data to access
biometric protected resource in Budi
’
s office
Solution:
Persecute the person
You CAN NOT CHANGE YOUR FINGERPRINT
BCS 2006
7
Non
-
Revocable Data
(authentication, other case)
Budi, a Mercedes new series motorist, was
attacked by
stolen car
’
s mafia
His finger was cut so the mafia
can steal his Mercedes
Ethical question:
Which one you value most:
Your finger
Mercedes
Privacy Goal:
Citizen VS Government
BCS 2006
9
Privacy Goal:
Citizen VS Government (SP)
Government or Service Provider
Government or SP want to authenticate their
citizen before using their services
Ex: authenticate user to get a mobile phone
number
Corporation is included in this category
Citizen
Citizen want their data to be used in limited
purpose.
Ex: to get a new mobile phone number
BCS 2006
10
Biometric in Privacy
Issue
(1)
Biometric data, has been very useful in
authenticating an individual as a biometric data
will closely relate with particular individual that
own the data by using distinctive physical
features.
Biometric data has been in used as an ID system
in government and military facility, and now
beginning to be expanded in mass use.
Convenient, accurate, and auditable.
BCS 2006
11
Biometric in Privacy
Issue
(2)
Some government already introduce ID system
(National ID Card KTP in Indonesia, e
-
Passport,
etc) base on biometric data, without any
protection to the private data.
Yet even if they somehow provide protection,
there weren
’
t any guarantee whether the system
can not be reversed to retrieve the original data.
The possibility to recover protected data would
render the system itself not useful.
BCS 2006
12
Biometric in Privacy
Issue
(3)
Government Regime can change
(in Indonesia every 5 years).
Private non
-
revocable data can't
Therefore,
balancing
between the need
to authenticate trustfully, with the need to
protect private data
must be addressed
.
(look at minority report film)
BCS 2006
13
Biometric in Privacy
Issue
(4)
Developed Country:
Priority in convenience
Almost every one care about privacy
Developing Country:
Priority in survival
No one care about privacy
BCS 2006
14
Privacy protection:
Technology VS Law
Law: to protect human
Developed Country: US, Japan, Europe
Developing Country: Indonesia
Technology: to make life easier
Conventional: password, pass
-
phrase
Biometric ID: finger, iris, DNA
Mobile ID: RFID, touch card
BCS 2006
15
Comparing Country
in Privacy Data Protection
Indonesia
Japan
Data Retention
10 years
3
-
10 years
Responsibility
???
Very High
(harakiri, etc)
Corporate/Gov
Awareness
Low to Medium
Medium to High
Citizen
Awareness
Low to Medium
Very High
BCS 2006
16
Privacy in Indonesia
?
Poor:
No privacy law
No political will to address privacy issue
Low Corporate awareness
Low Citizen awareness
Good:
Minimal biometric feature implemented in national ID
card, Passport and almost other authentication
more convenience (?)
e
-
Passport
BCS 2006
18
e
-
Passport
Recommended (mandatory?) by ICAO
2 side of argument:
Government:
to make it easier & smoother for traveler
Citizen:
proliferation of private non
-
revocable data
Protection:
Originality Protection: paper feature
Data Protection: biometric feature
Country:
US, UK, Dutch, Malaysia, (and almost every
country).
BCS 2006
19
United Kingdom’s e
-
Passport
BCS 2006
20
Japan’s e
-
Passport
BCS 2006
21
Japan’s e
-
Passport
BCS 2006
22
Japan’s e
-
Passport:
Originality Protection
Laminate & Holograms
Micro
-
lettering Lines
Micro Letters
Watermark
(Mt. Fuji)
Laser
-
perforation
BCS 2006
23
Japan’s e
-
Passport:
Data Protection
BCS 2006
24
Indonesia’s Passport
BCS 2006
25
e
-
Passport: revocability
Address: easy
-
medium
Signature: easy
Photo: hard
Fingerprint: irrevocable
Iris: irrevocable
BCS 2006
26
Case example:
Indonesia e
-
Passport
6 February 2006
First phase, can be issued in 43 Immigration Office. Old
passport still valid until expired date
Feature
Revocable private data:
name, address, birthday
Non
-
revocable private data (biometric):
fingerprint, facial feature
BUT
Indonesia not yet provide e
-
Passport widely
Possibly, there is a dispute about procurement???
e
-
Passport
machine readable passport
BCS 2006
27
Case example:
Indonesia passport
Possible attacks
Tampering
Change passport data after visa approval
Not yet established security procedure
Originality protection: using freezing technique
Question
& Discussion
BCS 2006
29
Closing Remark
It is up to people to decide what is the boundary
of their privacy
Including, enforcing their privacy protection
People should maintain their own irrevocable
private data
Research in data privacy protection is not yet
mature
Security is time dependent, so not disclosing
your private data is better
Thank You
Enter the password to open this PDF file:
File name:
-
File size:
-
Title:
-
Author:
-
Subject:
-
Keywords:
-
Creation Date:
-
Modification Date:
-
Creator:
-
PDF Producer:
-
PDF Version:
-
Page Count:
-
Preparing document for printing…
0%
Comments 0
Log in to post a comment