Passports as a security measure

NETWORK WORLD NEWSLETTER: M. E. KABAY ON SECURITY
08/11/05
Today's focus: Passports as a security measure

Dear security.world@gmail.com,

In this issue:

* Biometric passports
* Links related to Security
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Nokia
Download the Case Study: NextCom Achieves Increased Productivity
with Nokia SSL/VPN solution

With an increasing mobile workforce demanding access to the
network, NextCom faced the challenge of ensuring that its
network remained a secure environment. To achieve this, NextCom
decided to arm its employees with a comprehensive remote access
capability. They chose to start deployment of the Nokia SSL-VPN
solution, Nokia Secure Access System, in one of the main
regional branches at Osaka. Download the Case Study today!
http://www.fattail.com/redir/redirect.asp?CID=110011
_______________________________________________________________
GARTNER'S SECURITY HYPE-O-METER

What is hype and has it influenced your network security
efforts? At a recent Gartner security summit, analysts described
what they say are "The Five Most Overhyped Security Threats,"
risks that have been overblown and shouldn't be scaring everyone
as much as they seem to be. For more, click here:
http://www.fattail.com/redir/redirect.asp?CID=109836
_______________________________________________________________

Today's focus: Passports as a security measure

By M. E. Kabay

Network and security managers are always having to deal with
identification and authentication. In today's column, I'm
looking at a dust-up between Europe and the U.S. over how to
enforce strong authentication of travelers' identity. Although
the topic is not directly related to our daily work, I think we
have contributions to make to the popular and political debates
about such issues based on our applicable technical expertise.

Passports in their modern form were introduced in the early 20th
century. Until that time, travel documents were issued by
national governments for specific voyages through specific
regions. "In this way, early passports are more similar to
modern visas than to modern passports, whose primary function is
to prove the identity and nationality of the holder."
["Passport," from Wikipedia
<http://en.wikipedia.org/wiki/Passport#History>.] Passports have
space for visas but are much longer-term documents, usually
valid for five years or more.

Today, passports have assumed a central role in preventing the
entry of politically undesirable or dangerous people (they are
not necessarily the same category) into the U.S. For example,
the British activist Yusuf Islam, once widely known as the
singer Cat Stevens, was refused entry into the U.S. in September
2004 on nebulous grounds that sparked ridicule and outrage
worldwide, as well as among his fans in the U.S.
<http://news.bbc.co.uk/2/hi/americas/3678694.stm>.

The most important issue to remember about passports as a
security measure is that they bind a real-world identifier to a
picture and a document; they tell us nothing in themselves about
the bearer of the passport. All the terrorists who flew planes
into the World Trade Center towers had passports that got them
into the U.S.

Being made of paper and bearing simple photographs, passports
have been relatively easy to counterfeit. For example, an
article by Philip Shishkin in the Wall Street Journal (Oct. 8,
2001) reported that fake passports were a big business, with
prices for forged U.S. passports ranging from $2,000 to $12,000.

To help make forgery more difficult and identification of
fraudulent holders of passports easier, the U.S. Department of
State has mandated that passports used to enter the U.S. be
equipped with machine-readable biometric information. U.S.
passports issued after October 2005 will also be so equipped.

"The proposed U.S. Electronic Passport is the same as a regular
passport with the addition of a small contactless integrated
circuit (computer chip) embedded in the back cover. The chip
will securely store the same data visually displayed on the
photo page of the passport, and will additionally include a
digital photograph. The inclusion of the digital photograph will
enable biometric comparison, through the use of facial
recognition technology at international borders. The U.S.
'e-passport' will also have a new look, incorporating additional
anti-fraud and security features."
<http://travel.state.gov/passport/eppt/eppt_2498.html>

According to a review by Duncan Graham-Rowe, differences in how
the U.S. and the European Union intended to integrate biometric
data into their passports may spell trouble for people on both
sides of the ocean ["ID row bad news for transatlantic
travellers," _NewScientist_ April 16, 2005,
<http://www.newscientist.com/article.ns?id=mg18624956.500> ].
For example, the original design for the chip-equipped U.S.
passport was supposed to allow remote reading - until critics
pointed out that having the details of someone's passport
readable from inside their pocket, briefcase, purse or knapsack
might be dangerous in many parts of the world, especially with
the recent worldwide decline in popularity of Americans due in
part to the invasion of Iraq
<http://pewglobal.org/reports/display.php?ReportID=247>. It
appears that the new plans may include lining the new passports
with foil to reduce the incidence of unauthorized data
extraction.

Let's hope the EU and the U.S. can resolve these disagreements
before international travel becomes even more unpleasant than it
already is.
* * *

Author's note: if you are interested in airport safety, see my
analysis at
<http://www2.norwich.edu/mkabay/opinion/airport_safety.htm>.

The top 5: Today's most-read stories

1. Microsoft open source exec: Not the loneliest guy in Redmond
<http://www.networkworld.com/nlsecuritynewsal4893>

2. EMC announces surveillance management application
<http://www.networkworld.com/news/2005/080905-emc.html?t5>

3. DKIM fights phishing and e-mail forgery
<http://www.networkworld.com/nlsecuritynewsal4894>

4. Microsoft fixes Print Spooler, Plug and Play flaw
<http://www.networkworld.com/nlsecuritynewsal4895>

5. Sprint, Nextel expect to finish merger Friday
<http://www.networkworld.com/nlsecuritynewsal4896>
_______________________________________________________________
To contact: M. E. Kabay

M. E. Kabay, Ph.D., CISSP, is Associate Professor in the
Division of Business and Management at Norwich University in
Northfield, Vt. Mich can be reached by e-mail
<mailto:mkabay@norwich.edu> and his Web site
<http://www2.norwich.edu/mkabay/index.htm>.

New information assurance journal - Norwich University Journal
of Information Assurance (NUJIA). See
<http://nujia.norwich.edu/>
_______________________________________________________________
This newsletter is sponsored by Nokia
Download the Case Study: NextCom Achieves Increased Productivity
with Nokia SSL/VPN solution

With an increasing mobile workforce demanding access to the
network, NextCom faced the challenge of ensuring that its
network remained a secure environment. To achieve this, NextCom
decided to arm its employees with a comprehensive remote access
capability. They chose to start deployment of the Nokia SSL-VPN
solution, Nokia Secure Access System, in one of the main
regional branches at Osaka. Download the Case Study today!
http://www.fattail.com/redir/redirect.asp?CID=110010
_______________________________________________________________
ARCHIVE LINKS

Archive of the Security newsletter:
http://www.networkworld.com/newsletters/sec/index.html

Security Research Center:
http://www.networkworld.com/topics/security.html

Instant sign-up for Security News Alert:
http://www.networkworld.com/isusecna

Instant sign-up for Virus & Bug Patch Alert:
http://www.networkworld.com/isubug
_______________________________________________________________
How well do you know your customers?

Accurate customer data directly impacts loyalty and business
planning, yet few companies update data regularly. Experts
address the challenges of ensuring a consistent, coherent
customer view across the enterprise.
http://www.fattail.com/redir/redirect.asp?CID=109805
_______________________________________________________________
FEATURED READER RESOURCE
HARD WORK, GOOD PAY

According to Network World's 2005 Salary Survey, network
professionals are enjoying substantial increases in pay,
especially at the highest- and lowest-tier job titles. But are
those increases coming with higher titles, more work or both?
Find out if compensation alone is keeping network professionals
happy in their careers - or is something else? Click here:
<http://www.networkworld.com/you/2005/072505-salary-survey.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005