You are here: Resources > FIDIS Deliverables > HighTechID > D3.6: Study on ID Documents > 

D3.6: Study on ID Documents

Security and Privacy Aspects  Title:


General Threats

A number of different threats to security and privacy of ID documents and related systems have already been discussed in academic and non-academic communities. Some of them are very obvious and lead to a increasing use of technical components in ID documents in all European countries in the last 10 years. These are for example:


  • Theft of ID documents and the correlated (partial) identities 

  • Copying or cloning of ID documents basing on existing identities (identity theft) or totally faked and non-existing identities (identity creation) 

  • Modification of (lost or stolen) ID documents for example to make the identifiers fit to a different person or to change attributes such as date of validity or name of birth 


These threats have a limited impact in cases where ID documents are used for a limited number of specified purposes. Traditionally ID documents were used to authenticate a citizen against public authorities of his home or a foreign country. In cases a document gets lost or stolen, this information can be entered in a database for stolen ID documents easily. Within an authentication procedure ID documents can easily be checked against that database by public authorities. In case of a match appropriate measures can be taken.  

MRTDs are deploying technologies that are used in different environments and systems as well. This is especially true for biometrics such as fingerprinting. Storage of raw data (photos) of fingerprints and templates are options for future MRTDs. Fingerprints are also used in a forensic context (crime investigation etc.) or as an access solution for buildings, rooms or IT systems. This raises a number of scenarios where biometric data from ID documents could be abused in the context of other biometric systems, for example via spoofing of sensors or manipulating back-office systems such as reference databases. Security (for example access control) of ID document systems and the format in which biometric data is stored in ID documents thus has an impact on the security or the performance of other biometric systems using the same biometric methods or features. This is especially the case where we have unobserved sensors with limited capability of liveness detection. From the perspective of the owner of the passport this kind of abuse of biometric data may result in identity theft. 

In difference to traditional ID documents European passports as a prototype of current MRTDs are remotely and non-interactively (from the perspective of the bearer of the passport) readable through a distance from 2 to 10 m, when the access control can be circumvented or hacked. This creates the risk of ubiquitous, unobserved authentication by authorised or unauthorised third parties, when carrying a MRTD equipped with RFID. This enables tracking of people carrying a passport, for example when staying as tourist in a foreign country. Even the abuse of this kind of non-interactive authentication for smart bombs has already been discussed (see chapter ).

In addition to traditional and well understood scenarios to abuse ID documents new MRTDs offer numerous additional threats. In particular they base on scenarios for remote and unobserved authentication of bearers of MRTDs and the use of biometric data stored on ID documents for additional purposes in the public and private sector. 



Security and Privacy Aspects  fidis-wp3-del3.6.study_on_id_documents_03.sxw  Biometrics
Denis Royer 40 / 56