Quantum computing could threaten biometric ID document security: report

A new report by digital security industry group Eurosmart claims that quantum computers may compromise the security of biometric ID documents and applications around the world.

In particular, the publication analyzes potential vulnerabilities of eMRTDs, documents equipped with a secure chip containing the information of the holder. eMRTDs include NFC-enabled passports and national ID cards, documents which chips can contain both biometric and biographical data.

According to Eurosmart, this type of document commonly relies on asymmetric cryptography, which could be easily broken by quantum computers with sufficient capabilities by reverting back to the private key from the public key.

The potential decryption of this data could therefore give attackers access to individuals’ biometric and biographical information.

“This would have substantial impacts as all the IT security relies on asymmetric cryptography. However, the nature and duration of the risks stemming from the possible advent of the quantum computer depend on the usage of asymmetric cryptography,” the report reads.

Eurosmart’s recommendations went a step further, with the organization suggesting attackers could already try and capture encrypted data from eMRTDs, and keep it until quantum machines are available to decrypt it.

While this may not necessarily pose a security risk for certain types of dynamic, ever-changing data, it could be disastrous for static biometric data, for instance, such as fingerprints and iris patterns.

“For data that remains sensitive for a short timeframe, the consequences are negligible. But when it comes to data whose sensitivity is long-lasting (e.g. medical data, biometric data) it has to be considered as of today,” the researchers write.

Eurosmart also clarified all mechanisms put in place to demonstrate the authenticity of the identity information stored in eMRTDs also rely on asymmetric cryptography, with quantum computing potentially paving the way for new forms of document forgery and identity theft.

To start tackling these issues before they arise, Eurosmart urged the EU and the global eMRTD community to start working on quantum-safe eMRTDs.

“The migration […] will take decades; therefore, it is essential to organize it now. More precisely, there is considerable work to do in the standardization field.”

Article Topics

biometric data  |  biometrics  |  cryptography  |  data protection  |  Eurosmart  |  identity document  |  machine readable travel document  |  post-quantum cryptography  |  quantum computing  |  standards  |  travel documents