Security Rules Slow TWIC

Data security challenges lead to delays in the implementation of the Transportation Workers Identification Credential

By Amy Zuckerman

Getting the encryption right so a terrorist can't steal a biometrics-laden identification card and impersonate Tommy Trucker is delaying implementation of the 4-year-old Transportation Workers Identification Credential program.

TWIC's mission is to provide security clearance for anyone with regular access to the nation's ports. The aim is to be able to use the same ID card at maritime ports, airports and other facilities nationwide.

Officials want to make TWIC a "contactless" system, meaning no card-swiping would be involved. Instead, as a truck driver approaches the port entrance, a remote "reader" would obtain information wirelessly from the card, much as truckers use transponders to bypass weigh stations. It should speed up the clearance process for ports; and besides, some doubt contact readers - a grocery checkout terminal is an example - would last long when exposed to seaside air.

Experts say risk is involved unless security of the data - personal information and biometric, or human body, identification characteristics - can be secured against eavesdroppers who may try to intercept the short-range radio signals. Achieving security has slowed the program's progress.

Driver enrollment also has been held up by testing of the electronic network, which is to collect and store the data embedded in the ID card so the information can be shared with federal agencies, said Darrin Kayser, a spokesman for the Transportation Security Administration, which administers TWIC for the Department of Homeland Security. The system also must be able to import information from nongovernmental sources.

TWIC's pilot phase identified problems with data-transfer security, and Lockheed Martin Corp., the primary contractor for the network and TWIC enrollment, is addressing them, said Maurine Fanguy, TWIC program director.

Contributing to the delay, technology that would read card data and match the information with a database also is not ready. However, Kayser and Fanguy said TSA hopes to start TWIC enrollment sometime next fall, with or without the reader technology resolved. Enrollment is expected to take several years.

Lockheed Martin officials would not comment for this article. Marrying wireless access control with a high level of encryption presents significant challenges, said Terry Boult, professor of innovation and security at the University of Colorado at Colorado Springs. He is also chief executive officer of Securics, a biometrics company not involved in developing TWIC.

"Going for contactless transmission may be slowing down the rollout, but it will be faster when the system is actually up and running," Boult said. The encryption needs to be strong enough to protect the identity of the trucker, in case the card is stolen, and it cannot be susceptible to eavesdropping during transfer. Boult said that's tricky to do.

The cards in development under the federal contract won't be mere pieces of plastic with magnetic strips. They are to have an integrated circuit on a microchip that stores data about the individual and his or her biometrics - in this case, 10 fingerprints. "There will be a magnetic strip for activation [for use in a contact reader], a person's photograph, plus holograms embedded so the card can't be duplicated," TSA's Kayser said.

The "10 print" - the biometric representation of all 10 fingers - is embedded into the card and is not an image on top of it. Details of the fingerprints are converted into numbers that are stored on the card and in a government database. The reader facilitates a match between the digitized data sets through a coded transmission.

Adequate contactless technology already exists, according to a number of manufacturers, but government officials concerned with data privacy called on the National Institute for Standards and Technology to publish a new encryption standard for ID cards in March 2006. The result was a federal information-processing standard, FIPS-201.

Although the standard promises yet another level of data security, some experts in the field claim that no readers on the market today can handle all the new specifications, and the devices that are compatible can't process all functions mandated under the TWIC program.

"The cards will work with some existing readers but not in a FIPS-201-compliant way," Boult said. The question is whether the data would be protected if read by older-generation readers.

Some reader manufacturers insist that the pre-FIPS standards were good enough for the new demands.

Roy Bordes, principal of the Bordes Group in Orlando, Fla., which specializes in access control technology, likens the new standard to reinventing the wheel. "It's the encryption chip that sets FIPS-201 apart," he said. "The minute the government mandated FIPS-201, it made all the previous technology for access obsolete."

To complicate matters, the card being developed for TWIC has to do more than comply with the new standard. In January, Congress ordered changes in processing immigration IDs and visas.

"These have to be integrated into the card technology, as well," Kayser said.

Then there's the issue of interoperability: Can the driver use the same card at any TWIC site across the United States? American Trucking Associations considers the single ID card to be essential to the program's success, said Martin Rojas, who handles border and security policy for ATA.

Multiple reader devices would not be desirable, either.

The contactless approach to card screening means the reader has to interpret both the encryption key and the human biometrics, said a technology expert who requested anonymity because his company could be a contender for TWIC contracts. Otherwise, there would have to be two readers at each station - one for the data identification and the other for the biometrics.

The new standards are keeping companies such as HID Corp., Irvine, Calif., a major manufacturer of readers, out of the TWIC pursuit for now.

Nathan Cummings, a technology expert for HID, questions whether FIPS-based products actually will function the way the government envisions and whether the new standards are appropriate for both the biometrics and the required level of encryption.

Cummings said he knew of at least one manufacturer - Sagem Defense Security, a French access-control vendor - working on a product that could match most FIPS 201 requirements.

"They're ahead of the game, because they are building to the biometric side and have the [radio frequency] interface, and both sides are needed to meet the specs for TWIC," he said.

Boult said only a few vendors have integrated biometrics with state-of-the-art readers. "This will provide market pressure for them to do so." He defends the government's decision to promote super-tight encryption.

"Consider the impact of identity theft, if it includes your fingerprints. Unlike your credit card, you cannot put a freeze on your biometrics or cancel them and issue new ones," he said.

"Vendors who sell the hardware may not care, and many have claimed the existing standards are sufficient," Boult said, "but many government and civilian tests have shown otherwise."

TSA's Fanguy would not comment on the capabilities of any reader devices because "the government is not selecting the reader technology." She said reader selection is the decision of port authorities. "We want multiple vendors' technology to be available, so the card can be read in multiple ways."

In the meantime, TWIC cards could be used as traditional visual IDs, Fanguy said, and the Coast Guard is to provide "roving teams to conduct random spot-checks" of the cards.

Amy Zuckerman, a freelance writer, has extensive experience covering technology and communications issues.

To read more stories, see the latest issue of Light & Medium Truck. Subscribe today!