U.S. Driver s Licenses: Addressing the Potential Vulnerabilities

Transcription

1 U.S. Driver s Licenses: Addressing the Potential Vulnerabilities A 3M White Paper Marty Kenner, Bruce Wilson, Steve Rhyner 3M Security Systems Division St. Paul, MN bbwilson@mmm.com sjrhyner@mmm.com

2 Table of Contents Abstract... 1 Introduction: Addressing the Potential Vulnerabilities of U.S. Driver s Licenses Results: Analysis of Counterfeit U.S. Driver s Licenses Holographic Optically Variable Device... 4 UV Fluorescent Printing Assessment of Counterfeit Security Feature Penetration Conclusions... 8 References... 8

3 Abstract Identifying the physical security vulnerabilities in ID cards and driver s licenses is becoming increasingly important, especially in the United States where driver s licenses not only serve to certify driving privileges but also entitle the holders to access services or locations, travel domestically, and use it as breeder documents for passports. Sophisticated counterfeiting of U.S. driver s licenses is on the rise, with The Washington Post recently reporting on the proliferation of fake IDs being generated out of China ( Latest Counterfeit IDs so good they re dangerous, The Washington Post, July 30, 2011). Three commonly relied upon security features will be discussed with counterfeit examples. This paper will also compare readily available security information with data from counterfeits that demonstrate the potential vulnerabilities of U.S. driver s licenses. Introduction: Addressing the Potential Vulnerabilities of U.S. Driver s Licenses A United States Driver s License (DL) is primarily used to authenticate the privilege of legally operating a motor vehicle. Over time, the function of this document has evolved into a primary identity device for both personal and governmental purposes. Today the value of the physical characteristics within the license has increased significantly, as well, due to their heavy reliance for identity authentication. In the United States, the federal government does not issue a national driver s license or identification card (ID). Each state (including the District of Columbia for purposes of this paper) controls issuance for its residents, has its own driving rules, and its own regulations; however, the recipient may then drive a vehicle or use as a form of identification in any of the other states once a valid DL is obtained. In 2005, the REAL ID Act was passed by Congress in an attempt to create minimum federal performance standards although the final security level of the driver s license is still determined by the individual states. 1 Once the security features are selected and implemented, it is imperative for the issuing state to communicate genuine security features to the other states in order to help identify fraudulent documents. Physical security features are commonly published in the I.D. Checking Guide annually in February and used for reference and training wherever verifying identification is important. 2 Examples of potential locations that may use such a guide include: law enforcement, bars, liquor stores, retail sales, government services, financial institutions, healthcare facilities, and transportation providers. It is recognized that a comprehensive list of security features intentionally may not be incorporated into the I.D. Checking Guide. Additional authentication methods, for example forensic features, may be present beyond what is in the guide. These may be made available to authorized organizations when identification is verified. 1

4 Security features can be separated into different types. Level 1 is a designation for visual or tactile features which can be identified without use of a tool. This can also be described as an overt security feature. Level 2 is a feature that requires a simple tool such as a flash light, a 10X magnification loop, ultraviolet (UV) source, etc. to inspect the document for the security feature. Portability of the inspecting tool is a key discerning factor. Level 3 features, also referred to as forensic, require the use of a sophisticated analytical device such as a high-magnification optical or electron microscope, Fourier Transform Infrared spectrometer, fluorometer, etc. Historically, altered DLs had been typically used to obtain alcohol by minors. Relatively simple modifications to existing documents were made and covered by ubiquitous clear lamination films. With time, the complexity of valid driver s license printing and protective films, e.g. holograms, increased in an attempt to thwart illegal activity from the casual perpetrator. More recently, sophisticated counterfeiting of U.S. driver s licenses is on the rise as exemplified in The Washington Post reporting on the proliferation of fake IDs being generated out of China ( Latest Counterfeit IDs so good they re dangerous, The Washington Post, July 30, 2011) which bases the article on the death of a motorcyclist due to a fraudulent South Carolina driver s license. This article also highlights that IDs have appeared from various states believed to be sourced from a single Chinese company. Despite efforts after September 11, 2001 events, progress to improve DL security on the physical driver s license and issuance systems has been slow. This is largely due to the concerns of state s rights versus providing for the common national defense. It is recognized in the industry that no document is 100% secure and that a proactive approach to stay ahead of the targeted criminal activity is imperative. This security is then enhanced by two common strategies: 1) use of layered security features and 2) replacement of security features as they become obsolete or compromised. Layering of security features involves the use of multiple features for authentication. Each feature on its own may not represent significant difficulty for alteration or counterfeiting; however, the need to defeat several security features on a single document requires a sophistication as to each of the technologies employed and know-how to integrate them into a document. Common security features used in the DLs include: Holographic, Optically Variable Devices, Ghost Image, Microprinting, and UV fluorescent printing. The lifetime of any security feature has limitations. Experts in the field have stated Anything that man can make, man can copy. Eventually, even sophisticated security features will be reverse-engineered to produce counterfeit, altered, or forged licenses. The security materials industry refers to this targeting as an attack on a document. It is essential for maintaining the authenticity of a document to monitor the progress of the attacks and to replace or add alternate features when necessary. As indicated in the title, counterfeit documents are the primary focus of the work that follows. Counterfeiters often target the simplest construction based on the value (actual or perceived) of the security document for use in locations that are not necessarily within the issuing state. This paper will compare readily available security feature information from the 2011 I.D. Checking Guide with several confiscated DLs provided legally to 3M from law enforcement agencies. These counterfeits exemplify the potential vulnerabilities of DLs in the United States to counterfeit attack. 2

5 Results: Analysis of Counterfeit U.S. Driver s Licenses 3M has been provided numerous confiscated United Stated DLs from different states. In this analysis, three specific security features layered in the documents are the subject of the discussion: 1) Holographic, 2) Optically Variable Device, e.g. ink, and 3) UV Fluorescent print. 1) Holographic As described above, it is a significant challenge to authenticate security features based solely on a written description without the genuine document available for comparison or appropriate authentication equipment. Holographic components, also known as Diffractive Optically Variable Image Devices (DOVIDs), are a very common security feature in the retail and ID sectors. DOVIDs can be defined simply as an image that changes shape or rainbow-like color when viewed from different angles. In practice, the complexity of such security features has advanced to such a high level that a significant amount of time and/or forensic equipment may be required to detect counterfeits. Figure 1 shows two examples of counterfeit holograms that match the I.D. Checking Guide description. Ascertaining the authenticity of a DOVID requires a Level 3 examination of the document and either possessing specific knowledge of the security feature response or having an original for comparison. Specifically, authenticating a DL holographic feature involves observing the DOVID color response from specular light illumination at a controlled angle while rotating the document in question under high magnification. Figure 1. Counterfeit Hologram Examples The confiscated counterfeit DLs contained DOVID gratings that consisted of a singular color (grating) portions that are rotated to produce rainbow-like response when viewed in diffuse light, common to a normal lighting environment. Hence, they are not normally discernable from the genuine without use of a controlled lighting environment combined with direct comparison to an original document. This level of sophistication is easily beyond the threshold of good enough to pass cursory inspection. 3

6 2) Optically Variable Device Color shifting ink or print is another example of a common security feature categorized as an Optically Variable Device (OVD). The OVD ink changes to/from a specific color when tilted. This achieves a security feature that is easy to detect but, unfortunately, one that is also easy to duplicate/simulate. Figure 2 below is an example of the counterfeit Optically Variable Ink. Commercially-available paints, either specific color change or mixtures, may be used to simulate such an effect that, again, may appear good enough if a genuine document is not available. Figure 2. Counterfeit OVD Examples 3) UV Fluorescent Printing Authentication of UV fluorescent print exhibits similar challenges as holograms in that it is primarily the presence of the ink that determines acceptance. Figure 3 shows examples of counterfeit UV fluorescent print of two common colors. The quality of this printing varies significantly across the samples obtained. Again, it is a significant challenge to identify a counterfeit visually without the genuine document in-hand. Figure 3. Counterfeit UV Fluorescent Print Examples 4

7 Assessment of Counterfeit Security Feature Penetration Counterfeit DLs from several U.S. states have been analyzed at 3M using various analytical techniques to assess Level 1, Level 2, and Level 3 security features. These techniques are the same or similar to the practices employed at the federal government level. In general, the qualitative assessment of these counterfeit DLs ranged from apparent good enough to surprisingly very high quality possibly genuine. Obviously, there must have been something either in the physical document or the person that triggered suspicion because these counterfeit DLs were confiscated. Genuine DLs were not used in all cases for direct comparison during this assessment in order to mimic a typical visual verification scenario as described above. In order to assess the potential extent of counterfeit security feature penetration, the primary security features listed in the I.D. Checking Guide from each state were summarized. One of the challenges encountered during this exercise was the lack of consistent use of feature terminology (either intentional or unintentional). In certain instances, a judgment was made to assign the validation description into one of the categories given in Figure 4. Some security features, such as signature over photo, barcodes/magnetic stripe, and multiple examples of the same feature were not included in this analysis which focused on counterfeit capabilities. The number of states containing the specific security feature is also indicated. UV Text/Graphic, Ghost Image, Microprinting, Holographic, and OVD are the most prevalent features in the United States DLs. All the states that were counterfeited and analyzed contained at least three of the five most common security features. The counterfeit documents for two of the states contained all five common security features so it is reasonable to assume that any state DL that relies primarily on these security features is at risk of attack. Rainbow Printing, 3 Laser Engraving, 4 Virtual Image, 3 UV Personalized, 5 Raised Print, 2 Laser Perforation, 6 UV Ghost Image, 8 Fine Line Background, 10 UV Text/Graphic, 45 OVD, 18 Ghost Image, 41 Holographic, 30 Microprinting, 39 Source: Analysis of I.D. Checking Guide 2011 Figure 4. Number of States Containing Specific Security Feature 5

8 As shown in Figure 4, multiple security feature options are available for incorporation into a security document and used within the United States. Again, it is recognized that the data represents an attempt to summarize the I.D. Checking Guide descriptions into common physical security feature categories which may not be comprehensive. The large number and diversity of security features also creates a significant challenge for correct authentication/identity verification. The number of variations contained in the valid security feature portfolio means a security person at an access point must be fluent in authenticating the complete United States DL library. The number of valid security features enters into the hundreds at this time. This places an immense burden on the inspecting agent to identify any irregularities of these Level 1or Level 2 features. This also dictates a high level of expertise on the past and current issuances of the DLs in circulation. Previous to 2011, South Carolina had listed one primary security feature, holographic overlay, and it was this state that was mentioned in The Washington Post article but it is not known which generation of DL was counterfeited. It should also be noted that South Carolina added significantly more security features to its current license. This highlights the possible confusion caused by multiple valid DLs from a given issuing state. The majority of states currently have between three and six listed security features which encompass forty-eight states (see Figure 5). The highest number of security features listed was seven for Illinois; however the number of security features does not necessarily equate to added security as exemplified by the list of available counterfeit documents shown below Number of States Number of Listed Security Features Source: Analysis of I.D. Checking Guide 2011 Figure 5. Number of Listed Security Features in State DLs 6

9 Counterfeit IDs (sometimes marketed as novelty or fake cards) obtained through various websites provide easily-obtainable security documents that may appear good enough to pass Level 1 and sometimes Level 2 inspection. Mentioned above, the I.D. Checking Guide only displays an image of the DL - front side under visible lighting conditions and describes the various security features. In this case, just the presence (not quality) of such a security feature may be sufficient for it to be considered genuine by the unskilled verifier. Even with that non-specific information, internet sites do exist that review the quality of the counterfeit IDs and provide guidance on how and where to purchase high quality fraudulent documents. Often times, the review websites warn that counterfeit DL providers within the United States provide poor quality documents and that websites that accept credit card payments may be a scam. Therefore, the majority of counterfeit suppliers appear to be located outside the United States and also openly advertise that they operate outside the United States legal system. Multiple counterfeit websites indicate that novelty IDs are available for all states, including the District of Columbia. In some instances, the DL is visibly labeled as a novelty. In other instances, the novelty aspect is less obvious, for example by embedding novelty information in the magnetic stripe. One particular high quality counterfeit ID website, with product believed to have penetrated the United States, offers driver s licenses from eighteen states. Interestingly, all of these states include one or more of the counterfeit security features mentioned previously: hologram, OVD, or UV print. However, the apparent capability to counterfeit is not limited to just these three security features because the offering list consists of states that incorporate from three to seven different security technologies. As mentioned above, the total number of security features does not appear to act as a criminal deterrent based on the available counterfeit documents. Unfortunately it is not legal to simply order counterfeit DLs for the purposes of assessing the quality of such documents since genuine DLs are under the control of each state. The analyzed counterfeit United States DLs unequivocally demonstrate a significant capability to produce sophisticated counterfeits containing UV fluorescent, Ghost image, Microprinting, Holographic, and OVD features and the significance of this observation should be investigated further within each state. Individual states would need to be engaged in order to evaluate specific counterfeiting techniques and identify specific solutions to combat such fraudulent methods. 7

10 Conclusions The growing number of sophisticated counterfeit United States DLs entering the U.S. poses an eminent risk to national security. Organizations outside the United States have openly marketed fraudulent documents and demonstrated the means by which to distribute them. As the quality of these fraudulent documents improves even further, distinguishing a counterfeit from a genuine, especially involving holographic, color shifting ink, UV print and other security print features (not described here), will become significantly more challenging. State DLs relying primarily on these features, which includes a vast majority, are particularly vulnerable to fraudulent attack. The presence of sophisticated layered counterfeits in the United States DL system that broadly pass Level 1 and 2 inspections by authorities is clear evidence that the current primary security features (DOVID, OVD, and UV) have been compromised. New, easy to authenticate, secure materials, integrated security designs, and authentication systems are required in order to minimize the impact of the growing counterfeit market. References 1) 2) I.D. Checking Guide 2011 by Drivers License Guide Company (Redwood City, CA) 8