TSA to Test Encrypted Flight Boarding Passes
 

http://www.usatoday.com/travel/fligh...boarding_N.htm

More wasted tax payers money by the TSA. Why bother to forge a boarding pass when it is so easy to get one by buying an airline ticket.:rolleyes::rolleyes::rolleyes:

Because the airline won't sell you one if you're on the no-fly list, and if you're on the selectee list, you'll get the magic SSSS tag on it, which will make it that much harder to get into the secure area with Bad Things(TM).

If you're going to have a no-fly/selectee list, then you have to have boarding passes which (mostly) can't be forged, and a way to verify that the person carrying the boarding pass is, in fact, the person named on the boarding pass. TSA has (essentially) done the latter already by (almost) requiring passengers to present an identity card at the checkpoint.

Again, this assumes that the no-fly/SSSS list makes sense ... which is a topic for another thread ...

Hmm. Not happy about this. Using alternatively produced BP's is a perfectly legitimate way to avoid the hassles of SSSS. THis will just make it harder for those of us who don't want to face such harassment multiple times a week to get from A to B in a timely manner. :td:

And how much is this costing? And how much further back has this put buying some new x-ray equipment on the back burner?

The problem I see is that this is going to be seen as such a fun challenge to hackers and crackers that an actual boarding pass generator program will be created and passed around in no time. A small amount of known data being encrypted with constant keys with loads of samples available is a small task to crack in today's world.

To make this pretty much secure you need:
- Passes checked against airlines' systems in real-time.
- Encryption keys updated often (weekly or sooner).
- Use stronger encryption or encrypt lots of extra "junk" data. This is probably not possible while keeping the decryption time low and the barcode within the size requirements.

And there is always the possibility of something like the TSA's copy of all the airline keys getting loose some day.

Perhaps TSA needs to expand into the boarding pass issuance business too. While they are at it, they could also create a separate checkpoint for checked bags also and do away with the need for check in agents employed by the airlines.

Anyone out to do no good is going to buy a ticket with cash or a fraudulently obtained credit card and will have an ID with fraudulent information, whether it be a DL or passport issued with the help of a foreign government. The BP, of course, will match the name on the ID.

Why hassle those who have no ill-intent when a "bad guy" is going to sail on through the ID check and probably the security checkpoint, too, if he has even half of a good brain?

How will this affect gate passes and people just going through security to go to elite lounges?

TSA has already been doing tests at LAX T4.

When I went through in December, they were scanning the boarding passes of all travelers. Have also heard it was being done at ORD T3 (AA) - but I have not been through that checkpoint lately.

At LAX T4, it resulted in long, slow moving lines. Not sure if they're still doing this. BP scanner was built into the TDC podium.

SDF_Traveler

Wirelessly posted (BlackBerry8830/4.2.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/105)

What's next? Make every passenger buy a TSA-approved PDA? Betcha' the airlines will start charging extra for paper BPs - even ones you print at home. Besides, I don't trust the TSA for a nanosecond to read ONLY the BP barcode off my PDA.

not only that but what about folks whose portable device cannot handle the "new system"

today: the tsa is pleased to announce...... it will be implemented on a trial basis.......

6 months from now: based on the test results, the tsa will be implementing this on a nationwide basis......

4 weeks later: the tsa is discontinuing this process for security reasons*.....

*translation: we effed up and it doesn't work

Precisely. Although that degenerate monkey, Bush had us believe that there were thousands of sleeper agents out there testing the system day in and day out, the fact is that the ONLY people printing inconclusively authentic BPs are those that travel frequently, know they are going to get SSSS'd due to a sudden change in plans (or other understood reason) and just want to get through the airport as quickly as possible. It happens hundreds of times a day, it's perfectly legitimate, it doesn't hurt anyone, and the TSA needs to knock this ridiculous idea of implementing encrypted BPs in the bud ASAP. There's far more important things to spend the time and money on.

Well yes, but honestly Goalie, iphones really need to become mandatory. In fact, this should be part of the stimulus package - that would certainly get the country back on it's feet again (but unfortunately help the TSA with this ridiculous idea they just pulled out of their back pocket).

Lufthansa and I believe Air France are offering this as an option in Europe right now. In theory, you pass the PDA over the bar code reader and it beeps you in instead of handing the gate agent the boarding pass/ID. I don't know if they also check IDs at the gate for people using this.

In these cases, however, the airlines are behind it, not the German or French security forces. I think it is fine if the airlines want to implement the system, but since I don't have a PDA, I guess I'm stuck getting my boarding passes from the machine.

This isn't new. The electronic check-in options offered by many carriers at several airports already do this. You get the 2D barcode image and they scan it at the checkpoint and again at the gate. I used it this past weekend at IAH and AUS.

The barcode data is signed with the airline's private key. Yes, it could be hacked eventually, depending on the amount of data out there, but it isn't trivial.

It will defeat folks from printing their own BPs at home and changing the date/name/city. But that still doesn't provide actual security. :eek:

And in the USA the airlines are the ones driving it, IMO. They want to provide the option to their customers and that means pushing the TSA to allow it. The TSA is trying to spin it as good for security and as them doing something proactive, neither of which is true. But the USAToday was willing to print the article. :rolleyes: