The e-passport market is poised to grow by USD 12.09 billion during 2023-2026, accelerating at a CAGR of 11.7% during the forecast period. The increasing number of air passengers is notably driving the e-passport market growth.
The market is expected to be driven by the rise in the use of advanced verification methods and devices to detect identity fraud, the presence of advanced airport infrastructure and facilities, the growth in the number of people travelling to cross-border destinations, and the increasing adoption of e-passport solutions by developing nations.
The APAC region is poised to contribute significantly to the growth of the e-passport market, accounting for 36% of the market’s growth during the forecast period. China, in particular, is a key player in this market. Notably, the e-passport market in APAC is expected to grow at a faster rate than in other regions, driven by the rising number of air passengers in the area.
In March 2023, Singapore Airlines (SIA) and its subsidiary, Scoot, witnessed a remarkable surge in passenger numbers, carrying a combined total of 2.7 million passengers. This represents a month-over-month increase of 14.1% and is three times the number of passengers carried in March 2022. Scoot’s passenger count soared to approximately 947,600, marking an incredible 638.6% rise from March of the previous year. Meanwhile, SIA carried roughly 1,773,900 passengers in March, reflecting a year-over-year increase of 132%.
The group’s passenger capacity in March was 10.9% higher than in February 2023 and reached 79% of pre-Covid-19 levels in January 2020. Therefore, governments across the Asia Pacific are actively working on enhancing their passport technology and services due to the increased demand for international travel and the mounting concerns over border security.
This demand for air travel has prompted governments across APAC to prioritize improving their passport services to have better travel experiences and border security.
Hamad International Airport (HIA) announced in February 2023 that it had served over 58 million international passengers in 2022. London Stansted Airport has invested £260 million in its airport including its security area for the use of smarter scanning technology to minimize passengers’ waiting time.
The most dominant vendors for e-passports are Semlex Group, De La Rue Plc, IDEMIA France SAS, Thales Group, and Infineon Technologies AG.
The International Civil Aviation Organization, a specialized UN agency, regulates the e-passport market by mandating and enforcing international civil aviation standards and recommended practices and policies. The agency prioritizes efficiency, safety, security, environmental responsibility, and economic stability within the civil aviation sector, and its policies have significantly influenced the e-passport market and have shaped how Semlex has developed its products.
As of now, 193 member countries follow ICAO policies in their domestic civil aviation operations and regulations, and both governments and Semlex are collaborating to ensure that these standards are met to align with global aviation practices.
Despite the positive outlook for the e-passport market, a significant challenge to its growth is the threat of brute force attacks. While communication between the e-passport and the reading device can be encrypted using a session key, a hacker can still use different combinations of parameters such as passport number, expiry date, and birth date to guess the session key. Furthermore, a hacker can obtain passport-related information by hacking into other platforms such as international databases of hotels, airlines, and other platforms that require passport details.
As e-passports become more widely adopted, governments around the world will continue to face major concerns over the threat of brute force attacks. It is crucial to implement effective security measures to safeguard personal information and prevent unauthorized access to sensitive data.
This is one of several reasons why Semlex uses EAC (extended access control) which is a security mechanism used to protect biometric data such as fingerprints and iris scans. EAC restricts access to this data to the issuing country and countries that have been authorized by the issuing country.
EAC uses a chip-dedicated asymmetric key pair and uses elliptic curve cryptography. The public key is digitally signed by the issuing country, while the microprocessor contains the corresponding private section, which is designed to be unreadable.
The chip authentication process allows the terminal to verify that the chip contains the private section of the key, making it difficult to clone the ePassport.
According to Semlex Group, to clone an ePassport, an attacker would need to compute the microprocessor’s private key, which is a computationally intensive task. This is known as the Discrete Logarithm Problem and requires huge computational resources even for practical key sizes.
For example, a brute-force attack on a 1024-bit DH public key would require 2^73 operations, while a 256-bit ECDH public key would require 2^128 operations. These calculations would need to be performed over several decades using a large-scale computer network, which far exceeds what’s practically possible.
Semlex uses EAC advanced cryptography and key authentication mechanisms that make it extremely difficult to clone an ePassport. The huge computational resources required to break the system make cloning practically infeasible.