17 Pages Posted: 20 Jul 2007
Date Written: July 19, 2007
In this paper, we discuss a number of existing problems with the airport transportation security system in the United States. We discuss two separate, yet equally important issues: The ease with which a passenger can fly without any identification documents at all and the ease with which print-at-home boarding passes can be modified, tampered with, and faked. The significance of these vulnerabilities becomes clear when viewed in light of the US government's insistence on maintaining passenger watch lists, whose contents are secret and effectiveness depend upon the government being able to verify the identity of each flying passenger. We then introduce a method of determining if any particular name is on the no fly list, without ever having to step foot into an airport. We introduce a physical denial of service attack against the Transportation Security Administration (TSA) checkpoints at airports, distributed via an Internet virus. Finally, we propose technical solutions to the user modifiable boarding pass problem, which also neutralize the physical denial of service attack. The solutions have the added benefit of meshing with TSA's publicly stated wish to assume responsibility for verifying passengers names against the watch lists, as well as enabling them to collect and store real time data on passengers as they pass through checkpoints, something they are not able to do under the existing system.
Keywords: airport security, identity, transportation security administration
Suggested Citation: Suggested Citation
Soghoian, Christopher, Insecure Flight: Broken Boarding Passes and Ineffective Terrorist Watch Lists (July 19, 2007). Available at SSRN: https://ssrn.com/abstract=1001675 or http://dx.doi.org/10.2139/ssrn.1001675