Slashdot Mirror

← Back to Stories (view on slashdot.org)

Schneier On Security Weblog

Posted by timothy on from the fresh-jams dept.

Daedala writes "Bruce Schneier now has a weblog that reprints the Crypto-gram newsletter and essays. The information will be posted more often than the once-a-month email. The recent op-ed piece for the International Herald Tribune on RFID passports is scary."

5 comments

  1. Good to See by XsynackX · · Score: 0
    It's good to see more and more people with an increased focus on security and related issues online.

    SecurityFocus.org is always a good site, but having smaller more independant outlets are great, and blogs seem like a great place to get smaller stories across that pass under the radar or larger groups. What do you guys think?

    --
    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-
    I'm not a vegan because I love animals, I'm a vegan because I hate plants!
  2. Schneier is probably overanxious about passports by swillden · · Score: 3, Interesting

    The recent op-ed piece for the International Herald Tribune on RFID passports is scary.

    Maybe, but it's also possible that Schneier has fallen into a common confusion between RFID and contactless smart cards.

    If the administration really is proposing to use RFIDs, then they're being stupid (no shock there). The term RFID is used, by convention, to refer to devices that communicate over RF but are fairly stupid. The most common ones simply spew their recorded information any time they're powered up by an appropriate RF field. This seems to be what Schneier is assuming.

    Contactless smart card chips are ultimately the same technology as a high-end RFID -- a microprocessor chip with a radio transciever, operating on inductively supplied power -- but the design principles and assumptions are radically different. Smart cards have the ability to perform cryptographic operations and to make decisions based on the results of those operations. For an electronic passport the obvious design is to configure the chips to require a cryptographic authentication before they're willing to divulge the data. Of course, only authorized, government-owned and -managed readers should have the keys needed to authenticate to the chips. More precisely, only the back-end servers connected to the authorized devices should have those keys, and they should be secured in tamper-reactive hardware, and in a secure facility.

    Given a system like that, the likelihood of anyone other than an authorized government agent being able to read your passport is next to nil, so put that fear to rest (assuming these aren't really RFIDs and I have seen some indications elsewhere that they're not).

    As far as the other concern goes... it's possible, but easy enough to defeat. Just put your passport in a metallized sleeve.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  3. Re:Schneier is probably overanxious about passport by dago · · Score: 1

    Yeah, but even considering the gouvernments implement such a system, and do so in a totally secure way, this will means that other govt. departments than customs can read your passport.

    Just don't take it to an anti-war demonstration ;)

    BTW, the cops/secret services/... are anyway shooting the demonstrations and other subvsersive activities with plain old cameras. They don't need RFID to do so.

    --
    #include "coucou.h"
  4. Re:Schneier is probably overanxious about passport by syrinje · · Score: 3, Insightful
    I agree that contactless smart cards are more secure than plain old RFID systems (PORS). However, given the usage model for a passport, it is highly unlikely to be a design option for passports.

    A typical passport must be
    a. Writeable and readable by the issuing authority
    b. Readable by the passport scanners of ANY country that the holder cares to travel to (assuming universal deployment of this technology which, admittedly, might be a tad unrealistic today). In any case, it must be readable by say, a dozen or so countries.

    In a typical contactless smart card solution, you would wave the card in the vicinity of a scanner which
    (i) either embeds the required crypto intelligence to talk to the card (issuer entity same as scanner entity)

    or

    (ii) is connected to a backend-crypto server that acts as a clearing house and mutually authenticates a "Card from Issuer A " and a "Scanner from Entity B" so that they can establish a trust relationship on the basis of which to communicate.

    In the case of contactless smart passports, this will require the establishment of a crypto-exchange that allows all member countries' scanners to read passports encrypted by any of the other member countries. Key management, security, key exchange and fault management are horrendously difficult in deployments like this.

    The apparent benefit of "contactlessness" in this situation is far outweighed by its complexity of deployment, cost of management and cumbersomeness of use.

    Ergo, closing the gap to make a passport based on a contact smart chip is a much simpler, robust and viable solution. All that is required is a reality check that recognises the hype of card-waving for what it is.

    --
    See that long UID - that's what you get for lurking too long
  5. Re:Schneier is probably overanxious about passport by swillden · · Score: 1

    In the case of contactless smart passports, this will require the establishment of a crypto-exchange that allows all member countries' scanners to read passports encrypted by any of the other member countries. Key management, security, key exchange and fault management are horrendously difficult in deployments like this.

    No, they're not. There are well-established procedures for carrying out exchanges like this; the financial community does it all the time to establish Zone Master Keys. The US military exchanges keys with allied militaries for COMSEC purposes as well. I don't know for certain but I would also be very surprised if the US doesn't use encrypted communications for its diplomatic communications with many of its allies, which also requires key exchange.

    Key management and key exchange *are* hard problems, but what makes them hard is scale. On a small scale (say, between a couple dozen parties) they are very easy.

    In addition, if it were really a problem, there are contactless smart cards on the market today that have RSA capabilities, so PK technology could be used to make the key management process even simpler.

    The apparent benefit of "contactlessness" in this situation is far outweighed by its complexity of deployment, cost of management and cumbersomeness of use.

    I would agree perhaps, except that I'm of the opinion that the same security should be applied for contact chips, particularly since there's a desire to place more data on the chips than is printed on the paper.

    Ergo, closing the gap to make a passport based on a contact smart chip is a much simpler, robust and viable solution.

    But less reliable and slower. Contact chips do introduce some unreliability that contactless does not. Contact plates get dirty and scratch off, contact readers get filled up with gunk. Not only is waving a card less time-consuming than inserting it but, due to quirks of history in the development of smart card technology, the data transfer rates of contact cards max out at about 115kbps (and in practice it's uncommon to get more than 9.9kbps) whereas contactless cards go up to 800kbps. As the data volume goes up that data rate becomes important.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.