Schneier On Security Weblog

Daedala writes "Bruce Schneier now has a weblog that reprints the Crypto-gram newsletter and essays. The information will be posted more often than the once-a-month email. The recent op-ed piece for the International Herald Tribune on RFID passports is scary."

Re:Schneier is probably overanxious about passport

[syrinje]

I agree that contactless smart cards are more secure than plain old RFID systems (PORS). However, given the usage model for a passport, it is highly unlikely to be a design option for passports.

A typical passport must be
a. Writeable and readable by the issuing authority
b. Readable by the passport scanners of ANY country that the holder cares to travel to (assuming universal deployment of this technology which, admittedly, might be a tad unrealistic today). In any case, it must be readable by say, a dozen or so countries.

In a typical contactless smart card solution, you would wave the card in the vicinity of a scanner which
(i) either embeds the required crypto intelligence to talk to the card (issuer entity same as scanner entity)

or

(ii) is connected to a backend-crypto server that acts as a clearing house and mutually authenticates a "Card from Issuer A " and a "Scanner from Entity B" so that they can establish a trust relationship on the basis of which to communicate.

In the case of contactless smart passports, this will require the establishment of a crypto-exchange that allows all member countries' scanners to read passports encrypted by any of the other member countries. Key management, security, key exchange and fault management are horrendously difficult in deployments like this.

The apparent benefit of "contactlessness" in this situation is far outweighed by its complexity of deployment, cost of management and cumbersomeness of use.

Ergo, closing the gap to make a passport based on a contact smart chip is a much simpler, robust and viable solution. All that is required is a reality check that recognises the hype of card-waving for what it is.