No Encryption For RFID passports

Spy der Mann writes "Despite widespread criticism from security experts, the government is declining to encrypt data on RFID passports. Lee Tien, an attorney at the Electronic Frontier Foundation, said: 'It is my understanding it's possible to read this information from 10 to 30 feet away with the right equipment.' Considering gadgets like the BlueSniper as 'right equipment,' I think he's got a point. Tinfoil covers, anyone?"

Why put ANY data on passports?

[Andy_R]

Even if you accept that RFID should be incorporated in passports (and the concept of terrorists and criminals owning a hand-held US-passport detector should be more than enough reason to realise it's a completely dumb idea), then why on earth should there be any locally stored data?

If the passport held a unique ID number and nothing else, then sensitive data could be stored somewhere safe off-site, rather than in the back pocket of a potential terrorist.

Re:Why put ANY data on passports?

[JRIsidore]

From the technical point of view you are right, storing just a unique ID would be the simplest way. But this does not fit well into the scheme of privacy. With your solution you will have no control about who uses the data belonging to your ID. If you store the data directly in the passport chip you have the full control to either allow or deny someone to read it.

Re:Why put ANY data on passports?

[Wwolmack]

It's an anti-counterfeiting measure.

From TFA:
[the RFID contains] all the information on the data page of the passport, including name, date and place of birth, and a digitized version of the photo passport [passport number, and date/place of issuance]

So thanks to the digital signature (however strong that may be), passport forgers will need to crack the signature to create a passport with matching name, photo, etc. that would pass muster. Its basically adding another layer of difficulty for forgers.

Of course, this still ignores the potential of:
-Skimming via a bluesniper
-Forgers creating fake rfid chips (how hard/far off can it be, now that this will be the primary goal of passport forgers?)

The decision to rely on a digital signature (which is basically crypto!) and not encrypt the data is positively loopy. They haven't even decided what kind of signature it will be, and weakenesses in cryptographic methods are discovered all the time.

Re:Why put ANY data on passports?

[WaterSlapjes]

The reason is quicker transfer of more data (high resolution pictures of your face, biometric information like fingerprints) than can be achieved with the paper version.

It should be noted that it is only the US that does not deploy "basic access control", which effectively locks out RFID readers unless they can optically read the passport (e.g. it is on the scanner).

Europe and Japan are implementing this privacy protection. The irony is that especially for US citizens the threat of identity theft is (still?) much higher then for European and Japanese citizens...

Technically: the access to the data requires successful authentication against a hash of the four lines of data on your passport ("MRZ") and setup of an encrypted tunnel ("secure messaging" in smartcard terminology) before allowing access to the data. Effective strength is about 30-40 bits.

See http://www.icao.int/mrtd/ for more technical information (assumes working knowledge of smartcard protocols and tolerance of government talk).

Better yet

[Creepy+Crawler]

Either remove the RFID bug or fry it with microwaves.

Either way, just guarantee there's nothing to harvest information from.

Still, I fail to understand why anybody would want encryption on it.. Encryption schemes are broken, as are signing algorythims and other complex mathematical constructs. COnsidering how long passports have been around, would you trust your data to DES?

Re:Better yet

[Wwolmack]

From the link in TFA:

Under the proposed rule, a passport that contains a damaged, defective, or otherwise nonfunctioning electronic chip or with observable wear and tear that render it unfit for further use as a travel document may be invalidated by the Department of State.

So without the working RFID, you are at the mercy of the Dept of State.
You also get to apply for a new passport, and boy is that fun (2 hour wait) and cheap ($85/$145 rushed)!

Re:Better yet

[swillden]

would you trust your data to DES?

You do, every day. You trust your money to DES. Ever use an ATM? Your PIN is encrypted with DES. How about a debit card? Same thing. How about on-line payment? While the SSL connection may or may not use DES, the bank-to-bank communications involved in moving the money are protected with DES.

BTW, If you ask your question of a professional cryptographer, the answer will be "Yes". And you won't find a more paranoid group than cryptographers.

Encryption schemes are broken, as are signing algorythims and other complex mathematical constructs.

No, they aren't, really. The prominent, widely-reviewed and time-tested algorithms we use in security applications are very rarely broken, and even when they are (such as the recent break of SHA-1), the breaks are generally theoretical, not practical (as in the case of SHA-1). Frankly, you're looking at the wrong part of the problem -- the ciphers and algorithms are extremely good, the protocols that use them are generally pretty good, the security problems arise from key management and the human interfaces.

Tinfoil automobile...

[advocate_one]

just what you need when driving around town with your new RFID enabled passport... amazing how things just pop up when the topics are appropriate...

Tinfoil cover built in!

[IO+ERROR]

From the article:

The State Department concedes that skimming is a legitimate threat, but says the chips will have a read range of inches, that eavesdropping at border stations would be very conspicuous and that the passports will have a shielding mechanism -- perhaps a foil case or a weave in the cover that will cloak the chip when the passport is closed.

no security better than thinking you've got some

[martin]

Of course should they have encrypted/passwd prototected the security, and then some person cracks that method they'd be in trouble too.

Knowingly having zero security *can* be better than having poor security and thinking it's strong security. eg the early 802.11 standards where security was thought to be good and turned out to be abismal, the css on DVD's etc.

RFID allows facial ID

[SimianOverlord]

According to the wired article: Agents will also be able to use facial identification software to compare the person to the digitized photo, which is not feasible with current passports.

Which is interesting because, according to this the error rate for real time facial recognition: the current error rate is 20% [...] this implies that out of 50,000 match scores there are 1,000 errors.

Enjoy the wait. Remind me how many of the 9/11 hijackers had invalid passports?

Re:no security better than thinking you've got som

[badfish99]

So they're going to use an RFID tag, the whole point of which is that it can be read at a distance, with no contact. And they're going to enclose it in a RF shield, so that it can only be read close-up, with someone to open the shield. And someone thinks that this is a good idea?

Still, two opportunities for profit: the RFID manufacturers and the RF shielding manufacturers can both get their cut.

Encryption would have accomplished nothing...

[anthony_dipierro]

We're talking about RFID here, these things aren't powerful enough to do any processing themselves, you can just read data from them. So if you use encryption, then you've gotta give anyone who needs to read the thing a decryption key - customs agents in every country of the world. It would be a matter of minutes before the decryption key got into the hands of criminals.

Yagi equiped sniper rifle

[Terri416]

Put a nice long Yagi on a sniper rifle and a PDA to control it. Go to a convenient rooftop and survey your choice of targets. Choose a likely one and squeeze lightly .. the Yagi sends an activation pulse to the target's passport and listens for the nationality .. "USA". A second later, one less Merkin.

Your tax dollars at work!

Actually, a hidden roadside bomb is more likely. You can even target on the basis of other data, such as name or religion. Great fun.

I already have my aluminium card holder.

Tinfoil will be illegal

[NoSuchGuy]

Tinfoil covers, anyone?"

Just wait for the law that makes the use of tinfoil illegal.

No tinfoil pockets
No tinfoil lining of jackets
No tinfoil anything

Tinfoil will be listed as a dual use good with special import/export restrictions like a screw driver for atomic bombs.
Before the law, tinfoil and atomic bombs will be treated equal.

Re:no security better than thinking you've got som

[cgenman]

Or they use a mag stripe hooked up to a little chipset, powered by the host machine. I mean really, you're getting stopped by border patrol. Is it really that much extra effort to physically touch your passport to a machine, when you're likely to be sitting in customs for an hour and a half anyway?

It sounds to me like someone got lobbied.

Re:no security better than thinking you've got som

[Sylver+Dragon]

Better yet, if they really want to store data, without broadcasting, and no need for a battery, use a contact smart-card. Those little guys can store all the data you would need for a photo, plus a few lines of text, and a signature of some sort. And, the only way you can read it, is by placing the chip physically in a reader. the only drawback I see with it, is that the contacts may wear out over time. Honestly, I'm not sure how many reads one can get before they wear down, but I do know that its a rather large number.
If anything, this is just irresponsibility from the governemnt at its finest. Putting unencrypted data on a device that can be queried from a distance is unbelievably stupid. And I don't see how this is going to help security in the long run. Anybody can buy RFID smart cards. All a "terrorist" would have to do is pose as a security company, and buy the cards, in bulk, from a supplier. Figure out the algorithim to make a correct digital signature, and then start printing their own cards. Embed them is a halfway convincing passport (no longer even needs to hold up to close visual inspection), and viola! instant "Get into the US free" card.
It never ceases to amaze me, the government is spending all of its effort running around trying to convince people to "fear the terrorist", but in the end, they are just making it easier for them to get in. I guess this "War on Terror" is little more than a thinly vield effort to erode civil rights. Its the perfect scam really, pretend to be doing everything to make people safer, while, in reality you relax security. More terrorist style attacks get through, and people get more scared. They then will be willing to give up even more liberty for security. Wash, rinse, repeat. In a few short years, you have the people willing to put up with anything, so long as it makes thing think that they will be safer. Machiavelli would be proud.

Re:Full Control

[JRIsidore]

Duh... there are some security concepts that require the reading machine to have visible access to your passport. Before any personal data is exchanged the reader has to authenticate itself by sending the RFID chip a secret key that is imprinted inside the passport. So without making an image of the passport or reading a barcode etc. the reader is unable to retrieve any data.