Slashdot Mirror
Fatal Flaw Weakens RFID Passports
fmwap writes "Wired news is reporting on new measures being taken to ensure RFID in US passports are not traceable. Encryption will be implemented via a key printed on the passport, which will be read by an optical scanner. The problem is the RFID serial number used for collisions will not be encrypted as is required for communication, thus still allowing tracking." We've previously reported on the decision to chip U.S. passports. From the article: "To its credit, the State Department listened to the criticism. As a result, RFID passports will now include a thin radio shield in their covers, protecting the chips when the passports are closed. Although some have derided this as a tinfoil hat for passports, the fact is the measure will prevent the documents from being snooped when closed." Update: 11/04 16:08 GMT by Z : Edited for accuracy.
So its time to Microwave your new Passport for a few seconds to cook the RFID device, right?
--We don't NEED no stinkin' sig!
RFID chips, including the ones specified for U.S. passports, can still be uniquely identified by their radio behavior. Specifically, these chips have a unique identification number used for collision avoidance. It's how the chips avoid communications problems if you put a bagful of them next to a reader. This is something buried deep within the chip, and has nothing to do with the data or application on the chip.
Ok, so it has a unique ID on it but it doesn't appear that the ID is tied to you or the data. FUD?
I'm glad you put that at the end of your post to highlight the stupid bumper sticker half-assed arguments that are used to shut critics up and to push through agendas.
FTFA:It made a mistake designing this behind closed doors. There needs to be some pretty serious quality assurance and testing before deploying this system, and this includes careful security evaluations by independent security experts. Right now the State Department has no intention of doing that; it's already committed to a scheme before knowing if it even works or if it protects privacy.
They'll implement this shit, our privacy and rights will be reduced another notch, and the bad guys will have yet another avenue to attack us.
Evil people don't think they're evil. - George Lucas, Making of Ep III
The interesting question is : Will my passport still work if I put it on top of my microwave oven and under my cell phone ? Are these residual radiations enough to get it fried ? I hope this has been carefully studied, but from what I have read/heard in the past, RFID main target was the low-cost and short lifespan labelling market. Can it last the ten years of validity of my passport ?
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
Why not just make a container for the passport - like a cigarette holder - but lighter, which does not allow reading the RFID chip at all from any distance?
From the summary:
The passports will also include a 'Tin Hat' that limits the RFID signal to only a few inches, but a demonstration has been made that using specialized hardware, the signal can be intercepted from up to 69 feet.
The poster apparently did not carefully RTFA (skipped page 2, is my guess). The 69-foot detection range does not apply to the RFID chips in this case, because of that 'Tin Hat' (the passport is radio-shielded when closed); Schneier was referring to RFID chips in general when he brought that statistic up, not this particular instance. Arguably (if you're going to put RFID chips in passports) this is one of the few things that they've actually fixed.
(I personally think that the whole thing is a bad idea...but let's attack the system on its demerits, not on no-longer-relevant bugs.)
As a Canadian fed agent, I emphasise with our US neighbours in their attempts to improve the security on the passports. It's a challenge to make passports secure, even with the best of technology. Canadian passports are one of the most forged in the world, and the safest to use from a suspicion point of view. With over 10% of our population landed immigrants, and a huge multicultural population, we represent one of the most diverse cultures in the world.
I'm sure they could devise an XYZ technology for their password and someone would either crack, track, or spoof it.
Something is better than nothing.
Management is doing things right; leadership is doing the right things. - Peter F. Drucker
As someone else pointed out, many countries make you show your passport as identification.
It's time someone make a passport "book cover" that covered the inside-covers with a transparent faraday cage. Think clear plastic with thin closely-spaced wires.
Or, if that doesn't work, a "book cover" that includes a probably-battery-powered jammer that jams any attempt to read it.
Of course you'd remove your passport from this at points of entry and for other official purposes, but when a private merchant asks to see your passport as ID, he won't be able to scan it, leaving him with a business decision: rely on the visible passport, or ask you to shop elsewhere. More importantly, the hopefully-rare-but-I-don't-want-to-meet-him id-theiving-store-clerk won't be able to scan it.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
My mom used to work at the welfare office for the Cabrini Green projects in Chicago. She used to listen to some of her fellow workers sitting at screens, data mining the client's records for people who weren't at home during working hours. They were using the information to rob the empty homes during lunch hours. True story.
Technology gives bad people with power ever more ways of fucking you over. If they DON'T need the tool, don't give it to them. We didn't need RFID passports before, and we don't need them now. Misdirection is afoot. What ELSE are they adding to the passports besides RFID? Get that question answered, and you'll know how they are fucking us in brand new ways.
When a corporation or a government (in the U.S., indistiguishable now) wants a new way to track people, it's never for the citizens' good, but for their own. Acquiesence to tyranny happens a tiny bit at a time. In twenty years, a whole generation of the world's people will have grown up in a virtual prison, and won't even notice.
Under US pressure and the general terrorism FUD the German government decided to introduce new passport documents with RFID starting from Nov 1st 2005. I got me an old one without RFID that will be valid until 2015 and every day I am more sure I did the right thing.
On se Internetz nobody noes your German.
I don't think the handling speed is, or has ever been a concern. After all, they started taking pictures and finger prints of many passengers coming into the US. Hardly a speedy process.
The point of the new passports are twofold: raise the bar on forgers (it's always a cat and mouse game) and carry verifiable biometric information. Just to make you really are who you say you are. Of course, how is that going to prevent terrorism is beyond me. But I guess Osama Bin Ladden will have a harder time coming to the US for his yearly trip to Disney World.
Is there ever a reason the wireless feature of RFID would be needed for passports? Wouldn't smartcards provide all the necessary forgery prevention and data storage without any need for tinfoil hats?
Yes, I very much want our government officials to be terrified of the response of the electorate to their unethical, illegal, and otherwise-just-plain-bad behavior. Unfortunately, it doesn't seem to be working very well, and I seem to have mislaid the thumbscrews, stocks, and pillories. The press seem to be doing a poor job of it as well, alas.
Oh, wait, you meant "Terror" as in blowing things up. Sorry, I only do that in Counter-Strike, where nobody gets hurt.
There is no problem with putting biometric information into a 2d barcode. A PDF417 barcode can hold 1100-1800 characters of data. Datamatrix can hold about 2000 characters. And there is no reason why there couldn't be more than one barcode in the passport. If I remember the sizes correctly, probably 3-4 barcodes per page.
RFIDs typically hold 2k (or less) data. And there is nothing special about RFID that will stop counterfeiting.
But hey, if it's good enough for Walmart.... Only terrorists need privacy. And that RFID will help them locate US hostages. (although probably only for the terrorists)
It is amazing what you can accomplish if you do not care who gets the credit. -- Harry Truman
I expressed similar questions when reading the previous articles. Why not a barcode? An RFID system only has an identifier, a key ot a database. A barcode could have actual data on it.
From one of the responses to the previous articles of this sort, I understand that the system here is a bit different than regular RFID. One is that this system actually does have information in it, not just an ID. That doesn't relate to your question, but I found it very enlightening.
Another thing this system does is it is a challenge-response system. That is, it has information in it that is not emitted until you give the right information to it. Perhaps this is the information in that barcode on the password, I dunno. Anyway, a barcode is there for everyone to read, it cannot hide itself until the right key is given to it. The content could be encrypted, but once you take a picture of the barcode, you have its data, you could work on cracking it later, and the "owner" of the barcode wouldn't even know you were doing it. With this system, you can only work on extracting its secrets when you are in proximity to the chip. In addition, it is possible for the chip to monitor and know that you successfully passed its test and got its info. So you will at least know if you've been had when the "successful reads" counter (if it has one) is higher than you expected.
All in all, it seemed like a reasonable system to me. The actual presence of data (as opposed to just a key), the tinfoil cover and the requirement to read the barcode optically before you can get the data (other than ID) out all just adds up to a pretty good system to me. Definitely far better than the representations of it I had seen earlier.
http://lkml.org/lkml/2005/8/20/95
According to the State Department the chip will contain a complete electronic picture of the passport holder. Neither barcodes (even the 2D variety) nor mag stripes store information at high enough density to make this practical.
Fortunately, there is some middle ground here: smart cards that require direct electrical contact to read the data. This isn't an instant panacea by any means, but it certainly eliminates a lot of the most obvious problems in a hurry. As a bonus, smart cards designed to be secure have been widely deployed for quite a while now. Admittedly, "designed to be secure" doesn't necessarily mean they are secure -- but they do have had 10+ years of design, testing, vetting, and refinement behind them.
This is a decided contrast to the state department's situation. From the looks of things, they haven't even nailed down the details of the design yet, but the plan to have it fully deployed less than a year from now.
--
The universe is a figment of its own imagination.
The universe is a figment of its own imagination.
The problem isn't tamper-resistance. The problem is fielding an RFID tag that will uniquely identify a US passport holder, even without decrypting the additional information. The GUID on each RFID passport is unique, in the clear and vulnerable whenever the passport is opened. Like when you check into your foreign hotel or buy a train ticket. Maybe there's a 6-foot dish concealed 60 feet from the check-in desk. Or maybe the clerk's palmtop/scanner is sitting just out of sight, and he gets $1 for every GUID he collects (with timestamp).
And it's just possible that the shielding isn't as effective as we're told (or doesn't exist at all).
I'm waiting for the first bomb that has a proximity fuse looking for a US passport.
Mail? Put "slashdot" in the subject to pass the spam filters.
You might have noticed in the article that some countries have already starting issuing these new passports. I can confirm that because I have one right here.
Visually it looks very similar to a regular pasport, although it now has a little symbol on the bottom of the front cover denoting it as an electronic passport. The chips are stored in the centre of the passport, in what looks like about 7 pages stuck together. It has a warning printed on this page about it containing sensitive electronic components, and that you shouldn't bend, perforate or expose it to extreme temperatures or excess moisture. Further down it also says to please treat it with the same care you would any sensitive electronic device.
I can't see any evidence of a metal shield in the front and back covers, and I can't see where the number is that must be scanned optically to get the access code for the rfid chip is.
Physically it is noticeably thicker, heavier, and stiffer. The other point worth making is that it was ~10% more expensive then a regular passport.