Privacy Threat in New RFID Travel Cards?

DemolitionX9 writes to tell us ZDNet has an interesting article rehashing the problems with privacy in future RFID-equipped travel documents and ID. The piece focuses on a recent speech given by Jim Williams, director of the Department of Homeland Security's US-VISIT program. From the article: "Many of the privacy worries center on whether RFID tags--typically minuscule chips with an antenna a few inches long that can transmit a unique ID number--can be read from afar. If the range is a few inches, the privacy concerns are reduced. But at ranges of 30 feet, the tags could theoretically be read by hidden sensors alongside the road, in the mall or in the hands of criminals hoping to identify someone on the street by his or her ID number."

Re:practically speaking

[dwandy]

This is all very intriguing, but how exactly could someone exploit this RFID range to make my life worse

Lots of ways, most immediately comes to mind:

1. Capture your data.
2. Encode to my chip.
3. Now I'm you, I can:
4. • Travel as you.
   • Commit various offences as you
   • Do whatever I want as you, and hell, the computer can't be wrong.
5. (mandatory) PROFIT!

But I'm sure more devious plots will come to other people's minds...

Re:practically speaking

[MojoRilla]

How is this any different from someone stealing your passport now?

RTFA.

The 96 digit number would be a key into a database, which would "automatically display the cardholder's picture and other biographic information on the border agent's computer screen."

The agent sees the person who is using the card doesn't match the stored information, and hauls you in.
Finally, according to the TFA, "They're also exploring using a card that would have to be activated by the user, through a fingerprint or some other biometric method, before any information could be read remotely."

Blue sniper

[Spy+der+Mann]

Remember this gadget?

Who says there won't be a RFID-Sniper in the future?

Re:Perhaps...

[Waffle+Iron]

I mean, how useful would it be to you to have a list of all the social security numbers of everyone in a baseball stadium if you didn't have any of the names?

If RFID cards become pervasive, a gray market in matching serial numbers to real IDs will pop up just like there's currently a market among spammers for e-mail addresses. Any unscrupulous merchant with an RFID reader could harvest positive IDs from their customers at the checkout counter.

The key difference with SSNs is that you can't read them remotely from everyone who walks by.

Clear up some of the FUD

Let's clear a few things up, because there is a little FUD here... IANAL, but I am in the RFID business for commercial use (inventory management and the like)

1. RDID tags come in a HUGE variety of types. You have to choose the right tag for the job. For example, is the item liquid? Is it metal? Is it a large crate? A small one? Etc. My guess is for a passport, the RFID tag would be a very short range (2-3" read type).

2. There are active (like those attached to your toll tags, or to large pallats & containers). These have batteries in them. A passport won't have a battery in it.

3. There are passive tags. These get charged by the antenna, that makes the circuit work. Think crystal radio here... same sort of concept. It charges the circuit, then the reader reads the tag.

4. The tags generally (although they can) carry only a serial or lookup number. NOT specific information. The more info, the more expensive the tag. Some newer tags CAN carry things (like product expiriation dates, inventory dates, etc.)

5. There are tags that can be both programmed and are read only. Depends on the type of tag. Both active and passive tags can do this. This means the reader can also program the tag.

6. Readers are NOT hard to get. It's a commerical device. However, in most cases, the reader is specific to the tag type. There are SOME standards coming out now with the gen2 tags, but they are not in wide deployment. The readers are NOT CHEAP.

So, here's my guess of what they would (or SHOULD) do:

--very short range passive tag (would require the passport to nearly touch the reader)
--Read only tag
--Tag would only contain some sort of authentication string that would be read, decrypted, and authenticated to see if passport is real.
--Tag would contain some sort of lookup string, which would be read, then queried on the backend systems to make sure the tag matches what's on the passport.

ALL this can be done with protection of privacy, IF DONE RIGHT! It's being done today, specifically in the pharma industry.

Re:Clear up some of the FUD

[PowerKe]

ALL this can be done with protection of privacy

True, if you mean by privacy that someone else can't read your data without access to the database. However, the problem is that someone can still copy your RFID tag and write new data about you in the database. For example with this passport someone could cross the border with a copy of your RFID, marking you as being out of the country.

You could make this harder by using active tags that use a private key to sign messages but don't reveal the private key itself. However, you could still impersonate someone if you work together with a partner in proximity of the victim and you proxy the signal. A way to defend against that would be very strict timings in the reader, but this would probable make the RFID tag too expensive as well. (If you allow 1 millisecond variation in response time, you could proxy the signal 150 km)

It might be possible to do it right, but it probably won't be done.

Re:Clear up some of the FUD

You are wrong at least in one thing - the RFID's of US passports are containing all the same information printed on it.

defcon 2005

[farker+haiku]

At defcon 2005 some guys set a record for reading passive tags at 69 feet. With pics :)

Re:Informative? WTF?

Um. It's not just an ID number. It contains the picture, name, and other biometric and address details. So yeah, it is a problem.

Re:Devil's advocate - switch the antenna

[Em+Ellel]

This is perhaps the most reasonable approach to RFID technology that I have read on slashdot. A simple idea to combat a complex problem. Thank you, you've made my day.

One of the more interesting suggestions in the article is to make the document into a book-style (like passport) and make the cover from RF blocking material - meaning you have to open the "book" to be scanned.

Even the Homeland Security site says 100 feet...

[SmoothTom]

The Homeland Security site, in the section that discusses the testing of the current RFID equipped '94's, suggests reading the info contained in the chops from up to 100 feet away on a regular basis:

* US VISIT intends to build upon the technologies and management systems previously employed for entry in order to realize an automated entry exit process. RFID technology offers a solution for a potentially faster, biometrically enhanced entry exit operation.

* Using an automatic identifier, RFID technology can detect a visitor at a distance (up to 100 feet) and provide primary inspection with entry information. RFID technology can also provide a mechanism for an accurate and timely record of exits without requiring visitors to interrupt their travels by stopping or even slowing down to check out.
...
* US VISIT will ensure that our visitors' information is always protected. The RFID technology used by US VISIT will protect sensitive information because it will read only a randomly-generated number that links to visitors' information stored securely in a database. It will also be tamper proof and difficult to counterfeit or surreptitiously read.

(From a Homeland Security Press Release.

Not only that, this is discussing doing that while the RFID equipped form is in the possession of the person in a moving car...

A couple of inches? Yeah, right.

--
Tomas