RFID Passport Security "Poorly Conceived"

tonk writes, "European expert researchers on identity and identity management summarize their findings from an analysis of passports with RFID and biometrics — Machine Readable Travel Documents or MRTDs — and recommend corrective measures that 'need to be adopted by stakeholders in governments and industry to ameliorate outstanding issues... By failing to implement an appropriate security architecture, European governments have effectively forced citizens to adopt new international MTRDs which dramatically decrease their security and privacy and increases risk of identity theft. Simply put, the current implementation of the European passport utilizes technologies and standards that are poorly conceived for its purpose.' The European experts therefore come to similar conclusions as the Data Privacy and Integrity Advisory Committee of the US Department of Homeland Security in a draft report, which seems to be delayed."

Unique number

[digitaldc]

Maybe in 2008 you will be able to verify your vote for President with them as well?

You'd think...

[Reidsb]

that people would more closely examine the security issues when dealing with something like this. I know I shouldn't be surprised, but I am.

Honestly, even with good security, the system is only going to be as good as the people who check these passports when they are used. If they just have someone scan them in and assume the right person has the passport, then it's still not secure.

Re: Why make them unnecessarily data rich?

[rHBa]

The "machine readable" part should not need to contain anything more than a unique number (i.e. primary key) and perhaps a pki type hash to verify authenticity. The rest can be contained in a (hopefully) secure database using an international common format or schema. The id number could also be soley used as a passport serial number and not used for any finanical purposes.

Precisely, you wouldn't even need to have a name or photo on the passport. That way if a passport was stolen the thief would not know who to imitate (or even what sex the passport is for). Of course this could present problems if the ID server (or your connection to it) went down or if you got the families passports mixed up.

The problem with e-passports

[kc1man]

The general idea behind the e-passport is to create harder-to-fake passports as well as speed border processing. I will avoid the issue of creating counterfeit passports, as in the long run adding an RFID chip to this document will only make it harder to counterfeit. Old non-RFID passports will continue to be accepted for at least another 10 years. By then, it is likely that counterfeiters will have caught on and the issue will be moot. As for speeding border processing, this is not going to help anything. The passport still needs to be opened, and in the US case, a "passkey" needs to be entered into the system for the data to be readable (crackers already have found ways of decoding the signal and data if they have some basic info about the holder). This can easily be done using 2D barcodes which are not readable without the holder's knowledge. The problem is with everyone else who can read your passport. Whether the person is able to read all your private data, or simply determine that you hold a passport from a particular country, it already poses problems with security. As it looks like the passports are here to stay, the only viable solution is to put them into an RF shielded case, such as the RFID Shield. Some will say that the passport already has shielding. This is not always true. The Irish e-passport has no shielding at all. Furthermore, a partially open passport has a greater chance of being read, even if the cover contains shielding. This can easily happen in a purse or in your pocket if you accidentally shove your wallet between the pages.