Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on STATE DEPT. TO RETHINK PRIVACY SUPPORT IN RFID PASSPORTS

From: "Dave Farber" <dave () farber net>
Date: Tue, 26 Apr 2005 15:47:34 -0500


------- Original message -------
From: Trei, Peter <ptrei () rsasecurity com>
Sent: 26/4/'05,  15:25

For IP, if you wish...

I'm afraid I can only give a one-and-a-half cheers for this
proposal. From a technical and security point of view, 
it's half-baked.

While this certainly prevents silently skimming the data
off of a passport, it may still endanger American citizens
abroad.

It's not clear from the description if the chip remains
utterly silent in the absence of it's specific key. If
this is not the case - if it responds to an energizing
field by announcing its presence - then it's still the
electronic equivalent to wearing a US flag on your 
back.

As such, it imposes needless dangers on Americans.

Since the claimed intended use is now to optically scan 
the passport's barcode for the chip's key, and then 
use that to unlock the chip, why is a wireless 
component needed at all? 

Why not embed a smartcard chip in the cover, with the
contacts exposed on the inside?  That *would* be
secure against remote scanning, and allow much more
capable chips to be used.

Peter Trei

Joseph Lorenzo Hall  <joehall () gmail com>

Sent: 26/4/'05,  11:41

STATE DEPT. TO RETHINK PRIVACY SUPPORT IN RFID PASSPORTS

Following criticism from computer security professionals and
civil libertarians about the privacy risks posed by new RFID
passports the government plans to begin issuing, a State
Department official said his office is reconsidering a
privacy solution it rejected earlier that would help protect
passport holders' data. The solution would require an RFID
reader to provide a key or password before it could read
data embedded on an RFID passport's chip.

<http://www.wired.com/news/privacy/0,1848,67333,00.html>



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: