Schneier on Security
A blog covering security and security technology.
« Airplane Defense Security Trade-Off |
| Election Recounts »
January 27, 2005
RFID as Automobile DNA
This company is proposing using RFID chips as "DNA" identifiers for cars; the chips would be left behind in hit-and-run accidents.
Posted on January 27, 2005 at 8:00 AM
• 28 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
And of course if you're not in an accident, you've still got a lovely array of RFID tags stuck to your car that you can't do anything (legally) about.
Of course, we can trust the gubmint not to abuse that...
Why is RFID needed ? Wouldn't it work just as well to simply inscribe the VIN on the tags that fall off the vehicle ?
Why RFID? Because people are lazy.
Mechanics don't want to write the VIN down, therefore there's a market for a VIN reader. It'll be billed as convenience; you drive into the repair bay and your details are already in the dealer's computer!
Of course what happens when someone can obtain your VIN just by passing you on the expressway is anyone's guess.
Personally I'm waiting for the RFID-based automated gasoline fillup. That charges directly to your credit card. Of course the ID signal will be unencrypted and easy to fake.
Mechanics don't have to write down the VIN as it is. Most cars have them bar-coded for quick retrieval. In addition, if you take the car to the dealer from which you bought it (or any dealer in that network), then they already have all of your details on file.
And the automated gasoline fill-up is coming, but the robotics have to be perfected first. Combine Mobil/Exxon's payment system with that, and you have your feared system.
For years, some people wanted to put "tagents" in pistol and rifle cartridges to help with shootings. Basically, it is mixed in with the powder and sprays out when fired. Under a microscope, these little gems have a pattern, much like resister - colored bands- that denote a number.
Several problems. Putting anything into an explosive chemical changes its characteristics, and makes it less predictable. Second, to be useful, each box of ammunition would have to be tracked from factory to seller, causing all kinds of paperwork and hassles.
Also, apparently, a factory producing these tagents blew up in Henderson, NV. BEFORE they were added to the powder!
If I were an electronic gizmo designer, I would feverishly be working on the RFID equivalent of TVBGone. Maybe that fellow is already doing it. There are many ways to fight sensory overload.
Not only Hit-and-Run, also border patrol... check out this article from Wired posted yesterday 1/26/05:
"Border patrol: U.S. officials want to see if the same technology that speeds cars through highway tolls and identifies lost pets can unclog border crossings without compromising security.
Homeland Security Undersecretary Asa Hutchinson said that the government will begin testing radio frequency identification technology at five crossings by midsummer.
Weeding out potential terrorists, drug dealers and other criminals from shoppers, truckers and tourists who regularly pass through border crossings takes time. The RFID technology is designed to reduce the wait while giving authorities more information on who's coming into the country and who's leaving.
With RFID technology, people or objects are identified automatically and swiftly. That allows vehicles outfitted with the technology to zip through toll plazas without stopping -- but won't at the border. People and vehicles still will have to stop, but if their identifying data produce no red flags, they will get just a cursory check rather than lengthy questioning. "
This part is really scary....
>>Prohibitive fines could be levied in cases of tampering and/or removal of devices. Drivers who do not report tampering (i.e. broken lens, loss of media, etc.) for any reason could also be subject to large fines.
Failure to report broken lights, lost media as a major offense?
Some people seem locked into an ugly mindset. To them no level of government intrusion is a bad thing.
>>With RFID technology, people or objects are identified automatically and swiftly. That allows vehicles outfitted with the technology to zip through toll plazas without stopping
Remember the story of how South African car thieves got around better car alarms... In this case it falls down particularly badly if a regular driver, accustomed to never being searched, decides to give people a "lift" across the border in his boot.
The problem is how to link the _driver_ to the car. How are you going to prove who drove the car during the "hit-and-run"? The criminal can claim that the car was stolen at the time. The same issue pertains to computer related crimes... the police finds the computer, but can not prove in court that the _owner_ committed the crime. real problem.
Saar: Easy way to link driver to car? Federally mandated card-swipe (and hold) device that verifies the national ID card of the driver. Backed up by fingerprint or retina scan.
crap. right. just got the kit in the mail, actually.
@Anon & Saar
The inevitable answer is muscular embedded secure challenge response RFID via secure channel chaining. Each RFID needs to trigger a verification and authentication point. Your embedded chip verifies you are you 24/7. The chip also detects if you are under duress/or even perhaps some form of intent. In the end the chip will also have a termination circuit to power you off. Perfect scenario would be you have now decided to drive your payload-enabled jeep into a building. The building is casting counter-terror beacons. Which are enabled to detect duress states and power you down until investigation proves you are "OK". Sounds like science fiction but so does everything that isn't in the public eye yet.
Yeah, well, it should be no surprise that entrepreneurs propose RFID as a replacement for bar codes, since that's what it was designed for -- radio identification. Back to reality, though, the U.S. government is regulating the use of RFID and defining specific vehicle wireless technology for IDs, etc.
The U.S. Department of Transportation Federal Highway Administration started a plan in 1999 to create a short-range communication system for cars based on RFID, called dedicated short-range communications (DSRC):
It's like EZPass on steroids, and would be required in all vehicles. The gov't claims it would be capable of "issuing alerts to drivers about impending intersection collisions, rollovers, weather-related road hazards, or warning a driver that his vehicle is going too fast to safely negotiate an upcoming curve."
Unlike RFID, DSRC is meant to be resilient to overlapping signals, use parallel communication channels with message priorities, and allow communication to be initiated by either tag (e.g. peer-to-peer).
The Federal Register was quoted to say "The DSRC systems use microwave communications over very short distances to allow moving vehicles to communicate with roadside locations. In commercial vehicle applications, the DSRC devices provide identification of vehicles which allows electronic screening of the vehicle, for safety, regulatory compliance, and credentials at weigh stations, ports of entry, and international border crossings."
Saar, you're thinking like a computer scientist. The law is not a computer simulation. Your argument would suggest that license plates themselves are worthless. Suppose there was a hit and run and someone got the license number. You think that's useless? You don't think the cops would bother to ask, because, after all, it wouldn't let them prove who was driving?
No, that's not how it works. Usually, once they know the car, they can find ways to prove beyond a reasonable doubt that the person was driving it. This "it was stolen" argument is a hard one to make fly. Most cars don't get stolen. And when they do, there's evidence that it was stolen. Or, why didn't the person report it gone? And so on. Yes, you can make up implausible answers to these, but that's why there's a jury. Juries listen to liars every day, and they ignore their lies and find the truth. Heck, most of the time the cops can force a confession, because the penalty is much worse if you go for broke, lie, and are found guilty in a jury trial.
So don't kid yourself that RFIDs or taggants wouldn't be of value in a case like this. And don't forget the people who would benefit, the victims of these crimes, as well as the future victims whose lives will be saved when we get unsafe drivers off the road.
Um, for one thing, cars need a "key" (put aside exceptions to the rule such as hotwiring, etc.). We are therefore wise to expect that RFID will be used to tie a driver and his/her fob/key to a vehicle (e.g. a key is something I have). Perhaps the cars will also incorporate another factor (something I know -- PIN, or something I am -- fingerprint) or maybe not. But the effect will be that when you approach your car you will have to "login" and therefore have your "identity" tied to the vehicle information system. For example, car dealers already talk about garage doors that automatically open when my car approaches, an automatic ignition, automatic adjustment of things like seat height, mirror angle, and stereo settings, an automatic alarm when tire pressure is low, automatic notification when maintenance is due...all because it can ID me.
That's the direction RFID has been going for the past three or four years (along with telling you the name and home of the cow that gave its life for your steak dinner). The DSRC standard, on the other hand, is meant to specifically address "automobile safety" issues, which will probably include a debate related to Police investigations of hit-and-run, unsafe driving, etc. Ergo, the plethora of commercial RFID devices will be restricted by the government "to protect consumer privacy" while at the same time federal agencies around the world will mandate a way to communicate wirelessly with all their registered vehicles...
Which reminds me of that wonderful film "Until the end of the World?" (Wim Wenders, 1991)
[Cypherpunk], I completely agree with you that it will help and that criminals should be behind bars and off the streets. I think you took my point to the extreme.
I am a computer scientist, and therefore I think like one. My point was that proving the link between the criminal and the weapon in this case and others is challenging because the criminals were not caught in the act. There are examples to this in the case of computer related offences.
To me it looks like Cypherpunk was agreeing with you. He illustrated nicely how law enforcement tries to "find ways" to eliminate doubt (about culpability). It seems that there is currently no foolproof method of tying event, vehicle and driver together. So I believe you were correct to point out that the link that started this thread (rfid2vin) does not address at all how RFID tags will prove a particular driver is at fault after an accident.
When you take a closer look, RFID2VIN says a car's front bumber should have "ice-cube trays" full of tags to be scattered around in the event of an accident. Even assuming that this could somehow get approval and/or work the "patent pending" document only traces a car's ID+VIN, and does nothing to prove who was driving.
Somehow I can see why Cyperpunk actually might want to defend the fanciful idea that a guilty vehicle would be forced to spill a tray and scatter nonrepudiable wireless IDs all over a crime scene. Could it be the perfect evidence? The smoking RFID tag has been discovered.
But seriously, it just seems that a more plausable implementation will be based on near real-time communication by cars themselves over a wireless network regulated by the government that can both timestamp the event and perhaps correllate it with patterns or specific driver(s). Funny when you realize new cars are just networked mobile computers with users onboard.
Don't forget the reason taggants were considered and then largely dropped from commercial explosives: taggant pollution. Eventually, after enough automobile accidents, you'd have these tiny things _everywhere_. It would aggravate definitive identification of the cars involved (many false positives.)
If it comes to be that if your license has an RFID in it as well then going through a traffic light swipe point could link a driver to the use of a car. For both state agencies and criminals (and used to make a useable forged Driver's License).
Umm, what exactly prevents people from "hacking" this RFID out of their car?
Reading the information on the website, I've found this is actually a two-part process. The "vin" number is obtained with a "reader" using an encrypted code that is available ONLY to law enforcement. This vin is then researched on a website that shows the last state the vehicle was registered in. The (current) ownership information is then obtained from that particular DMV.
How is this "big brother" when you have to get into an accident to leave this evidence? Another thing to consider--the "read" distance of a (passive) RFID chip is only a few inches; which is not enough for another car (or a toll booth) to retrieve this information from--even if they had the proprietary code.
I agree with one of the above contributors--the benefits of catching one of these cowards far outweighs any non-existent privacy concerns.
Another thing to consider--while it's true that paint analysis can now determine make, model and year of a vehicle--it can't tell you who the owner is. This is the ONLY thing I've ever heard of that can.
According to German IT magazine c't (published by Heise Verlag) issue 07/2004, they found out that Germany already implements RFID chips embedded in "TÜV" plaquettes (those are the little critters on the number plate that display the next due technical check of the vehicle).
The funny thing is, that this did not make it into mainstream media at all. No official statement on who handles what data, etc.
Just to let you know.
Just read that RFID on German number plates was a (bad) april fool's joke. But it appears that this joke made it into political debate, nevertheless…
First of all, you obviously would not have to be in an accident to drop an RFID chip. You would just have to crack one of the "ice-cube" trays on your bumper.
Second, as several people have pointed out, it is not hard to imagine little chips being dropped all over the place either on purpose or just by poor/cheap implementation. Hello, hubcaps? This would negate the whole purpose of having uniqueness in the chips.
Third, RFID is really a passive master-slave device that has a short-range capability (around several meters) and serious protocol limitations that make it difficult to work with in uncontrolled environments. It does not really suit this application at all, compared to DSRC, which has been around for years and is specifically designed to ID and communicate with cars over distance. I can easily imagine readers being integrated into stop-lights and other signs, where many accidents occur.
Breaking news (pun intended):
"Researchers Claim to Crack Car Alarm Code"
Their proposed solution?
"free metallic sheaths to cover the radio frequency devices when they are not being used"
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.