Schneier on Security
A blog covering security and security technology.
« Blowfish on "24" |
| The Emergence of a Global Infrastructure for Mass Registration and Surveillance »
April 28, 2005
RFID Passport Security
According to a Wired article, the State Department is reconsidering a security measure to protect privacy that it previously rejected.
The solution would require an RFID reader to provide a key or password before it could read data embedded on an RFID passport's chip. It would also encrypt data as it's transmitted from the chip to a reader so that no one could read the data if they intercepted it in transit.
The devil is in the details, but this is a great idea. It means that only readers that know a secret data string can query the RFID chip inside the passport. Of course, this is a systemwide global secret and will be in the hands of every country, but it's still a great idea.
It's nice to read that the State Department is taking privacy concerns seriously.
Frank Moss, deputy assistant secretary for passport services, told Wired News on Monday that the government was "taking a very serious look" at the privacy solution in light of the 2,400-plus comments the department received about the e-passport rule and concerns expressed last week in Seattle by
participants at the Computers, Freedom and Privacy conference. Moss said recent work on the passports conducted with the National Institute of Standards and Technology had also led him to rethink the issue.
"Basically what changed my mind was a recognition that the read rates may have actually been able to be more than 10 centimeters, and also recognition that we had to do everything possible to protect the security of people," Moss said.
The next step is for them to actually implement this countermeasure, and not just consider it. And the step after that is for us to get our hands on some test passports to see if they've implemented it well.
Posted on April 28, 2005 at 8:30 AM
• 36 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
The article also mentions a proposed implementation way: scan the (machine readable) passport and create the key by hashing the passport holder's data (name, birthday, passport's serial number etc). It defeats reading at a distance and makes perfect sense.
It is good to see the security concern regarding security feedback. Though it appears that the understanding of "how many kinks are we supposed to put in the hose" before the community is satisfied isn't there yet with the idea being that it isn't about the kinks.
Needing to scan the passport before getting at the key necessary to read it kind of defeats the purpose. If we have the data inside the passport why would I want to read it again from the chip.
Unless of course the chip contains more information than what the owner itself can read in the passport. Perhaps the chip would even be writable to keep track of the owners movements.
Anyway, this solution does not deal with replay attacks. Standing in line before I check, I can first record what key is used to get access to the passport of the person in front of me. Then later replay it to read his passport. (I'm assuming these chips are too simple to do a propose key negotiation)
No real mention of the protocol they will use for the reader to RFID.
I will make a wide assumption here that the RFID will still be visable to a pocket scanner that does not know how to either encode or decode the data. It will register the RFID's prescence simply because some response will be made before anything usefull like the country code (for the encryption method/key etc) has been sent by the RFID.
I will also make another assumption that like the old pasive security door tags, non linier junction detectors etc used in shop door ways the RFID will indicate it's prescence simply because it contains a tuned circuit for the pickup coil and electronics.
I suspect from a terorists point of view enough information will leak to make targeting of US citizens possible.
I personaly do not think RFID's are the way to go, results from the Pet Pasport system show that the RFID's are not reliable (some pet owners have had to put three or more RFID's in their pets to get one that works long enough for them to go on holiday).
Clive's made the point I was going to make. It may be unnecessary to read the data to know that data is present. A foreigner will be carrying a passport, a local won't. To get a good hostage, the bad guys just scan for RFID chips. If they need more data, then since it's a single global secret, they only need one guy to leak it or figure it out. Or they can wait until 2600 magazine tells them how.
The point is, you need to know two things to communicate with the RFID: the global secret, AND the contents of the passport(!). That's right, you have to optically scan the passport and get the user's name, birth date and passport number, plus know the global key, in order to learn the encryption key that will let you communicate with the RFID.
So what do you get from the RFID? Well, you get the photo in digital form, which is maybe a little clearer than you could have scanned it optically. But the main thing you get is a digital signature from the U.S. government that certifies all of the passport data. This will be signed with a well protected public/private key.
What is really needed now is a security analysis and threat tree attack model against three cases: conventional paper-only passports; RFID passports without encryption as previously proposed; and the new RFID passports with encryption. Which attacks are thwarted by each measure? And which new attacks become possible?
It would be a service to the community for someone to produce an unbiased analysis along these lines. Unfortunately, neither insiders (who must defend current proposals) nor outsiders (who hate and fear all government actions) are ideologically positioned to provide for this kind of analysis.
From my reading of the Wired article, there is no "global secret password". Each passport has it's own password obtained by a visual scanner which requires opening the passport.
I can only imagine the looks and reactions I'm going to get unwrapping my passport from its tinfoil I'll have to keep it in...
i wonder what is going to happen with the device if placed into strong electromagnetic field
The digital signature could be put on the password in machine-readable form too. So what DO you get from the RFID? Why is it there in the first place?
It's simply waste of everyone's time (and money) to debate about security measures for RFID when RF shouldn't be used for this application in the first place. Even if they get it right the first time (which I seriously doubt) the bad guys can still scan for passports from distance and then attack that person and steal his/her passport the old way (putting people carrying passports at risk). The right thing to do is forget about RF for this application alltogether.
Of course, this is hardly better than the original proposal. It means that now, the spooks who know the contents can still track you remotely without your knowledge. It dosn't eliminate the privacy problem, it just raises the bar a little bit. And it's very likely that each passport will still have a unique RFID "fingerprint" so that if the goal is to follow a single person or even just to detect Americans, the passport still facilitates that.
I predict a future market in RFID blocking passport holders.
Hmm.. Has noone of you guys there ever read the ICAO document about PKI for MRTDs?
There are many security measures specified by the ICAO to protect your personal data inside the chip.
The poor thing is that the US government only wants to implement "Passive Authentication". Other countries like nearly all states in the EU will implement "Basic Access Control - only can access chip data by extracting a secret key from the MRZ data and also encrypted communication" / "Active Authentication" The chip has to authenticate himself to the Reader to prevent 1:1 copys / "Extended Access Control" Advanced encryption ... and many more...
Also the rfid chip will generate a random number each time asked for the serial number..
The key is that your people don´t understand that the purpose of the ePassport should not be to be able to save more data on the pass. The only purpose of the rfid chip and data stored on it is to securely prevent copying or modifying the passport.
So won't it make more sense to have a contact-reader instead of RFID? If you need to OPEN the darned thing and then READ it and then TYPE THE DATA in or OCR it, just stick it in a bloody smart-card reader and be done with it.
Arik - it's a solution to a non-problem, suggesting alternatives with greater security is a waste of time. This is some combination of wow factor combined with artificial subsidy for rfid chip makers.
What happened to the idea of making the covers of the passport into a Faraday cage? (A fine grid of wires or the like.) That way, you could only access the RFID chip when the passport was open, a situation unlikely to be found while the passport is stashed in a pocket or purse.
I definitely agree on the "wow" factor thing being a major driving force. As for the subsidy comment--so much damn pork goes through each year that I doubt you could really build an argument based on this since they likely don't even know about the details--they just think that it is cool and trust that aide of theirs' whom has the right connections.
Frankly, I think that if they want to:
1. Encode data (statically) &
2. Provide extremely difficulty to counterfeit passports;
then they should look into the 2-D barcode technology poineered at Xerox/PARC which encodes digital data _inside_of_ an image using "\" and "/" shaped areas of varying length and color. That way they could encode a modest amount of data and a proper public key (similar to the x509 system used for website certificates, perhaps) inside of an otherwise innocuous digital photograph (larger than currently used, for obvious reasons--but not much so). That way the whole process of showing/viewing the passports doesn't change much for the holder, provides the access to information that the g-men want, and is much more immune to man-in-the-middle attacks & such. That's just my idea. It also has the benefit of not adding much in the way of extra surveillance powers to the government end of things. All we'd need is a trustworthy CA to sign the things.
Isn't there still a danger that a RFID reader can detect the presence of a encrypted RFID tag even if unable to read it? If you're only looking for Americans when any American will do, encryption wouldn't hinder you.
Perhaps in addtion to RF proof passport holders, dummy RFID passport chaff for sprinkling liberally in popular tourist locations might be a good idea too.
All other countries are going to have these tags too. They won't just be for Americans. The U.S. is requiring them, under the auspices of the ICAO.
its more the "US" factor than the "WOW" factor for us here in the EU. The US government demands them if you want to travel to the usa without a visa...
You can still take a piece of metalized film and put it inside one of this passport covers. This will cover your rfid chip.
Maybe (for those of us in the EU atleast) the real solution would be to have two passports, one for going to US and one for going to anywhere else. Atleast that way we'd carry a security risk only when going to the US. I'm against RF for anything that's transmitting my personal information around be it encrypted or not. We all know that even if you choose perfect algorithms for encryption it's still real easy to mess things up elsewhere. With RF you're gonna be transmitting "I'm carrying a passport" at minimum, there's no way around that. As for shielding, are you willing to put yourself at risk if it leaks?
State Bill to Limit RFID
"a California bill is moving swiftly through the state legislature that would make it illegal for state agencies and other bodies to use the technology in state identification documents."
Well I think you guys are completely missing the point. The people, ultimately, in charge of putting togther passport security are pretty much the same at those in charge of air travel, shipping port, nuclear power plant, weapons development sites, chemical refinery and border security. Need I say more?
i think a lot of you people need to understand that this isn't an "RFID tag" ... give me a break! this isnt walmart. its a contactless smart card. there is a difference... do some research.
the state department IS looking at BAC AND a metallic protective covering. these two things together to me look like there is no way any skimming/eavesdropping is going to happen. JMHO
First off, I have not read all the comments, though I probably should.
(note party could resemble a country, corporation, or other establishment)
Would it be possible to do this:
1) each party have a public/private key pair
2) the data on the passport is marked read-only; and if data needs to be changed, a new passport must be applied for (disposal of old passport is beyond scope of reply)
3) the data on the passport is encrypted with each parties public/private key pair
4) each party does its own verification process like usual after decrypting the data.
It's possible I've left out some details. Quite tired and was taking a break from studying for two finals. Thanks for reading my reply.
What happens if the RFID tag is disabled? If I choose to disable it, will I get in trouble? Will they demand that I replace my passport, or will I just have a full cavity search every time I fly?
@Cyberpunk, Arik, Don
A quick bit of history, the "Smart card" is a French invention the RFID a US invention... And I belive that the Frence hare not favourite flavour of the month with the US currently.
On another point several people mentioned using Optical techniques to encode the data etc. Sorry folks it's not going to be that reliable especially for large quantities of data.
Think back to Digital Watermarks (DWMs remember those) they where the hot thing 4/5 years ago. Somebody in Cambridge Labs UK came up with an algorithum that slightly warped the picture. The result was that although most humans could not tell the difference between the distorted and undistorted pictures, most DWMs failed to read the watermark on the distorted image.
Likewise we have all had the anoyance at the check out when the bar code reader will not read the price of the bread packet etc. A bar code is just a very few digits of information (about 32 bits) in an area about a square inch and they are still not even 95% reliable when used.
Now I don't know about your pasport but mine (EU format) is only fractionaly larger than two credit cards so I guess you could get maybe six to ten standard bar codes on it so not much data...
So after you have pressed your passport against a 2inch pipe with a 100lb or more weight by sitting on a barier at an airport etc with it in your back pocket, given it the old water vapour treatment either via the wash, spillink a coffee on it or just sweating a bit, how much distortion do you think you will have on the picture / page.
So ask yourself just how much data do you think you can get on the page and still have it 99.99% reliable (which is the sort of insult rate that would be just about tolerable in a busy airport).
Should the government go ahead and start to use RFIDtags on the passports - for one will be disabling it with the likes of RFIDwasher - which wipes the tags - I will trade of another 10 minute wait in a longer line for the complete and utter loss of my privacy.
It should be noted - it is not only the government that you should be afraid of - just the zillion other criminals out who will be equipped with rfid readers. Perhaps the combination of tin foil and RFIDwasher will be all we need for the future.
Shame you can't actually buy stuff with passports.. I can't wait for RF enabled credit cards so that I could skim a few new ones (on my way to supermarket), from everyone around (or eavesdrop when they're paying) and then use their cards for buying stuff.. Would save lots of cash that way.. :)
The trouble is a standard RFID_Washer is not likley to work against the pasport or ID card RFIDs.
So I guess it's back to the microwave oven.
Is it a type of encryption with multy decryption keys?
I am so concerned about unwanted RFID reading of my cards that I took my leather wallet apart and lined it with x-tra strength aluminum foil and sewed it back up. Hopefully this will work as I tested the idea with a cell phone by wrapping it with alum. foil and it could not receive calls.
People need to wake up and realize that the RFID chip is a very scary thing. Imagine having it embedded into you! that is happening sooner then later!
In the UK we used to have a problem with thieves burgling garages in order to steal blank MOT test certificates. The blank certificates could then be filled-in to enable dodgy vehicles to be used or sold. Allegedly a pad of certificates could be worth hundreds or even several thousands of pounds. Siemens and the government solved that problem. (1) All BRITISH vehicles are registered on the central computer. (2) The vehicles ID is confirmed when it is presented for test. (3) The MOT tester has to use his smart card to access the central computer and print the pass certificate. Regarding persons IDs in the UK, all drivers have photo-card driving licences and the photos are stored on the central computer. Number plate recognition cameras can ID the car, its tax, insurance and test certificate credentials and its owner. Allegedly there are even cameras on motorways that can tell whether the driver is the owner! The passport office also have photographs of BRITISH passport holders. The problem as ever is foreigners and as people used to quip "Will Osama Bin Laden have an electronic passport?" In actual fact passport and driving licence printing were outsourced long ago and allegedly in The City of a Thousand Trades "You can get anything you want!" All these checks and balances might seem fairly rigorous but it is actually extremely easy to drive a coach and horses through the regs. Many outrageous dodges used to be elaborated in an dreadful underground magazine called "Wide Boy". It was printed in the 80s although I never actually saw a copy myself. An old proverb is "Locks only stop honest men" (very true - the pikeys have oxy-cutting equipment and lorries equipped with cranes) Getting back to passports, the old dodge of stealing a passport and selling it to someone who looks similar is still a fairly common crime. Less common are countries that clone passports. If "Supernotes" can be produced, so can passports. Now here is a simple idea, at the airport the passport number just pulls the image of the person from the central computer. If the central computer also had a voice clip from the person it would make a double check as regional accents often last a lifetime. Foreigners won't be on the computer unfortunately.
Just a little post script. A friend who knows about these things told me that a person arrived at Heathrow Airport with an absolutely perfect electronic passport. It was a few years ago and although the passport was perfect in every respect none had yet been issued officially! Makes you think!
Not all UK drivers have photocards - only for licences issued/renewed after a certain date. Older drivers who have not had points added, changed address etc could still only have the paper version.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.