[uug] RFID security
zspecialk at gmail.com
Fri Sep 5 16:09:24 MDT 2008
First off, there was some confusion in the last couple of posts. I was not
aware of the passport CARD (
http://travel.state.gov/passport/ppt_card/ppt_card_3926.html ). It is a
distinct entity from a book passport, and I can see some value to the use of
a smaller hardier passport for people who live on our borders to carry out
their daily lives. People who take cruises might likewise benefit from a
waterproof passport that fits better in pocket or wallet.
The RFID passport card and book could have been accomplished just as easily
with a magnetic strip or a bar code. Smartcards would have been a little
more expensive, but would still be a contact based system which could not be
surreptitiously read and cloned. All 4 forms of non-powered data storage can
be cloned with the right equipment, though I suspect a smart card would have
been a better solution than RFID since it's a little more technically
advanced than the common magnetic stripe, making barriers to entry a little
While the actual security of government databases is suspect, having a
passport as a physical token, border agents credentials for system access
and your presence which can be compared to your picture on the card all
necessary to actually get a limited set of personally identifiable info out
of a remote database sounds like a reasonably secure model. Speeding up
border accesses to the point of just reading a bunch of electronic pointer
values is so insecure, it's hardly worth the trouble of securing the border.
Secondly I never suggested nuking a passport. I suggested microwaving credit
cards with RFID. People cut up and shred credit cards all the time. I don't
have one of the new passports, and won't need one for a couple years. I
don't know about the materials in the new passports nor the results of
nuking one, and I'm not sure I'd like to find out.
"*How secure is the card?*
The Department has decided to use laser engraving and will include
state-of-the-art security features to mitigate against the possibility of
counterfeiting and forgery. In addition, to mitigate any possibility that
the card could be tracked, it will be issued with a protective sleeve that
will prevent the card from being read when not in use.
We are taking every care to ensure that this passport card is as secure as
current technology permits. There will be no personal information written to
the RFID chip."
" The Department of Homeland Security's Customs and Border Protection (CBP)
officers, who staff the ports of entry, anticipate that the speed of
vicinity RFID will allow CBP officers, in advance of the traveler's arrival
at the inspection booth, to quickly access information on the traveler from
secure government databases, and allow for automated terrorist watch list
checks without impeding traffic flow. In addition, they foresee that
multiple cards can be read at a distance and simultaneously, allowing an
entire car of people to be processed at once."
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the uug-list