Slashdot Log In
Disabling the RFID in the New U.S. Passports?
Posted by
Zonk
on Tue Dec 26, 2006 10:19 AM
from the very-high-tech dept.
from the very-high-tech dept.
slashchuck writes "Along with the usual Jargonwatch and Wired/Tired articles, the January issue of Wired offers a drastic method for taking care of that RFID chip in your passport. They say it's legal ... if a bit blunt. From the article: 'The best approach? Hammer time. Hitting the chip with a blunt, hard object should disable it. A nonworking RFID doesn't invalidate the passport, so you can still use it.' While this seems a bit extreme, all indications seem to be these chips aren't very secure. How far will you go to protect or disable the RFID chip in your passport? Do you think such a step is necessary? Does anyone have an argument in favor of the technology's implementation here? "
Related Stories
[+]
RFID-Reading Passport Scanners Installed 151 comments
Kozar_The_Malignant writes, "Electronic passport scanners have been installed at SFO. Ten of the scanners were received last week and have now been put in service. Various creative responses have been discussed here before."
[+]
IT: RFID Passport Security "Poorly Conceived" 33 comments
tonk writes, "European expert researchers on identity and identity management summarize their findings from an analysis of passports with RFID and biometrics — Machine Readable Travel Documents or MRTDs — and recommend corrective measures that 'need to be adopted by stakeholders in governments and industry to ameliorate outstanding issues... By failing to implement an appropriate security architecture, European governments have effectively forced citizens to adopt new international MTRDs which dramatically decrease their security and privacy and increases risk of identity theft. Simply put, the current implementation of the European passport utilizes technologies and standards that are poorly conceived for its purpose.' The European experts therefore come to similar conclusions as the Data Privacy and Integrity Advisory Committee of the US Department of Homeland Security in a draft report, which seems to be delayed."
[+]
IT: British "Secure" Passports Cracked 305 comments
hard-to-get-a-nickna writes "The Guardian has cracked the so-trumpeted secure British passports after 48 hours of work:
'Three million Britons have been issued with the new hi-tech passport, designed to frustrate terrorists and fraudsters. So why did Steve Boggan and a friendly computer expert find it so easy to break the security codes?'"
[+]
E-Passport Cloned In Five Minutes 259 comments
Last month a panel of EU experts warned that the e-Passport's security is "poorly conceived", and in fact a week later a British newspaper demonstrated a crack. Now another researcher has shown how to
clone a European e-Passport in under 5 minutes. A UK Home Office spokesman dismissed it all, saying "It is hard to see why anyone would want to access the information on the chip."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
No Hurry (Score:5, Insightful)
Freedom vs. Safety (Score:3, Insightful)
Hey, actually, it is a great idea. If you're the kind of person who likes to protect his rights and privacy, this is an excellent way to go. Not only do you get to destroy the RFID, but you can still use the passports that are being released from here on out and are the only way to get in or out of the country. This means that we have an option to keep passports as the
Re:No Hurry (Score:5, Insightful)
Parent
Re: (Score:3, Interesting)
Yeah, because stopping you, scanning your passport, then letting you on through was SO much faster than stopping you, sliding your passport through a stripe reader, and letting you through.
Umm, you missed the point. The intent of the smart card chips isn't to speed up processing,it's to increase security without slowing processing down too much. However, once the smart chips are in place, the normal processing flow for a chip-bearing passport will involve reading the chip data. What happens when the chip fails to respond? Well, that will be an exceptional circumstance that will take the bearer of that passport out of the normal, expedited flow and into another process that scrutinizes t
Re:No Hurry (Score:5, Insightful)
My point is, your anger at the poster and the method of destroying the chips is a bit misdirected -- if you really want to spend less time at security checkpoints and Immigration and Customs, you should lobby for improving the methods currently in place. Besides, like someone who replied to your post already said, there really is no speed improvement in putting your passport through a barcode reader or waving it in front of an RFID reader. However, there is a relative security difference, and given the choice, I would take the former.
Parent
Re:No Hurry (Score:5, Informative)
What technology would you suggest to use to do this broadcasting? The contactless smart card chip in the passport won't do the job very effectively because:
Perhaps you could photocopy the information page and post flyers? Or just walk around holding your passport open so that any would-be passport cloner can see the MRZ data? If you *really* want to use the passport's contactless chip to distribute the data, I guess you could print your name, birthdate and passport number on a sign, hang it around your neck, and then stick your passport to it so it's held open. Given the name, birthdate and passport number, an attacker will be able to guess the MRZ fairly quickly. If you want to make them work for it a little, you could leave out the birthdate and passport number and let them guess those values. Be sure to give them your name, though, otherwise it'll take too long, because the chip just doesn't report the failed authentication attempts fast enough. There's also the small issue of the communication range of the contactless chip, but perhaps there's an area of the airport that is nicely EM-shielded so that the attacker's lab-grade transciever and signal processing equipment can talk to your passport at a reasonable range. Or perhaps you could just let the attacker give you a booster device that you could hold near your passport.
All in all, it seems like a rather ineffective way to broadcast your data. I'd go with the flyers.
Removing toungue from cheek, it's a pretty ineffective way for an attacker to try to get your data, too. There are many other approaches that are much, much easier.
Parent
Re:No Hurry (Score:5, Informative)
That's true if your definition of "open" is anything not held tightly closed.
It has already been demonstrated that the faraday cage effect of the shielding is negated if the passport is only open a centimeter or so, as could easily happen with a passport carried in a handbag, or pretty much anywhere there is not much pressure to hold it closed.
So, while you may not be able to crack the data from the RFID, you can certainly talk to it under conditions that are reasonably common in the field.
it requires execution of a cryptographic authentication protocol using an AES key derived from data printed inside the passport cover (called the MRZ)before it will divulge anything; and
Doesn't this strike anyone as ironic? The RFID is of no value for official use without first having to read something printed on the inside. So much for any improvement in convenience or ease of use over the previous implementation. Seems like an RFID manufacturer (patent holder?) hired a really good lobbyist.
Parent
Re:No Hurry (Score:4, Insightful)
Or you could put a rubber band around the passport to keep it closed.
Parent
Re: (Score:3, Funny)
We ARE talking about the US government, aren't we?
Re:No Hurry (Score:4, Interesting)
took me some time to grasp the advantage. I think the obvious advantage of the rfid chip is for the entering country to keep a complete record for post/off site processing. It does no good to the US customs for US citizens to give back the info. We already have that in our databases, + more for anyone "interesting" just from their SSN.
Essentially the RFID passport is a Tit for Tat jester. To tell the EU, etc we'll force our citizens to give you their data in a nice tight bundle, so that you will return the favor with your citizens data on Entry to the US.
obviously easier for a untrained agent to beam all passport data to a offsite FBI agent, then you can have one central surveillance office.
Parent
Re:No Hurry (Score:4, Informative)
I gave a better answer to this question here [slashdot.org].
Parent
Re:No Hurry (Score:5, Informative)
Perhaps I'm simply naive here but if the RFID tag requires information printed inside the passport be entered into a computer then why have RFID at all?
It's an anti-forgery mechanism. A forger doesn't want to duplicate a passport, a forger wants to create a passport with the bogus holder's photo, plus some either real or real-looking but innocuous identification data. The thing the RFID's copy of the data has that the printed page doesn't have is digital signatures. A forger may be able to print a perfect-looking passport, and embed a chip loaded with all of the corresponding data, but he won't have access to the private keys necessary to apply the proper digital signature to the data. This makes the new passports essentially impossible to forge, assuming RSA remains unbroken and assuming the private key is well-protected.
There's no need to use a contactless method unless someone is picturing a scenario where customs will be something that you just walk through with your passport in your pocket or just have it tapped on a reader.
Not true. The engineers who created the passport chip specification for ICAO wanted to use off-the-shelf technology, rather than inventing and debugging something entirely new. Given how much trouble the various vendors have had making the off-the-shelf technology interoperate correctly, this was a wise choice. But off-the-shelf contact smart card technology has some fundamental limitations for this application.
First, where on a passport do you put the chip and how do you insert it? Obviously, you can't use off-the-shelf smart card readers, because the passport is the wrong shape and size. Further, passports aren't rigid enough to guarantee that the contacts will correctly land on the regions of the smart card contact plate. Using a contact chip would have required adding some card-shaped rigid plastic "page" to the passport, which would have complicated manufacturing, made the passports more fragile and probably also increased the time required for Immigration officials to insert the card.
Second, and more importantly, contact smart cards are too slow. Due to a quirk of history, contact smart cards are limited to a maximum data rate of 115kbps. Because of the inefficiency built into the ISO 7816 T=0 and T=1 protocols, that means you get about 8KiBps (note: kbps = 10^3 bits per second, KiBps = 2^10 bytes per second) throughput, *max*. And, in practice, you only get that speed by carefully matching and testing cards and readers. In the smart card world, we expect real-world transfer rates of 1-2KiBps. The ICAO data set sizes are in the range of 30-40KiB. Contactless cards, however, are either 400kbps or 800kbps. Even at the slower speed, that produces a transfer rate of over 30KiBps. You can see that a contact card's best case is around four seconds to move the data set, and a more realistic common case is 10-15 seconds. A contactless card's worst case is about 1.3s, and the best case is about 300ms.
Add to that the fact that contactless is more forgiving of passport placement accuracy than contact, and you have a really significant difference in per-person processing time. Five seconds per traveler, per agent adds up to another full-time position or two at each major airport.
All of this could have been addressed by designing a new contact interface and protocol, of course. The custom contact plate could have been much larger so the individual contact areas were much bigger, solving most of the issues. But they wanted off-the-shelf, both in the interest of development time and in the interest of cost. By using standard parts, the passport issuers and immigration agencies benefit from economies of scale that they wouldn't get with custom components.
Finally, there was really no reason *not* to go contactless. Privacy wasn't traditionally part of the security issues that passport agencies were concerned about and, in any case, the MRZ-based encryption seemed to addr
Parent
ObSneakers (Score:5, Funny)
Bishop: Anybody remember how to defeat an electronic keypad?
Mother: This might help. An old buddy of mine who was in Desert Storm sent it to me. 'Course, he was on the other side.
Bishop: Come on. There's got to be a way around these things.
(He listens intently to instructions via his earpiece.)
All right, all right... This might work... Yeah. Yeah... Right. Okay. I'll give it a shot.
(He kicks the door in.)
Re:ObSneakers (Score:4, Funny)
Parent
What the Heck... (Score:3, Informative)
Microwave the sucker and be done with it, I say.
Oh wait, that leaves a big smoking hole in the passport... Errr, never mind, carry on...
DMCA (Score:4, Funny)
They do NOT say it's legal (Score:5, Insightful)
Also, only TFA works. The other links are bogus.
Re:They do NOT say it's legal (Score:4, Interesting)
I would think that "tampering" would be more along the lines of "falsification". Destroying the RFID is really more defacement than tampering. At worst that would make the tag useless, at best make it more secure, and only means the passport works the way passports have always worked, requiring visual identification. It doesn't give the holder a different ID or allow him to do anything he otherwise could not.
Parent
Re: (Score:3, Insightful)
Ooops (Score:4, Funny)
It's like wearing a big name tag... (Score:5, Insightful)
Scrolling Name Badges (Score:3, Funny)
A cookie for the first hacker who connects a portable RFID reader to one of those uber-geek scrolling LED name badges and writes out, "Hi, $FIRST_NAME $LAST_NAME, pleased to meet you!" whenever someone with a passport walks up to you.
Tags: dontaskquestions (Score:3, Funny)
Or how about in opposition of it? What do you think are the legal ramifications of such a move? Who is likely to be hurt by this scenario? Who am I? What am I doing posting on Slashdot? When is my question-mark key going to break under stress?
Taking bets... (Score:5, Insightful)
Re: (Score:3, Funny)
Re: (Score:3, Funny)
or so I've heard..
Re: (Score:3, Funny)
Probably not long. And then only the criminals will have hammers. That's why we should all join the National Hammer Association.
They can have my hammer when they pry it from my cold, dead hands.
State Department FAQ (Score:5, Informative)
What will happen if my Electronic passport fails at a port-of-entry?
The chip in the passport is just one of the many security features of the new passport. If the chip fails, the passport remains a valid travel document until its expiration date. The bearer will continue to processed by the port-of-entry officer as if he/she had a passport without a chip.
Anybody got an RFID detector? (Score:3, Interesting)
Does anyone make a handheld RFID detector? Not something to read the tags, but just to note their presence, kinda like the rudimentary keychain WiFi detectors? I'd love to have something that I can use at home to find these little buggers as they start invading everything, so I can choose which to keep, which to somehow enclose (e.g., passport), and which to hammer into oblivion.
For my purposes, a simple meter showing strength of reflected RFID signal would probably suffice, so one can slowly pan over an area to watch for needle jumps. An audible signal (think Geiger counter or metal detector) could work too, though a headset jack would be nice in that case.
Re:Anybody got an RFID detector? (Score:4, Informative)
I haven't tried them yet, but if you are interested in PC-based RFID readers, some friends recommended these:
http://www.hobbyengineering.com/H2177.html [hobbyengineering.com]
http://www.phidgets.com/index.php [phidgets.com]
Parent
Re: (Score:3, Informative)
http://209.85.135.104/search?q=cache:HuNI-ek20WkJ: www.cs.vu.nl/~melanie/rfid_guardian/papers/acisp.0 5.pdf+rfid+vu&hl=en&ct=clnk&cd=2&lr=lang_nl [209.85.135.104]|lang_e n|lang_de
They also link to the RFID detector in the C'T magazine (first reference).
Anyone who disables the tag, is a terrorist. (Score:3, Interesting)
"Does anyone have an argument in favor of the technology's implementation here?"
Soundly thrash, arrest, incarcerate, try, convict and execute anyone with a malfunctioning passport tag. Problem solved.
So what's the point of this "Security device"? (Score:3, Interesting)
THINK before you hammer (Score:3, Insightful)
Or that Homeland Security can identify you as someone who has exhibited an unusual pattern of behavior by sabotaging my own passport, for reasons which they will not be interested in trying to understand?
Telling them that "An article in Wired says a nonworking RFID doesn't invalidate the passport, so I can still use it" is likely to be about as effective as John Gilmore saying that since nobody can show him a copy of any law [postgazette.com] that says he needs to show ID when flying, he should be able to fly without showing ID.
Re:Tinfoil Passport Cover? (Score:4, Informative)
Parent
Re: (Score:3, Informative)
And as long as you keep your passport in the RF shield, nobody can read it.
But the instant you pull it out, anyone can try accessing it.
What's worse: You *know* that Customs Officials won't have Faraday Cages around their reader stations. All someone'll have to do is set up a high-gain antenna somewhere in the area, and they can parasite the data as it's being read by the legitimate scanner.
Re:Tinfoil Passport Cover? (Score:4, Funny)
Parent
Re:Tinfoil Passport Cover? (Score:4, Informative)
Here's how it would work:
1) The customs official asks you for your passport.
2) You pull it out of your tinfoil sleeve and hand it over.
3) Customs official opens the front cover and scans the front page so his computer has all of the information for the security key. (It's not used for encryption. It's just a plaintext password.)
4) Customs official's station broadcasts the security key.
5) The RFID tag in your passport broadcasts your passport data.
If I have a sensitive enough high gain antenna pointed at that customs station, I now have both your security key AND all of the information in your passport.
The broadcasts in steps 4 and 5 are OMNI-DIRECTIONAL. They're relatively low-power, because according to the design, the passport's supposed to be only a few cm away from the reader.. But that's why you need a high-gain antenna.
Parent
Re: (Score:3, Informative)
Re:Great idea! (Score:5, Interesting)
Let's face it, you're gonna see a certain percentage of RFID passports that just don't work, for whatever reason. What do you do? Lock those people up? No, you just treat the passport like a traditional non-RFID-equipped passport. Well, if you're a properly-trained security person maybe you actually look at the traveler and make sure the picture matches. Maybe you do your job, because if the RFID isn't working you can't just doze through the interview and let the machine do the work. You should be on your toes anyway, because the one time you aren't is when the technology will let you down. And they (yes, they) know that.
And you can bet your boots that any (ahem!) undesirables will have properly-functioning RFIDs anyway. As always, it's us ordinary folk that will get busted for not dotting our I's and crossing our T's (not that most of us have any way to test the goddamn things anyway, except by trying to travel somewhere and seeing what happens.)
Personally, I think the Feds ought to focus more on people skills (i.e., well-trained, well-paid security forces with an effective organization to back them) and less on failure-prone, unproven technology.
Parent
Re:Great idea! (Score:4, Insightful)
The goal of adding RFID to a passport was to add another layer of security to the passport. This may sound a little strange at first, but there is some logic to it. The RFID chip contains the same information as the printed passport, including a digitized version of the picture, AND a cryptographic hash. The desired outcome is that it is difficult to forge BOTH parts of the passport simultaneously. Ideally, the person would only be able to pass if both portions of their passport matched and the hash was valid. Although it may be a result, being able to just wave people on through after scanning the RFID portion of the passport was not a goal.
Practically, since passports are still valid without RFID, this measure is almost useless, and opens up tons of privacy problems as already stated. I don't think that ranged communication should have been a major feature of a passport, which makes me wonder why the government chose RFID over any other tagging technology, such as smartcards. Smartcards could perform the same or perhaps even better task as the RFID tags currently are, except they would be more secure simply by the virtue that they require physical contact with the reader.
Parent
Re: (Score:3, Insightful)
Well, much has been made over the potential for these passports to be read by bad guys for some distance. It occurs to me that our government (and others) might like to have that same ability. It sure would be convenient for the cops if they could just stop anyone that they can't "ping". It would be a variation on usual "papers, please!" but no less invasive from a privacy perspective. Readers could be installed
Re: (Score:3, Funny)
hahahahahahahahahahahahahahaha... sorry... just had to laugh... you owe me a new keyboard...
Re:Great idea! (Score:4, Informative)
So unless they are going to recall all non-chipped passports, they'll have to wait quite a while to make it a requirement.
Also:
Parent
Re: (Score:3, Insightful)
You, ah, ARE aware that the Constitution sets up three branches of government, and explicitly grants the Courts a rough third of aggregate power, right?
And since they're the only branch that has no say in amending the Constitution, letting them be the ones that determine what the words mean sounds reasonably fair. (Where's the "States may outlaw abortion" amendment, anyway?)
FWIW, it is disturbing tha
Re: (Score:3, Informative)
Passive tags (like the one in the passport) can only be read a few inches away and someone with even a basic knowledge of physics knows that the power requirement to maintain an adequate magnetic field increases exponentially with distance.
Good post. I just want to add that because the readers EM field powers the chip and the chip's transmitter that the effective power requirement increases with the *cube* of distance, rather than following the normal inverse-square law. That's not to say it's impossible to read chips from larger distances, but it's very tricky, and works best in an EM-shielded lab environment.
you're either lying or ignorant of the field (Score:4, Informative)
Here's a nice little marketing presentation to get you started on the capabilities of passive RFID using Ultra-High Frequency
*Yes, I know its only "1 meter" under near-ideal conditions but average street conditions still don't degrade the range to "a few inches".
Parent
Re:Somebody doesn't grok RFID... (Score:5, Informative)
Passive tags (like the one in the passport) can only be read a few inches away and someone with even a basic knowledge of physics knows that the power requirement to maintain an adequate magnetic field increases exponentially with distance.
While you may "do" it for a living, it sounds like you don't hack it for a living. It takes a whole different mindset to look for vulnerabilities to exploit.
Even the State Department admits the RFIDs used in the passports can be read from at least 10 feet away. [oreillynet.com] NIST says they've been able to do 30 feet and are working on clever ways to get beyond even that. These numbers are for ISO 14443 RFIDs which seem to be the type used in US passports.
one has to remember that tags operating on the same frequency will tend to interfere with each other, reducing the chance of getting a good read.
There are plenty of situations in which just knowing that the RFID and associated passport are present are trouble enough. The classic example being the bomb with an "american detector" - left out in a public area it only needs to get enough of a signal fingerprint to differentiate american passports from others in order to make that passport's owner very unhappy. Put one of those into the doorframe of a mcdonalds somewhere and you don't even need to worry about long-range fancy-smancy stuff.
Parent
Re:Somebody doesn't grok RFID... (Score:5, Interesting)
Since we determined that radio is used to power the tags, everyone with a basic understanding of physics should know that the field strength diminishes with something like x^-3 and not y^-x, which would make it a cube law matter, and not exponential. Additionally, the same directional antenna that can be used to read the tag's signal can be used to direct the radiated RF energy to the tag.
Sorry, but that's wrong again. RFID tags only send an answer when they are specifically addressed. The inventory control tags allow for a binay search to find all tags, e.g. you start by asking if any tag have addresses <2^31. If any answer, you check < 2^30 and between 2^31 and 2^30, etc. until you know the individual addresses of all tags in your range. Only after you have the right adress you will start actually reading their data, anything before that is just to detect their presence. Whether or not passport tags even give away their presence if one doesn't provide the (printed) secret key in the request, I do not know.
Parent
Re: (Score:3, Insightful)
He's going through customs. With over $60k in cash. I guarantee it was not in his pockets. Further, if you've ever been put into the "special" line crossing the border, you know that they'll probably ask you to empty your pockets, too. Especially when your baggage has tens of thousands of cash in it.
They didn't need to read it at a distance, they freakin' looked at it.