Tuesday, August 08, 2006

Electronic Passports - done all wrong?

Yesterday the morning newspaper carried a (very short) article about new Electronic Passports being hacked or something like that. I wanted to know what that was about, and some Googling revealed that the article must have been talking about a demonstration at the BlackHat conference, as e.g. mentioned on Bruce Schneier's blog.

After having read up on this, I am a bit perplexed - what are they actually trying to achieve with this electronic passport?? More "throughput" at border controls because of contactless machine reading? Nice, but the OCR readable text at the bottom of new passports should already achieve that, doesn't it? More "security" - like what? Just prevent changing data in a passport (what's the scenario)? Granted, that appears to be achieved by digitally signing the data in an RFID chip on the passport. But prevent forging passports? Not really... in fact, after having read up on the architecture, it appears terribly EASY to read the digital information (contactless, from a distance!!) in one passport and copy it into another (stolen or not) one, electronically not distinguishable. This is little better than the rechargable card for the washing machine!

If you do want to have a reliable system to track and prevent abuse, why not do it right, with a hardware PKI chip thing, that securely stores a private key (ideally generated on the chip HW itself; NOT generated externally and transferred into it)? Probably not impossible to read & copy from either, but certainly much much more secure, from what I understand. A HW chip like in the SmartCard I now to carry to work for one client, or like my ThinkPad laptop has built-in (BTW: I didn't get that working with Thunderbrid/Firefox; do I need a special PKCS#11 module or something - somebody knows where to find that??).

Or is there picture or some properly reliably biometric information in the RFID chip data that could used to match the person presenting the passport to the person it was originally meant to be issued to? That would be an idea I guess... would that work & help? Haven't read anything in that direction though.

Or is it a cost problem? I can't imagine a small proper HW crypto chip to be that expensive, certainly not if purchased in volumes as this would be about.

PS: The actual form factor, i.e. whether it really is a credit-card size SmartCard, or that kind of chip embedded in the cover of a plastic passport, seems like an orthogonal issue to me; although it may be interesting to note that many countries in Europe have credit-card size "identity cards" that we use to travel within Europe, instead of the full-blown passports. Equally orthogonal to the chip itself is the access technology - although I admit being equally or even more stunned on that aspect.. contactless and remotely readable... the practical reasons are (somewhat) plausible, but imagine the implications - what are they thinking?? If at least it had a big red on/off button or something like that! This is off course just the tip of "non-technical" aspect of this entire topic... I won't go into that here.


Post a Comment

<< Home