It’s old news the U.S. Department of State began rolling out passports with RFIDs embedded within passports. The RFID is described as follows:
A contactless chip in the rear cover of the passport will contain the same data as that found on the biographic data page of the passport (name, date of birth, gender, place of birth, dates of passport issuance and expiration, passport number), and will also include a digital image of the bearer’s photograph.
So what’s the big fuss with RFIDs and security since the U.S. Department of State clearly states:
The Department of State has employed a multi-layered approach to protect the privacy of the information and to mitigate the chances of the electronic data being skimmed (unauthorized reading) or eavesdropped (intercepting communication of the transmission of data between the chip and the reader by unintended recipients). Metallic anti-skimming material incorporated into the front cover and spine of the e-passport book prevents the chip from being skimmed, or read, when the book is fully closed; Basic Access Control (BAC) technology, which requires that the data page be read electronically to generate a key that unlocks the chip, will prevent skimming and eavesdropping; and a randomized unique identification (RUID) feature will mitigate the risk that an e-passport holder could be tracked. To prevent alteration or modification of the data on the chip, and to allow authorities to validate and authenticate the data, the information on the chip will include an electronic signature (PKI).
Sounds impressive, right? Well it is, considering the original security measures proposed. Unfortunately, I’d put my money on hackers over government–researched security measures, any day of the week. Bruce Schneier (a security writer for The Washington Post) wrote an interesting blog entry that highlights some important implications of RFIDs and your passport such as:
The other security mechanisms are also vulnerable, and several security researchers have already discovered flaws. One found that he could identify individual chips via unique characteristics of the radio transmissions. Another successfully cloned a chip. The State Department called this a “meaningless stunt,” pointing out that the researcher could not read or change the data. But the researcher spent only two weeks trying; the security of your passport has to be strong enough to last 10 years.
If you travel internationally, it may be worth your while to renew now before your state embeds RFIDs in passports. Either way, you should be more cognizant of security vunerabilities with RFIDs and how it can impact you.
Be safe.
Trackbacks
Use the following link to trackback from your own site:
http://www.morethanpoints.com/trackbacks?article_id=26