Spy Blog: "Contactless RFID Biometric Passports in the UK - same risks as US RFID Passports"

April 01, 2005

Spy Blog:

"There has been some comment online regarding the privacy and security risks of the forthcoming United States Biometric Passports, and the Department for Homeland Security's plans for Federal Employee Smart ID Cards, as outlined by this Wired article and the RFID Kills website.

However it should be remembered that the United Kingdom Passport Service is planning to issue very similar Biometric Passports, to the same International Civil Aviation Organisation standards for Machine Readable Travel Documents at almost the same time as the United States."

"Privacy International have published an analysis of the Passport Service's 5 year plan and the confusion with the controversial National Identity Register and ID Card scheme."

"As Stefan Brands writes,

"remember, the privacy activist is nowhere near as technically sophisticated as you are but can smell a universal identifier from a mile away" "

"RFID Contactless Biometric smartchips, embedded in a United Kingdom passport will introduce exactly the same risks to personal privacy and safety a sthe United States RFID Biometric Passport, making us more vulnerable to criminals and terrorists than using the alternative and well understood contact smarcards, e.g. like Chip & PIN credit cards etc. We have been pointing these sort of risks with RFID tags, especially if they are ever used by our military armed forces, for over two years now, but only recently have some of the media started to pick up on these potential risks."

"Even if strong encryption is incorporated at some point in the message exchange protoocol between the Passport chip and the reader device, the initial part of the handshake will be unencrypted and easily recognisable as a United Kingdom or United States passport,

Even if strong encryption is used, there is simply no way to protect against man-in-the-middle attacks by rogue passport reader equipment which an attacker has placed between a genuine Passport reader and the victim's RFID passport, which cannot communicate with the genuine Reader , because of the alleged "security feature" of a restricted range for the normal operation of the RFID radio link."

Cross posted from Spy Blog


Posted by wtwu

Comments

>Even if strong encryption is used, there is >simply no way to protect against man-in-the->middle attacks by rogue passport reader >equipment which an attacker has placed between a >genuine Passport reader and the victim's RFID >passport, which cannot communicate with the >genuine Reader , because of the >alleged "security feature" of a restricted range >for the normal operation of the RFID radio link."

"Man in the middle" attack? You are proposing that this can be successfully implemented between the passport reader in a US Immigrations officer's booth and the passport itself? The ISO/IEC 14443 range is restricted to approx. 3.94 inches!

If this is the case, US Immigration security is already so compromised that reading a key exchange is the least of your worries. In that case, why worry about whether the front door is bolted when the terrorists have already vaulted the moat and burned down the castle?

David Tomlinson
Principal Architect
EACG, Inc.

Posted by: David Tomlinson at April 6, 2005 07:47 PM

>Even if strong encryption is used, there is >simply no way to protect against man-in-the->middle attacks by rogue passport reader >equipment which an attacker has placed between a >genuine Passport reader and the victim's RFID >passport, which cannot communicate with the >genuine Reader , because of the >alleged "security feature" of a restricted range >for the normal operation of the RFID radio link."

"Man in the middle" attack? You are proposing that this can be successfully implemented between the passport reader in a US Immigrations officer's booth and the passport itself? The ISO/IEC 14443 range is restricted to approx. 3.94 inches!

If this is the case, US Immigration security is already so compromised that reading a key exchange is the least of your worries. In that case, why worry about whether the front door is bolted when the terrorists have already vaulted the moat and burned down the castle?

David Tomlinson
Principal Architect
EACG, Inc.

Posted by: David Tomlinson at April 6, 2005 07:47 PM

The distance doesnt matter if you do a relay attack.

Posted by: RFID Attacker at August 28, 2005 12:50 AM
Post a comment









Remember personal info?