The official full-scale, rollout of the United States’ controversial electronic passport initiative began this week, reports ABC News and C/Net.
The new passports, with their metal linings and shared-key encryption, are said to address most of the concerns that have been raised by privacy advocates and security professionals. The lining prevents the RFID chips from being read while the passport is closed, and the encryption makes attempts to clone the RFID chips less attractive, since the data that’s being copied is encrypted and can’t be altered by the cloner.
Of the 15 million e-passports to be issued by the end of the year, several million will be equipped with Infineon chips. Infineon, which is located in Munich, is supplying chips for e-passport to several other countries, including Germany, Norway and Sweden.
The RFID passports (FAQ) were fraught with criticism, delays, and unsupportable claims for the devices’ security, said ArsTechnica.
According to ArsTechnica:
As it turns out though, these security measures undermine the rationales given by the government for opting for contactless RFID instead of plain old smart cards in the new passports. Originally, the attraction of RFID is that it could be read at a distance with the passport closed. Now that users not only will have to present and open passport, but they’ll also have to have the passport’s public encryption key read by an optical scanner, they might as well just be swiped through a contact-based scanner.
Infosec guru Bruce Schneier has pointed out that, even with the new security measures, the RFID passports still have some problems.
In the “known unknowns” category are potential problems associated with each RFID chip’s unique “collision identifier.” RFID makers are secretive about the way that these collision IDs work, but they can apparently be used to distinguish among different RFID chips even without first decrypting the data on the chip.
The “unknown unknowns” part of the problem arises from the fact that the whole passport design process has been done in secret, with State rushing these new passports out to the public without a thorough, open, industry-wide vetting by security experts.
Eventually, the plan is to encode biometric ID data (e.g. fingerprints, and maybe retinal scans) in addition to the digital picture already included; such sensitive data will make electronic passports an even more tempting target.
Privacy groups continue to raise concerns about the security of the electronic information and a German computer security expert earlier this month demonstrated how personal information stored on the documents could be copied and transferred to another device. The cloning technique demonstrated in Las Vegas recently is simple: it requires only a laptop equipped with a $200 RFID reader and a smart card programmer. The laptop’s software scanned information from the RFID chip and wrote it to the smart card, which can then be embedded in a fake passport.
State Department spokesman Kurtis Cooper is confident that security features built into the book would foil would-be imposters.
Electronic cloning does not constitute a threat because the information on the chips, including the photograph, is encrypted and cannot be changed, according to the Smart Card Alliance, a New Jersey-based not-for-profit made up of government agencies and industry players.
In 2005 the United States issued 10.1 million passports and is on track to issue 13 million in 2006.
Related DailyWireless articles include, RF-ID Gets Smart, Real ID, 06-06-06, RF-ID Implants, No Encryption for RF-ID Passport, $10B Contract for People Tracking, Visa Tracking, Container Tracking, Port Security with RF-ID, RF-ID Tracking Pills, Mad Cow RF-ID, Handheld RF-ID Readers, Airport RF-ID, Tracking RF-ID, Digital Angel, RF-ID: From Soup to Nuts, Tracking Ship Movements – And You, Homeland Insecurity, Marathon RF-ID Tagging Port Security with RF-ID, Intelligent Transportation, RF-ID Tracking from Space?, Handheld Facial Recognition, Minority Report, The Matrix, the Matrix Expands and Matrix Shrinks.
