Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus.
The nfoCentrale Blog Conclave
nfoCentrale Associated Sites
ACM News Service: Feds Rethinking RFID Passport. As noted by Bruce Schneier as well, the International Civil Aviation Organization has come up with a Basic Access Control protocol for security of RFID chips and their contents in passports. The US State Department is considering adoption of the approach in response to public comments and realization that RFIDs may be readable at greater distances than intended. This seems to involve a challenge response scheme using physical information on the passport folder as part of the conditioning scheme. The BAC seems to operate as follows:
Kim Zetter’s 2005-04-26 Wired News article has more information including links to a number of papers on the specifications, trials conducted with BAC-implementing devices, and an analysis that identifies some weaknesses. The article indicates that BAC has been tested and done well, other than for the slowness introducd in the use of cryptography. There are also some defects in the scheme, but these are not thought to be critical. It is the case that the RFID is presumed to be read-only, and PKI techniques are used.
The basic concern of the comments on Schneier’s article seems to be that even transmitting an encrypted response reveals too much about the bearer. Simply obtaining the RFIDs pong may reveal all the information that a terrorist needs. And other out-of-band failures may occur, such as timing attacks and related ways of gaining enough information to carry off an exploit (including the ultimate denial of service, death of the bearer). Secondly, if there is no shared secret, the contents of the RFID message can be obtained by a replay attack. Based on my sketch, above, derived from a quick review of the available documents, this is not so likely if the recommendations made in the defect analysis are instituted, including having the RFID generate session UIDs via some random scheme. The recommended precautions in an undated analysis by Juels, Molnar, and Wagner seem reasonable to provide in the case of US passports and entry to the US, because the US scanners will have the prerequisite capabilities.
I have the sense that not all passports need provide the maximum set of security provisions, and not all readers need demand them. The minimal case is use of the physical passport and its markings and enclosures alone. One concern of the authors of the weakness analysis is not the limited application of the scheme for passports, where it seems to be reasonably well-suited. They express concern over function creep and application of the scheme in other settings where there can be unintended consequences of threats and interactions not foreseen for the ICAO use case. If P(RFID) can be altered—for visa information, say—there are new difficulties to consider.
|You are navigating Orcmid's Lair.|