Subscribe
Blog / Podcast Readers
NEWSGATOR YAHOO
BLOGLINES ITUNES
DEL.ICIO.US DIRECT RSS

Travel Security and Function Creep: Thinking about the ePassports in the Long Term

by Burt Kaliski on 9/16/2005
Topics: Encryption | Identity Protection | RFID

For several years, the U.S. State Department has vigorously pursued plans for RFID enhancement of passports--both for U.S. citizens and visiting nationals. The initial ePassport designs, as described in State Department memoranda, lacked basic privacy protection features, like encryption of information transmitted between the passport and reading devices. This was a problem: Passports carry sensitive information, of course, like birth dates, place of birth, and so forth--precisely the type of information that identity thieves prize.

Last month, USA Today ran an article describing laudable changes in the State Department design. Passports will have radio shielding in their covers, to prevent unwanted scanning when the passport is closed. The data they carry will be encrypted. The decryption key will be printed optically on the passport so that immigration officers--or anyone else reading the passport--must have physical possession of it. These features will go a long way toward protecting the sensitive data on passports. (Note, though, that in some countries, like the Netherlands, this may be insufficient.)

Commentators like Bruce Schneier have given the nod to the new design. But I can't shake off a few lingering concerns. (I credit my colleague Ari Juels, one of the clearest thinkers I know on this topic, and a leader on our research on RFID security and privacy, for helping me clarify the issues.)

Chief among these is function creep. The State Department passport design conforms to a set of guidelines published by an international body called ICAO (the International Civil Aviation Administration). Among other aims, those guidelines seek to "[provide] a path to the use of ePassports to facilitate biometric or e-commerce applications." (See p.22; ePassports are viewed as a possible foundation for a PKI.) If you project into the future, this statement seems to mean that businesses could come to rely on your ePassport for commercial transactions.

The ICAO guidelines don't provide mechanisms for fine-grained access to personal information in the passport. So it is conceivable that travelers may enable others to access information like date of birth and elements of their travel history when they check into a hotel--or buy a pack of chewing gum. They may even reveal their fingerprints: Although the present generation of ePassports in the U.S. will only carry digital images of faces, the ICAO guidelines provide for inclusion of other biometric information. (An ePassport, due to cost and implementation constraints, will likely need to rely on an external computer system to do the fingerprint matching--hence the avenue for presenting the biometric information to the other parties.)

ePassports may well tighten security in ports of entry. I think it would be a good idea for ICAO and the U.S. State Department, however, to think through other intended or possible uses well in advance. In the quest for better travel security, let's not compromise long-term privacy and security in other areas. A careful design of access control to personal information on the passport is a first step.

Comments
RFID chip problem not evident

FYI: I have been able to destroy (very silently) most card embedded chips with a cool device. A small vacuume leak detector probe can turn a RFID chip into a brain dead polititian in less than one second. After hitting the tag with 17000 volts of HF energy the tag is left about as intelligent as a grain of sand. no data, no signal, nothing.

This is so easy to do... and who would be able to pinpoint why the ID card no longer works? (Home made censorship) How reliable is this scheme? Await your comments

Jerry

- J Seheltgen
Other ways to Zap RFIDs

Or, you could put the tag in a microwave oven. But if you think you might want the tag to still work for your own advantages, but not for others', a more selective approach like the RSA Blocker Tag might be a better match.

- Burt Kaliski
Tagzapper: Font Page news Wall Street

Another great tool to use to burn the RFID chip is the Tagzapper. It was mentioned in the April 10th Wall Street Journal

- James

Post A Comment

Your Name
Your Email Publish email?: Yes No
Your Blog
Subject
Comment
Verification Word
© 2010 RSA Security. All rights reserved | Privacy | Legal | Site Map

RSA, The Security Division of EMC, provides Secure Data, Compliance, SIM, SEM, SIEM, PCI, Consumer Identity, Two-Factor Authentication, Custom Applications, Consulting, Assessment, and other security solutions and services to over 90% of the Fortune 500.
 
Access Control |  Authentication and Identity Assurance |  Credential Management |  Data Loss Prevention |  Data Encryption and Key Management |  Fraud Prevention |  Security Information and Event Management |  Log Management |  IT Compliance |  ISO 27002 Compliance |  Information Risk Management for Financial Services |  Payment Card Industry Data Security Standard | 
 
RSA Access Manager
RSA BSAFE
RSA eFraudNetwork
 RSA Data Loss Prevention
RSA Consumer Solutions
RSA FraudAction
 RSA Digital Certificate Solutions
RSA Encryption/Key Management
RSA Enterprise Data Security
 RSA enVision
RSA SecurID
RSA Smart Cards

 RSA Federated Identity Manager
RSA Adaptive Authentication