This was on Wired yesterday (posted on Slashdot). I think it highlights the importance of thinking deeply about how these proposed identity systems work. The other security flaw is the ‘integrity’ of the databases that the passport system is built on.
A German computer security consultant has shown that he can clone the electronic passports that the United States and other countries are beginning to distribute this year.
The controversial e-passports contain radio frequency ID, or RFID, chips that the U.S. State Department and others say will help thwart document forgery.
“The whole passport design is totally brain damaged,” Grunwald says. “From my point of view all of these RFID passports are a huge waste of money. They’re not increasing security at all.”
Grunwald plans to demonstrate the cloning technique Thursday at the Black Hat security conference in Las Vegas.
The United States has led the charge for global e-passports because authorities say the chip, which is digitally signed by the issuing country, will help them distinguish between official documents and forged ones. The United States plans to begin issuing e-passports to U.S. citizens beginning in October.
Although countries have talked about encrypting data that’s stored on passport chips, this would require that a complicated infrastructure be built first, so currently the data is not encrypted.
“And of course if you can read the data, you can clone the data and put it in a new tag,” Grunwald says.
The cloning news is confirmation for many e-passport critics that RFID chips won’t make the documents more secure.
“Either this guy is incredible or this technology is unbelievably stupid,” says Gus Hosein, a visiting fellow in information systems at the London School of Economics and Political Science and senior fellow at Privacy International, a U.K.-based group that opposes the use of RFID chips in passports.
Open Standards have interesting consequences…anyone can use them… it also highlights the need to have ‘social’ fabric underlying any identifier system/network.
Grunwald says it took him only two weeks to figure out how to clone the passport chip. Most of that time he spent reading the standards for e-passports that are posted on a website for the International Civil Aviation Organization, a United Nations body that developed the standard. He tested the attack on a new European Union German passport, but the method would work on any country’s e-passport, since all of them will be adhering to the same ICAO standard.
How did he do it?
- Grunwald then prepared a sample blank passport page embedded with an RFID tag by placing it on the reader — which can also act as a writer — and burning in the ICAO layout, so that the basic structure of the chip matched that of an official passport.
- As the final step, he used a program that he and a partner designed two years ago, called RFDump, to program the new chip with the copied information.
- The result was a blank document that looks, to electronic passport readers, like the original passport.He obtained the reader by ordering it from the maker — Walluf, Germany-based ACG Identification Technologies — but says someone could easily make their own for about $200 just by adding an antenna to a standard RFID reader.
Why it is a security failure…
The demonstration means a terrorist whose name is on a watch list could carry a passport with his real name and photo printed on the pages, but with an RFID chip that contains different information cloned from someone else’s passport. Any border-screening computers that rely on the electronic information — instead of what’s printed on the passport — would wind up checking the wrong name.
This is drawn from David Temoshok’s Talk. He is the Director of Identity Policy and Management GSA Office of Government Policy
Homeland security directive 12
“Policy for Common Identification Standard For Federal Employees and Contractors” – August 2004
HSPD 12 Requirements
1. Secure and reliable forms of personal identification that are:
- Based on sound criteria to verify an individual employeeâ€™s identity
- Strongly resistant to fraud, tampering, counterfeiting, and terrorist exploitation
- Rapidly verified electronically
- Issued only by providers whose reliability has been established by an official accreditation process
2. Applicable to all government organizations and contractors except National Security Systems
3. Used for access to federally-controlled facilities and logical access to federally-controlled information systems
4. Flexible in selecting appropriate security level â€“ includes graduated criteria from least secure to most secure
5. Implemented in a manner that protects citizensâ€™ privacy
Expanding Electronic Government
Needing Common Authentication Services for
- 280 million Citizens
- Millions of Businesses
- Thousands of Government Entities
- 10+ Million Federal Civilian and Military Personnel
You can learn more on the GSA website – http://www.gsa.gov/aces
A while back there was the DIY RFID that I blogged about. Today there is this story in the Financial Times about exclusive clubs offering their most prestigious patrons embedded chips the size of a rice grain to give them privileged access to their clubs. It has a whole history of this technology.
One night in Barcelona last year, a young Dutchman named Antoine Hazelaar received a strange proposition from the owner of a local nightspot, the Baja Beach Club. The club had just started a new programme called VipChip, he was told, and for E125, a qualified nurse could inject a device the size of a grain of rice, a VeriChip, into his upper arm. Once implanted, it would transmit an ID number to a scanner that would recognise Hazelaar as a special customer, so he wouldn’t have to wait in line and would get access to a private lounge. Since he would be one of the first people to be injected, the nightclub’s management would waive the initiation fee.
Hazelaar agreed. At about 8pm one spring evening, in front of a throng of journalists, he sat down on a sofa in the cavernous Baja with another Dutch expat and a Spanish woman, ready to be injected. Bandages, needles and syringes were ceremoniously laid out on a cocktail table. Thanks to a local anaesthetic, Hazelaar didn’t feel the long shaft, about the size of a large sewing needle, as it entered his flesh. He didn’t feel the chip either, and a year later, he still doesn’t. “I forgot that I had it until you called,” he said.
Now, every time Hazelaar visits the Baja, he strides past the queue outside and goes straight to the doorman, who scans his arm until his name and photograph pop up on a computer screen. When he goes through another checkpoint at the special VipChip lounge, the number under his flesh becomes a payment instrument, like a loyalty card at Starbucks.
A waitress runs a scanner over his right bicep and the cost of a drink is deducted from his account.
As it turns out, Hazelaar became one of the world’s first human debit cards. But he wasn’t the last. The Baja now has 90 implanted VIPs; there are 70 at its sister club in Rotterdam, which opened last November. Even though the injection now costs E1,500 per person – including a E500 drinks credit – both establishments have waiting lists. Club co-owner Conrad Chase, a former star of the Spanish version of Big Brother, says his group might expand to Valencia and Hamburg, where they will also offer VipChip membership.
Some might say that this technology was inevitable, but how has this slightly creepy device become even remotely popular? And will it one day become part of everyday life?
Ultimately, the choice is fear versus fear. What makes people feel most vulnerable? A hacker running up to them with a scanner, or news stories of rampant ID theft, infant abductions, botched surgeries, convicts on the run and terrorists among us? The VeriChip may be an extreme solution for extreme times, but the days when it could be dismissed as futuristic fancy are clearly long past.