Are new passports [an] identity-theft risk?

Krister Walfridsson cato at df.lth.se
Sat Oct 23 18:52:33 EDT 2004


On Fri, 22 Oct 2004, Perry E. Metzger wrote:

> I don't know who *else* has said it, but I've said this repeatedly at
> conferences. With phased arrays, you should be able to read RFID tags
> at surprising distances, and in spite of attempts to jam such signals
> (such as RSA's proposed RFID privacy mechanism).

One thing that I have seen confuse people writing about the
new passports is that RFID may mean different technologies.  So
I'd like to mention that the passports will not use the simple
bar-code kind of RFID tags -- they will use chip cards
communicating over ISO/IEC 14443.

The current technology has big problems with working at a distance
(in fact, the tests done with COTS 14443 readers shows that most
have problems with reading passport-like cards even when placed at
the optimal distance...), but I don't know enough about antenna
technology to be able to guess what can be done by a dedicated
attacker...

    /Krister


PS.  Most of the MRTD (Machine Readable Travel Documents) specifications
are available at http://www.icao.int/mrtd/Home/index.cfm.

PPS. Most people on this list seems to be interested in the US
passport, so you may be interested in that the US department of
state, and department of homeland security, seems to be doing a
pilot of the new passport.  The RFP is available from:
   http://www.statewatch.org/news/2004/jul/us-biometric-passport-original.pdf
with some consolidated Q and A at
   http://www.statewatch.org/news/2004/jul/us-biometric-passport-QandA.pdf


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list