Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security IT

Schneier On Security Weblog 5

Posted by timothy from the fresh-jams dept.
Daedala writes "Bruce Schneier now has a weblog that reprints the Crypto-gram newsletter and essays. The information will be posted more often than the once-a-month email. The recent op-ed piece for the International Herald Tribune on RFID passports is scary."
This discussion has been archived. No new comments can be posted.

Schneier On Security Weblog More

Schneier On Security Weblog

Comments Filter:

  • Schneier is probably overanxious about passports (Score:4, Interesting)

    by swillden ( 191260 ) * <shawn-ds@willden.org> on Wednesday October 06, 2004 @01:37AM (#10448028) Journal

    The recent op-ed piece for the International Herald Tribune on RFID passports is scary.

    Maybe, but it's also possible that Schneier has fallen into a common confusion between RFID and contactless smart cards.

    If the administration really is proposing to use RFIDs, then they're being stupid (no shock there). The term RFID is used, by convention, to refer to devices that communicate over RF but are fairly stupid. The most common ones simply spew their recorded information any time they're powered up by an appropriate RF field. This seems to be what Schneier is assuming.

    Contactless smart card chips are ultimately the same technology as a high-end RFID -- a microprocessor chip with a radio transciever, operating on inductively supplied power -- but the design principles and assumptions are radically different. Smart cards have the ability to perform cryptographic operations and to make decisions based on the results of those operations. For an electronic passport the obvious design is to configure the chips to require a cryptographic authentication before they're willing to divulge the data. Of course, only authorized, government-owned and -managed readers should have the keys needed to authenticate to the chips. More precisely, only the back-end servers connected to the authorized devices should have those keys, and they should be secured in tamper-reactive hardware, and in a secure facility.

    Given a system like that, the likelihood of anyone other than an authorized government agent being able to read your passport is next to nil, so put that fear to rest (assuming these aren't really RFIDs and I have seen some indications elsewhere that they're not).

    As far as the other concern goes... it's possible, but easy enough to defeat. Just put your passport in a metallized sleeve.

    • Yeah, but even considering the gouvernments implement such a system, and do so in a totally secure way, this will means that other govt. departments than customs can read your passport.

      Just don't take it to an anti-war demonstration ;)

      BTW, the cops/secret services/... are anyway shooting the demonstrations and other subvsersive activities with plain old cameras. They don't need RFID to do so.

    • Re:Schneier is probably overanxious about passport (Score:4, Insightful)

      by syrinje ( 781614 ) on Wednesday October 06, 2004 @05:27AM (#10448725)
      I agree that contactless smart cards are more secure than plain old RFID systems (PORS). However, given the usage model for a passport, it is highly unlikely to be a design option for passports.

      A typical passport must be
      a. Writeable and readable by the issuing authority
      b. Readable by the passport scanners of ANY country that the holder cares to travel to (assuming universal deployment of this technology which, admittedly, might be a tad unrealistic today). In any case, it must be readable by say, a dozen or so countries.

      In a typical contactless smart card solution, you would wave the card in the vicinity of a scanner which
      (i) either embeds the required crypto intelligence to talk to the card (issuer entity same as scanner entity)

      or

      (ii) is connected to a backend-crypto server that acts as a clearing house and mutually authenticates a "Card from Issuer A " and a "Scanner from Entity B" so that they can establish a trust relationship on the basis of which to communicate.

      In the case of contactless smart passports, this will require the establishment of a crypto-exchange that allows all member countries' scanners to read passports encrypted by any of the other member countries. Key management, security, key exchange and fault management are horrendously difficult in deployments like this.

      The apparent benefit of "contactlessness" in this situation is far outweighed by its complexity of deployment, cost of management and cumbersomeness of use.

      Ergo, closing the gap to make a passport based on a contact smart chip is a much simpler, robust and viable solution. All that is required is a reality check that recognises the hype of card-waving for what it is.

      • In the case of contactless smart passports, this will require the establishment of a crypto-exchange that allows all member countries' scanners to read passports encrypted by any of the other member countries. Key management, security, key exchange and fault management are horrendously difficult in deployments like this.

        No, they're not. There are well-established procedures for carrying out exchanges like this; the financial community does it all the time to establish Zone Master Keys. The US military

Slashdot Top Deals

Marriage is the triumph of imagination over intelligence. Second marriage is the triumph of hope over experience.

Close