Physical Devices

This was on Wired yesterday (posted on Slashdot). I think it highlights the importance of thinking deeply about how these proposed identity systems work. The other security flaw is the ‘integrity’ of the databases that the passport system is built on.

A German computer security consultant has shown that he can clone the electronic passports that the United States and other countries are beginning to distribute this year.
The controversial e-passports contain radio frequency ID, or RFID, chips that the U.S. State Department and others say will help thwart document forgery.
“The whole passport design is totally brain damaged,” Grunwald says. “From my point of view all of these RFID passports are a huge waste of money. They’re not increasing security at all.”
Grunwald plans to demonstrate the cloning technique Thursday at the Black Hat security conference in Las Vegas.
The United States has led the charge for global e-passports because authorities say the chip, which is digitally signed by the issuing country, will help them distinguish between official documents and forged ones. The United States plans to begin issuing e-passports to U.S. citizens beginning in October.
Although countries have talked about encrypting data that’s stored on passport chips, this would require that a complicated infrastructure be built first, so currently the data is not encrypted.
“And of course if you can read the data, you can clone the data and put it in a new tag,” Grunwald says.
The cloning news is confirmation for many e-passport critics that RFID chips won’t make the documents more secure.
“Either this guy is incredible or this technology is unbelievably stupid,” says Gus Hosein, a visiting fellow in information systems at the London School of Economics and Political Science and senior fellow at Privacy International, a U.K.-based group that opposes the use of RFID chips in passports.

Open Standards have interesting consequences…anyone can use them… it also highlights the need to have ‘social’ fabric underlying any identifier system/network.

Grunwald says it took him only two weeks to figure out how to clone the passport chip. Most of that time he spent reading the standards for e-passports that are posted on a website for the International Civil Aviation Organization, a United Nations body that developed the standard. He tested the attack on a new European Union German passport, but the method would work on any country’s e-passport, since all of them will be adhering to the same ICAO standard.

How did he do it?

1. Grunwald then prepared a sample blank passport page embedded with an RFID tag by placing it on the reader — which can also act as a writer — and burning in the ICAO layout, so that the basic structure of the chip matched that of an official passport.
2. As the final step, he used a program that he and a partner designed two years ago, called RFDump, to program the new chip with the copied information.
3. The result was a blank document that looks, to electronic passport readers, like the original passport.He obtained the reader by ordering it from the maker — Walluf, Germany-based ACG Identification Technologies — but says someone could easily make their own for about $200 just by adding an antenna to a standard RFID reader.

Why it is a security failure…

The demonstration means a terrorist whose name is on a watch list could carry a passport with his real name and photo printed on the pages, but with an RFID chip that contains different information cloned from someone else’s passport. Any border-screening computers that rely on the electronic information — instead of what’s printed on the passport — would wind up checking the wrong name.