Risk of Using RFID chips in Passports - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

Risk of Using RFID chips in Passports

Description:

Risk of Using RFID chips in Passports Oscar Mendez – PowerPoint PPT presentation

Number of Views:84
Avg rating:3.0/5.0
Slides: 10
Provided by: CalS177
Category:

less

Transcript and Presenter's Notes

Title: Risk of Using RFID chips in Passports


1
Risk of Using RFID chips in Passports
  • Oscar Mendez

2
Department of State
  • Globally Interoperable
  • It will not permit tracking'' of individuals.
  • The new passport document is itself highly tamper
    resistant.
  • The passport data on the chip does not require
    encryption in order to be secure and protected
  • Source http//edocket.access.gpo.gov/2005/05-212
    84.htm Oscar Mendez

3
Privacy And Security Concerns
  • Access to Readers to the open market
  • Other countries do not have the same standards
    for security.
  • The passport can be read at a distance without
    the knowledge of the individual
  • Americans can be a target when overseas


  • Oscar Mendez

4
State department The contactless smart chip
that is being used in the electronic passport is
a passive chip'' that derives its power from
the reader that communicates with it. It cannot
broadcast personal information because it does
not have its own source of power. Readers that
are on the open market, designed to read Type A
or Type B contactless chips complying with
International Standards Organization (ISO) 14443
and ISO 7816 specifications, will be able to
communicate with the chip. This is necessary to
permit nations to procure readers from a variety
of vendors, facilitate global interoperability
and ensure that the electronic passports are
readable at all ports of entry. Source
http//edocket.access.gpo.gov/2005/05-21284.htm
Oscar Mendez


5
Technical information
  • STMicroelectronics
  • Manufacturer of read Type A or Type B contactless
    chips.
  • Provided a complete technical information of the
    chips
  • On the web.
  • Everybody has access to this information.
  • http//www.st.com/stonline/books/pdf/docs/8880.pdf
    Oscar Mendez

6
(No Transcript)
7
Johns Hopkins University RSA
  • REVERSE ENGINEERED
  • The Exxon-Mobil Speedpass uses a
    cryptographically-enabled tag manufactured by
    Texas Instruments, called the Digital Signature
    Transponder (DST), which incorporates a weak,
    proprietary encryption scheme to perform a
    challenge-response protocol. In 2005, researchers
    from RSA Labs and Johns Hopkins University
    reverse engineered the algorithm and were able to
    clone Speedpass tags .
  • http//www.rfidanalysis.org
    Oscar Mendez

8
  • From Vrije University Amsterdam
  • Up until now, everyone working on RFID
    technology has tacitly assumed that the mere act
    of scanning an RFID tag cannot modify back-end
    software, and certainly not in a malicious way.
    Unfortunately, they are wrong. In our research,
    we have discovered that if certain
    vulnerabilities exist in the RFID software, an
    RFID tag can be (intentionall) infected with a
    virus and this virus can infect the backend
    database used by the RFID software. From there it
    can be easily spread to other RFID tags. No one
    thought this possible until now. Later in this
    website we provide all the details on how to do
    this and how to defend against it in order to
    warn the designers of RFID systems not to deploy
    vulnerable systems.
  • Source http//www.rfidvirus.org/
    Oscar Mendez

9
  • The US State Department initially rejected
    privacy concerns on the grounds that they
    believed the chips could only be read from a
    distance of 10 cm (4 in), but in the face of
    2,400 critical comments from security
    professionals, and a clear demonstration that
    special equipment can read the test passports
    from 10 m (33 feet) away, the proposal was
    reviewed. RFID passports will start to be issued
    in mass distribution in October 2006.29 In
    November 2005, the State Department stated that
    as of October 2006 all US passports will contain
    RFID chips with some security features. The
    passports will be shielded to prevent skimming.
    The department will also implement Basic Access
    Control (BAC), which functions as a Personal
    Identification Number (PIN) in the form of
    characters printed on the passport data page.
    Before a passport's tag can be read, this PIN
    must be inputted into an RFID reader. The BAC
    also enables the encryption of any communication
    between the chip and interrogator.
  • http//www.wired.com/news/privacy/0,1848,67333,00.
    html

  • Oscar
    Mendez
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Risk of Using RFID chips in Passports" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!