The offline nature of passport data makes it impossible to validate in any meaningful way. This weakness made it easy for hackers to devise systems for cloning and modifying passport RFID chips.
I'm surprised it took this long: Hackers have released the specs
and tools to clone and modify the RFID chips in U.S. passports.
ago when the plan to issue them was first widely discussed, I asked what purpose
they served and pointed out obvious problems with them
. As far as I can
tell, e-passports remain a problem born of the notion that a more sophisticated
identity system is a better one.
The hackers who revealed the RFID cloning details described how the system
works. I believe they draw some questionable conclusions that call for further
analysis. In a
blog further examining their findings
(The Hackers Choice) points out that the terminal that reads the e-passport
accepts self-signed data, as opposed to data signed by a CA (certificate
Self-signed certificates are, as
I have written before
, inherently untrustworthy. I quoted Michael Barrett of PayPal as saying
, "In the case of
self-signed certificates it's almost impossible to see how any technology can
disambiguate between legitimate uses and criminal ones." That's the case
with passports-an accurate clone cannot be detected.
The hackers then go on to argue that a CA would not be a good solution
because it would be a single point of failure, a potential vulnerability in the
system. This is going several steps too far, and missing the real problem in
the passport system.
Arguing that a CA is a single point of failure is an argument against the
whole SSL infrastructure. Is Amazon.com or Chase.com
insecure because the VeriSign Trust Network
could go down? Yes, but it's way down the list of problems that could
reasonably be expected to develop.
CAs are, as a general rule, reliable, and I would argue that
the data in them is relatively static, so even if one went down for a short
period, local caches would be an adequate stopgap.
They also argue that the single CA would need to be trusted by all
governments. Yes, it would for U.S.
passports. Freedonia and Sylvania
can choose their own certificate authorities for their passports if they choose
to make such an implementation. If, for example, they choose to use the Russian
Business Network as their CA, we might take that into account in our
evaluations of the trustworthiness of their electronic passports, but the THC
claim that CAs somehow take governments out of the decision-making process for
passports is wrong. The THC also gives a
phony example claiming to show that Freedonia could create a Sylvania
passport, but it doesn't make sense.
Why didn't the system incorporate certificate authorities? Because it was
designed to operate offline, or at least that's the way it appears to me. They
didn't want to assume they could get reliable Internet access everywhere they
might want to read passports. And the fact that they had such a constraint is
the best reason not to do e-passports at all because it meant that the
passports could not be properly authenticated. Of course, having the systems
online would also mean securing them properly, which may have been another
disincentive to having them online. It all adds up to, "Why bother?"
The hackers go too far one more way by implying that the ease with which
passport chips may be cloned means that passports themselves may be easily
cloned. In fact, the printed parts of passports look to me to be extremely
difficult to counterfeit. And yes, you could take your passport and put a clone
chip in for another person, but that sounds like a good way to get yourself a
free stay in the holding cell at the airport and multiple body cavity searches.
The government surely knows this. The one time I traveled abroad recently, my
wife had a new e-passport and I don't remember anyone not scrutinizing the
physical printed data. To the extent that they recognize that the electronic
data cannot be trusted, it can't be harmful, but then what purpose does it
My feeling is that, post-9/11, there was a mandate to "modernize"
our identification systems and make them more sophisticated. But a more
sophisticated system isn't necessarily a better one. Nothing will replace the
human being reading the passport and comparing it to the human in front of him.
The little white elephants inside the passports won't really have an impact.
Editor Larry Seltzer
has worked in and written about the computer industry since 1983.
For insights on security coverage around the Web, take a look at eWEEK.com
Security Center Editor Larry Seltzer's blog Cheap Hack