Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Biometric passports an insecure menace says EU funded agency

  • 11-11-2006 8:31am
    #1
    Closed Accounts Posts: 2,055 ✭✭✭


    The EU-funded FIDIS (Future of Identity in the Information Society) project has warned that implementation of the current generation of biometric travel ID will dramatically decrease security and privacy, and increase the risk of identity theft. In the Budapest Declaration, which derives from FIDIS' September meeting in Budapest, FIDIS calls for short-term damage control measures to be taken (because biometric ID is already being rolled out), and for "a new convincing and integrated security concept" to be developed within the next three years.
    FIDIS points out that the new generation of biometric Machine Readable Travel Document (MRTD) is remotely readable at a distance of 2-10 metres, and that current security simply isn't good enough to protect it. Access control is "susceptible to circumvention or hacking" and there is "risk of ubiquitous, unobserved authentication to MRTD data by authorised or unauthorised third parties, enabling tracking of people carrying a passport". The most significant problems with these MRTDs are, says FIDIS:

    - Biometrics in MRTDs currently cannot be revoked and since biometric features of the users such as fingerprints and facial features cannot easily be changed, "stolen" biometrics can be abused for a long period of time

    - Insufficient key management with BAC: The key to access data on the RFID tag is stored on the passport itself and can be read by humans and machine scanners. This means that anybody who has had physical access to the passport and e.g. made an optical copy, could store the key information and use it to access data on the RFID tag

    - Eavesdropping of communication between RFID tag and reader and brute force attack on BAC using documented cryptographic weaknesses to discover data

    - Cloning of RFID tags in MRTDs

    - Abuse of the remote readability of RFID tags in passports, for e.g. person sensitive ignition of ‘smart bombs’

    FIDIS' proposed short-term damage-control measures should be of particular interest to those who - like, say, the UK Home Office - propose to use ICAO standard biometric travel ID more broadly, both in the public and private sectors. Don't, says FIDIS. Use of MRTDs should be confined to its defined purpose of "authentication of international travellers" and they should "not be extendable to authentication in the private sector."

    Citizens should be made aware of the risks of handing the documents over to private organisations (say, hotel registration), and "security measures such as Faraday cages should be integrated immediately into current MRTDs by the European member states". Which is a trick we'd like to see for biometric ID cards, cards not generally coming with covers, which is where you'd put the Faraday cage if your passports were fitted with them. Which in the case of the UK at least, they aren't.

    And alongside these measures, steps should be taken to deal with the failure of biometric authentication due to false rejection or enroll errors, and we should be planning to combat MRTD-perpetrated ID and data theft.
    In the longer term, a complete re-evaluation and redesign should be carried out, and it should be considered "whether these technologies are actually necessary, or if technologies which are more secure and privacy-preserving (such as contact smartcards instead of contactless mechanisms) are sufficient." Could we all be going to wake up in ten years time and conclude biometric ID was a really dumb idea? It's a thought. (FIDIS home) ®

    http://www.theregister.com/2006/11/10/fidis_budapest_mrtd_declaration/

    .probe


Comments

  • Registered Users, Registered Users 2 Posts: 1,193 ✭✭✭liamo


    Identity theft possibility = business opportunity.

    http://www.rfid-shield.com/products_passport.php


  • Closed Accounts Posts: 1,567 ✭✭✭Martyr


    politicians are crooks, just more cunning than your average terrorist. haha

    "the most ruthless, the most devious, the most cunning of them all"

    its not about who can develop the most secure, robust hardware/software solution, but rather who can develop it on time & on budget.
    You don't say "no" in business, you cannot be honest either..you gotta lie, otherwise you lose your customers, just the same in politics, you secure the publics vote by making false promises to them.

    i don't know anything about politics, but that much is pretty clear to me.

    we see the problems that were created with e-voting software by diebold. it was full of insecure code & flaws, not to mention the diebold employees.
    Jeff Dean, Senior Vice-President and Senior Programmer at Global Election Systems (GES), the company purchased by Diebold in 2002 which became Diebold Election Systems, was convicted of 23 counts of felony theft for planting back doors in software he created for ATMs using, according to court documents, a "high degree of sophistication" to evade detection over a period of two years. In addition to Dean, GES employed a number of other convicted felons in senior positions, including a fraudulent securities trader and a drug trafficker.

    you have to ask, who really benefits from any of this ? not the voter anyway.
    Its companies like diebold who benefit at the end of the day, because the money comes from tax payers, & sure who cares about them?

    Its the exact same in every other business, just look at the ridiculous pharmaceutical industry, where politicians here in ireland & abroad, who have invested money in manufacturers make key decisions on where the health budget is spent..

    don't mention the e-voting machines :P

    sometimes i think we would be better off just letting criminals run the country ;)

    friendly-fascism
    "As long as an economic system provides an acceptable degree of security, growing material wealth and opportunity for further increase for the next generation, the average American does not ask who is running things or what goals are being pursued."
    - Daniel R. Fusfeld


Advertisement