Dave Emery wrote:
On Sat, Oct 23, 2004 at 03:23:21PM -0400, Adam Shostack wrote:
Correct me if I am wrong, but don't most of the passive, cheap
RF or magnetic field powered RFIDs transmit maybe 128 bits of payload,
not thousands and thousands of bits which would be enough to include
addresses, names, useful biometric data and so forth ?
I have another question: aren't RFIDs of this
nature all passive, and need to be excited in
some fashion? It would seem that detecting the
powering signal may well be a way to defend
against unexpected reads.
Whilst unique serial numbers read at a distance could be used in
a variety of rather sinister ways, they aren't equivalent to dumping the
names, addresses, weight, height, birth date, social security number and
biometric signatures of someone in the clear. And obviously are
much less useful to an unsophisticated thief without access to the
database mapping the serial number to useful information.
OK, so your view would be that SSNs are just
indexes into databases and therefore are not
a threat to anyone. Very silly of the US congress
to have put restrictions on their use, then...
Mind you, in Australia, they are even less
humours. I hear, you go to jail if you are
caught using TSNs for anything but the tax
records for your employees.
And further it seems reasonable to suppose that if larger blocks
of useful data get dumped, it would be encrypted under carefully
controlled keys at least for passport and similar applications.
Granted that very sophisticated attackers might obtain some of these
keys, but the average thief presumably would not have access to them.
Do you have anything to back up that "reasonable
surmise" ? I'd say the DeCSS program, and any
analysis of the application, and any amount of
experience with similar apps like smart card money
would say the reverse is true. Distributing data
that is private to a large quantity of readers
with pre-issued hardware and data is a hard problem,
especially if you can't use public key crypto (but
don't imagine public key crypto solves all the
problems).
Oodles of experience dictate that the information
on the RFIDs will be available to a huge number
of bureaucrats, for free, and anyone who wants
to purchase it, for a market price. Going on
prior figures seen, I'd say the price would be
order of $10 - $100 (the price of doing business,
as the data cost would be marginal==0), and the
end result is that it would all be bundled up in
the standard package of identity for some given
victim.
It does occur to me that RFID equipped passports or internal
passports/driver licenses ("your papers please") COULD be equipped with
some kind of press to read switch the would require active finger
pressure on the card to activate the RFID transmitter - this would
leave them disabled and incapable of transmitting the ID when sitting in
someone's wallet or purse. Aside from very sinister covert reading
applications I cannot think of any reason why a RFID equipped identity
card would need to be readable without the active cooperation and
awareness of the person carrying the card, thus such a safeing mechanism
would not be a real burden except to those with sinister covert agendas.
Actually, I think the people you are dealing with
there are ingenious in a hive like fashion. They
will come up with a good reason to have them
available for read without the user's knowledge.
And needless to say, copper screen or foil lined wallets would
become very popular...
The questions would then be, what frequency do these
things operate on, what power is required to power
them up, and what power is required to ... power them
down. Any radio guys around?
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
