re: http://www.garlic.com/~lynn/aadsm25.htm#46 Flaw exploited in RFID-enabled passports
Budapest Declaration on Machine Readable Travel Documents (MRTDs) http://www.fidis.net/home/single-news/article/budapest-declaration-on-machine-readable-travel-documents-mrtds-2/?tx_ttnews%5BbackPid%5D=4&cHash=fe8718735f from above: By failing to implement an appropriate security architecture, European governments have effectively forced citizens to adopt new international Machine Readable Travel Documents which dramatically decrease their security and privacy and increases risk of identity theft. Simply put, the current implementation of the European passport utilises technologies and standards that are poorly conceived for its purpose. In this declaration, researchers on Identity and Identity Management (supported by a unanimous move in the September 2006 Budapest meeting of the FIDIS “Future of Identity in the Information Society” Network of Excellence) summarise findings from an analysis of MRTDs and recommend corrective measures which need to be adopted by stakeholders in governments and industry to ameliorate outstanding issues. ... snip ... and RFID Passport Security 'Poorly Conceived' http://it.slashdot.org/it/06/11/09/1757202.shtml the above also references Feds Leapfrog RFID Privacy Study http://www.wired.com/news/technology/1,72019-0.html from above: The story seems simple enough. An outside privacy and security advisory committee to the Department of Homeland Security penned a tough report concluding the government should not use chips that can be read remotely in identification documents. But the report remains stuck in draft mode, even as new identification cards with the chips are being announced. ... snip ... The Use of RFID for Human Identification; A DRAFT REPORT from DHS Emerging Applications and Technology Subcommittee http://www.dhs.gov/xlibrary/assets/privacy/privacy_advcom_rpt_rfid_draft.pdf --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
