[IP] State Department responds to RFID passport comments
Begin forwarded message:
From: William Gronim <wwg@xxxxxxxxxxxxxx>
Date: October 26, 2005 9:39:46 AM EDT
To: Multiple recipients of list talk <talk@xxxxxxxxxxxxxxxxxx>
Subject: PRIVACY:: State Department responds to RFID passport comments
Reply-To: talk@xxxxxxxxxxxxxxxxxx
Hello.
The Sate Department has published a detailed response to the
public comments it received on its proposed RFID passport scheme.
Almost all (98.5%) of the comments received were negative, and 86% of
the 2,335 comments concerned privacy and/or security. The Department
has decided to go forward with the following plan:
-They will use passive ISO 14443 RFID chips with a capacity of 64K.
-The binding and cover of the passport will contain shielding
material to limit the reading of closed or nearly closed passports to
10cm. The Department claims to have tested the chips in question to
evaluate how much shielding is needed.
-The chip will contain: name, nationality, sex, date of birth,
photograph, passport number, issue date, expiration date, type of
passport.
-The chip will use BAC (Basic Access Control) to encrypt chip-to-
reader communications. BAC is described at [1] pages 8-9. The chip
stores two keys, one for encryption one for MAC. The keys are derived
from information in the visual machine readable area of the
passport: date of birth, passport number, etc . As pointed out it in
[1] this has two issues: The keys do not have enough entropy and the
use of a single lifetime key gives anyone who once read your passport
permanent access.
-Passports with broken chips will be considered invalid and
replaced at no charge.
-Trial deployments to government employees to begin December 2005.
The comments are available at http://cryptome.org/dos102505.txt .
--William Gronim
wwg@xxxxxxxxxxxxxx
"We have no future because our present is too volatile."
[1] http://eprint.iacr.org/2005/095.pdf
------------------------------------------------------------------------
--
To subscribe or unsubscribe from the TALK mailing list,send an email
message to majordomo@xxxxxxxxxxxxxxxxxxxxxxxxxx the subject line and
body of the message containing either:
subscribe talkOR
unsubscribe talk
Those two words should contain the entire subject line and
body of the message.
------------------------------------------------------------------------
--
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/