Technologies for machine-readable passports

| Comments (5) | TrackBacks (25) |
This post should have been posted a month or so ago, but I finally got around to finishing it...

Bob McGrew has some good commentary on the proposed RFID-readable passports. I've never seen a really good rationale for why you would need these at all. My impression is that the logic goes something like this:

  1. We want to store biometrics in passports.
  2. Biometrics are big.
  3. So we need passports that can store (and let us retrieve) a large amount of digital data.
  4. RFID tags let us store and retrieve largish amounts of digital data.
  5. Therefore we need RFID.

The problem comes between steps 4 and 5. Let's take a step back and look at the available technologies for storing and retrieving digital data in this kind of environment:

Method Capacity Dynamic? Range
Bar code ~10 bytes/inch Static Centimeters (line of sight)
Mag stripe ~125 bytes per square inch Static Contact (swipe)
2-D barcode ~1000 bytes per square inch Static Centimeters (line of sight)
Memory chip (RFID) Effectively unlimited Static Centimeters to meters
Chip + processor (RFID) Effectively unlimited Dynamic but low power Centimeters to meters
Chip + connector (USB, Firewire, etc.) Effectively unlimited Static or dynamic Contact (must be plugged in)

If you look at this chart, it becomes clear that RFID occupies a sweet spot of sorts: it provides a (mostly) unlimited amount of storage but doesn't require physical contact. But it's not the only sweet spot, for two reasons:

  • While you can do some dynamic processing with an RFID interface, you don't get much power from the probe pulse and so you can't do much processing without some sort of battery to power the system. By contrast, if you have a connector you can supply power and do plenty of processing, as with a PCMCIA card or USB stick.
  • RFID is the only technology that allows unlimited remote read. This is a bug, not a feature, for the obvious privacy reasons. Bar codes require line of sight, so you can't realistically read the passport without actually having it in your hand. The situation with connector-based systems is even better.

Based on the above tables, my impression is that you could get high enough data densities with 2-d bar codes. Iris codes are about 128 bytes and fingerprints are about 300-1000 bytes each, so you should be able to put all 10 fingerprints on the interior surface of a passport and still have some room to spare.

The big argument for RFID, of course, is that it's extensible, so if you want to store a lot more stuff on it you don't need to go making a lot of changes to the physical interface. That said, given the amount of attention the passport designers seem to be showing to privacy, it's not clear that that's a feature from the perspective of passport holders.

25 TrackBacks

Listed below are links to blogs that reference this entry: Technologies for machine-readable passports.

TrackBack URL for this entry: http://www.educatedguesswork.org/cgi-bin/mt/mt-tb.cgi/44

free online poker from free online poker on February 23, 2005 3:48 PM

What a country calls its vital economic interests are not the things which enable its citizens to live, but the things which enable it to make war. Gasoline is much more likely than wheat to be a caus Read More

ap viagra from ceixnoirs.dyndns.org on July 16, 2005 9:02 AM

2003 billion cyalis levitra market sales viagra compare levitra cialis viagra viagra and blindness compare cialis and viagra generic viagra 35 business days levitra cialis viagra best viagra 50mg online no rx viagra questions answered about viagra viag... Read More

poker Insomnia can become a form of contemplation. You just lie there, inert, helpless, alone, in the dark, and let yourself be crushed by the in Read More

That is really cool Read More

we live together from we live together on September 12, 2005 5:28 AM

Corruption Allegations Abound Read More

literature lessons from modernism in american literature on September 24, 2005 6:08 PM

writing an apa literature review math based childrens literature literature scavenger hunt dragon in literature literature online postmodernism literature house of dawn literature hero literature australian literature history japanese literature high ... Read More

Cheap Pharmacy Online from Cheap Pharmacy Online on September 25, 2005 10:23 PM

Gazprom Agrees With E.ON, BASF on Natural-Gas Link (Update2) Read More

texas hold em poker from texas hold em poker on September 28, 2005 4:21 PM

Bad IDEA! Read More

internet texas holdem poker from internet texas holdem poker on September 28, 2005 4:31 PM

Annan cleared of corruption Read More

Yanks back up pledge Read More

Ophelia Weakens As It Begins To Move Away Read More

Saddam lawyer denies confessing to deaths Read More

loans I infuse scarified to thresk that if straw-crowned gentlemen meet at loans in discipuli, their object will histoire to scrabble co Read More

Brother sister rape movies from Incest storiespictures photos on November 11, 2005 10:13 AM

loans is a niceblog. Read More

jersey from jersey collection on January 9, 2006 4:38 PM

TITLE: jersey URL: http://jersey.fasthoster.de/ IP: 217.218.235.162 BLOG NAME: jersey collection DATE: 01/09/2006 04:38:55 PM Read More

i am starting college tomorrow Read More

texas hold em from texas hold em on January 30, 2006 3:17 AM

troublesome!kit earners pouts metaphysics dissidents Phobos:online poker http://www.understand-poker.com/online-poker.html Read More

poker casino910 from poker casino910 on February 10, 2006 8:21 PM

poker casino poker 402 Read More

blackjack video poker video poker party poker party poker Read More

poker online poker poker free ringtones free ringtones Read More

maui real estate from maui real estate on February 23, 2006 3:53 PM

maui real estate hernando county real estate hernando county real estate tahoe real estate Read More

Download hot pics of paris hilton , Cheapest Life Insurance, Insurance Read More

5 Comments

OK, with reservations

1) Personally, I am against RFID as I believe that the governments and others should be required to inform people before they try to access your "private" information. It may be that you are required to provide it, but at least there should be notification that they are obtaining it when they do.

2) On the other hand, it is my understanding that there is a developing standard in the world that the US is possibly going along with, e.g. that other countries are planning the use RFID and thus either we agree to the standard, that we may have been involved in developing?, or we will require both our readers and RFID readers for their ID's.

3) It is also my understanding that an individual can protect themself from random scanning with a shilded wrapper and thus, though the scanner does not identify themself to try to scan, the individual can prevent scanning except when speciffically requested.

So, Though I would have prefered contact systems, Chip + connector, (e.g. Smartcard), the RFID seems tolerable as it can be defeated, if the stored information is reasonable.

I think that I would work at least toward ensuring that the RFID info can be read by an indepandant source so that I am sure that only the appropriate information is stored, e.g. Name, Height... and not Credit Rating, Criminal record...

Thanks

I think the argument for this type of passport technology lasting long should be minimal. Have you seen the prototype nanotech wireless sensors from CrossBow (www.xbow.com)? They are Neil Stephenson-esque.

It is funny how much confusion there are about the new passports...

To begin with the RFID part. The cards will use the ISO/IEC 14443 standard. This is not the same technology that is used for the bar-code kind of RFID tags. The 14443 cards have no problem to do the things normal smart cards can do. For example, I have 14443 java cards that can do biometric verifications on-card.

And Mike, you are correct that this is a world-wide standard that everybody will follow eventually. But USA is the country that is driving the work, and is actively persuading other countries to follow (by e.g. requiring visa for citizens from European countries that has not introduced these new passports before October next year).

I'm happy to write a more detailed summary about what is going on, but you can find some links in the mail I posted to the cryptography@metzdowd list some time ago.

I'm not sure what you think the confusion is about. I was very clear that one of the advantages of the RFID interface was that you could do processing on the card.

That said, you can't securely do the biometric authentication on the passport because the purpose of the system is to authenticate the passport holder and the passport isn't a TCB.

The "confusion" was a general remark on all of the different discussions going on about the new passports (with claims ranging from that it will eliminate terrorism to claims that it is the mark of the beast...)


You said in your original post that the RFID "can't do much processing without some sort of battery to power the system". My comment on the java card was only to illustrate that the current generation 14443 cards can do much processing without battery power; not a comment on how the biometrics is specified in the MRTD drafts...


Apologies for being unclear.

Leave a comment