« Debugging missile defense | Main | MovableType comment spam »
December 18, 2004
Technologies for machine-readable passports
This post should have been posted a month or so ago, but I finally got around to finishing it...Bob McGrew has some good commentary on the proposed RFID-readable passports. I've never seen a really good rationale for why you would need these at all. My impression is that the logic goes something like this:
- We want to store biometrics in passports.
- Biometrics are big.
- So we need passports that can store (and let us retrieve) a large amount of digital data.
- RFID tags let us store and retrieve largish amounts of digital data.
- Therefore we need RFID.
The problem comes between steps 4 and 5. Let's take a step back and look at the available technologies for storing and retrieving digital data in this kind of environment:
| Method | Capacity | Dynamic? | Range |
| Bar code | ~10 bytes/inch | Static | Centimeters (line of sight) |
| Mag stripe | ~125 bytes per square inch | Static | Contact (swipe) |
| 2-D barcode | ~1000 bytes per square inch | Static | Centimeters (line of sight) |
| Memory chip (RFID) | Effectively unlimited | Static | Centimeters to meters |
| Chip + processor (RFID) | Effectively unlimited | Dynamic but low power | Centimeters to meters |
| Chip + connector (USB, Firewire, etc.) | Effectively unlimited | Static or dynamic | Contact (must be plugged in) |
If you look at this chart, it becomes clear that RFID occupies a sweet spot of sorts: it provides a (mostly) unlimited amount of storage but doesn't require physical contact. But it's not the only sweet spot, for two reasons:
- While you can do some dynamic processing with an RFID interface, you don't get much power from the probe pulse and so you can't do much processing without some sort of battery to power the system. By contrast, if you have a connector you can supply power and do plenty of processing, as with a PCMCIA card or USB stick.
- RFID is the only technology that allows unlimited remote read. This is a bug, not a feature, for the obvious privacy reasons. Bar codes require line of sight, so you can't realistically read the passport without actually having it in your hand. The situation with connector-based systems is even better.
Based on the above tables, my impression is that you could get high enough data densities with 2-d bar codes. Iris codes are about 128 bytes and fingerprints are about 300-1000 bytes each, so you should be able to put all 10 fingerprints on the interior surface of a passport and still have some room to spare.
The big argument for RFID, of course, is that it's extensible, so if you want to store a lot more stuff on it you don't need to go making a lot of changes to the physical interface. That said, given the amount of attention the passport designers seem to be showing to privacy, it's not clear that that's a feature from the perspective of passport holders.
Posted by ekr at December 18, 2004 8:06 PM | Filed under:
Comments
OK, with reservations
1) Personally, I am against RFID as I believe that the governments and others should be required to inform people before they try to access your "private" information. It may be that you are required to provide it, but at least there should be notification that they are obtaining it when they do.
2) On the other hand, it is my understanding that there is a developing standard in the world that the US is possibly going along with, e.g. that other countries are planning the use RFID and thus either we agree to the standard, that we may have been involved in developing?, or we will require both our readers and RFID readers for their ID's.
3) It is also my understanding that an individual can protect themself from random scanning with a shilded wrapper and thus, though the scanner does not identify themself to try to scan, the individual can prevent scanning except when speciffically requested.
So, Though I would have prefered contact systems, Chip + connector, (e.g. Smartcard), the RFID seems tolerable as it can be defeated, if the stored information is reasonable.
I think that I would work at least toward ensuring that the RFID info can be read by an indepandant source so that I am sure that only the appropriate information is stored, e.g. Name, Height... and not Credit Rating, Criminal record...
Thanks
Posted by: Mike Liveright at December 18, 2004 11:34 PM
I think the argument for this type of passport technology lasting long should be minimal. Have you seen the prototype nanotech wireless sensors from CrossBow (www.xbow.com)? They are Neil Stephenson-esque.
Posted by: Steve Purpura at December 19, 2004 3:39 PM
It is funny how much confusion there are about the new passports...
To begin with the RFID part. The cards will use the ISO/IEC 14443
standard.
This is not the same technology that is used for the bar-code
kind of RFID tags. The 14443 cards have no problem to do the things
normal smart cards can do. For example, I have 14443 java cards
that can do biometric verifications on-card.
And Mike, you are correct that this is a world-wide standard that
everybody will follow eventually. But USA is the country that
is driving the work, and is actively persuading other countries to
follow (by e.g. requiring visa for citizens from European countries
that has not introduced these new passports before October next
year).
I'm happy to write a more detailed summary about what is going on,
but you can find some links in the
mail I posted to the cryptography@metzdowd list some time ago.
Posted by: Krister Walfridsson at December 22, 2004 1:30 PM
I'm not sure what you think the confusion is about. I was very clear that one of the advantages of the RFID interface was that you could do processing on the card.
That said, you can't securely do the biometric authentication on the passport because the purpose of the system is to authenticate the passport holder and the passport isn't a TCB.
Posted by: EKR at December 23, 2004 1:04 PM
The "confusion" was a general remark on all of the different discussions going on about the new passports (with claims ranging from that it will eliminate terrorism to claims that it is the mark of the beast...)
You said in your original post that the RFID "can't do much processing without some sort of battery to power the system". My comment on the java card was only to illustrate that the current generation 14443 cards can do much processing without battery power; not a comment on how the biometrics is specified in the MRTD drafts...
Apologies for being unclear.
Posted by: Krister Walfridsson at December 24, 2004 7:07 AM