Tweet
Re: Major Malfunction makes the news again
What's the old adage; "Never attribute to malice what you can attribute to stupidity"?
We know that security never perfect. The goal should not be 'un-breakable' but layers that compliment each other and frustrate an attacker for a suitably long period.
In the case of crypto, having an algorithm that can't be brute forced for 20+ years when the useful lifespan of the data is 10 years is an example. A simpler one is having a safe that takes 30 minutes to manipulate, but having a guard come by every 10 minutes.
In the case of contact based passports, they have a fixed valid lifespan of 10 years, that's the standard to build to. I'm not saying that it's a flawless solution. Power analysis is a facinating field, and Adi Shamir has been doing some great work with RFID on that. However, direct contact would still be needed to read power levels to get the keys for a single passport. If the data is externally encrypted before being written and no data keys are stored on the passport, an attacker could possibly extract the data, but be up against a second problem of decrypting it.
Given gov't history of not properly securing the keys to the kingdom, it is likely that the reader keys could be compromised, however, this still only helps the attacker if they get physical possession of the passport. As well, if you have the ability to revoke keys (i.e. update your passport on the way out of the country, at passport office, post office, whatever), you can maintain the system through the 10 years or more and not have to re-tool each time someone screws up. How much do you think it's going to cost in 2 years for the next epassport version once this one is scrapped for whatever reason?
The contact based solution basically prevents the wholesale collection of passport information and mitigates alot of the passive attacks. It adds the additional layer of a harder to forge, crypto signed 'page' that has to match up with everything else, but reduces threats to classic problems of pick pocketing, mugging, loss, etc. Your left with classic, well understood problems rather than new unforseen ones.
What's the old adage; "Never attribute to malice what you can attribute to stupidity"?
We know that security never perfect. The goal should not be 'un-breakable' but layers that compliment each other and frustrate an attacker for a suitably long period.
In the case of crypto, having an algorithm that can't be brute forced for 20+ years when the useful lifespan of the data is 10 years is an example. A simpler one is having a safe that takes 30 minutes to manipulate, but having a guard come by every 10 minutes.
In the case of contact based passports, they have a fixed valid lifespan of 10 years, that's the standard to build to. I'm not saying that it's a flawless solution. Power analysis is a facinating field, and Adi Shamir has been doing some great work with RFID on that. However, direct contact would still be needed to read power levels to get the keys for a single passport. If the data is externally encrypted before being written and no data keys are stored on the passport, an attacker could possibly extract the data, but be up against a second problem of decrypting it.
Given gov't history of not properly securing the keys to the kingdom, it is likely that the reader keys could be compromised, however, this still only helps the attacker if they get physical possession of the passport. As well, if you have the ability to revoke keys (i.e. update your passport on the way out of the country, at passport office, post office, whatever), you can maintain the system through the 10 years or more and not have to re-tool each time someone screws up. How much do you think it's going to cost in 2 years for the next epassport version once this one is scrapped for whatever reason?
The contact based solution basically prevents the wholesale collection of passport information and mitigates alot of the passive attacks. It adds the additional layer of a harder to forge, crypto signed 'page' that has to match up with everything else, but reduces threats to classic problems of pick pocketing, mugging, loss, etc. Your left with classic, well understood problems rather than new unforseen ones.
Comment