NEWS

Industry Group Says E-Passport Clone Poses Little Risk


	Email Article
	Create PDF
	Print Article
	Digg This



	Increase Text Size
	Decrease Text Size
	Turn Definitions Off

During the teleconference, Randy Vanderhoof, executive director of the Smart Card Alliance, noted that the data encoded to the chip inside an e-passport is digitally signed and locked by the issuing nation, and could not be altered even if it was cloned. According to Vanderhoof, what Grunwald accomplished could not serve to make electronic passports less secure because the passport inspectors will still examine the chip's encoded photo and compare it with the person who presents the passport. Cloning a passport's inlay, he says "would be no different, in our point of view, than stealing someone else's passport and trying to present that as your own at a border entry point."

"Electronic passports are far more secure than today's printed documents," says Vanderhoof, because the RFID element is used to authenticate the carrier of the passport through a visual inspection. In the Wired story, Frank Moss, deputy assistant secretary of state for passport services at the U.S. State Department, said the e-passport specs were not designed to prevent cloning. "What this person has done is neither unexpected nor really all that remarkable," he told Wired, adding that the RFID inlay is meant to be an additional authenticator of the passport's carrier.

What if a country decided to remove the manual inspection process entirely, however, relying instead only on the data presented to an interrogator at a border crossing? In this approach, which the ICAO specifications allow for and which some countries are reportedly considering, someone other than Grunwald could enter a country by presenting a clone of Grunwald's e-passport, as easily as someone could steal an EZPass and drive through a New York toll booth.

"Obviously it would be better to have anticloning features [on e-passports], but [e-passports] may well be more secure than the [ones without RFID], in which photos can be grafted into real passports or inserted into fake ones," says Ari Juels, principal research scientist for RSA Laboratories, the research arm of RSA Security.

Juels says Grunwald's result "is a useful demonstration, but does not really teach anything new. A system with cloneable passports is roughly equivalent in security to a database with integrity protection. Anyone can claim to be another person; the system relies on a physical identity check for its success."

<< Previous Page

| 1 | 2

Print Article Email Article Reprints and Permissions

RFID Journal LIVE! Middle East, Jan. 5-7, 2009, Dubai

RFID Journal’s first annual event in the Middle East will be held at the InterContinental Hotel Festival City in Dubai, United Arab Emirates. This premier RFID event will help companies across the Middle East get up to speed on RFID and begin to leverage the unparalleled benefits that the technology can deliver. Attendees will learn about how RFID can be used in their operations and meet the vendors that can help them deploy a successful solution.

RFID in Health Care • Jan. 22, 2009 • Rio All-Suite Hotel • Las Vegas, Nev.

RFID Journal will host its second-annual RFID in Health Care event, co-located with the 3rd Annual Leadership Summit on Healthcare Supply Chain Management. RFID in Health Care is the one event where you can hear from health care providers and leading early adopters share real-world case studies that reveal the business benefits of RFID technology. Learn how to cut costs and improve patient outcomes. Plus, meet the leading providers of RFID systems for health care.

RFID Home RFID Buyer's Guide Post a Resume Request a Quote

Retail/CPG	Health Care/Pharma	Chemical	Manufacturing
Transport/Logistics	Defense/Aerospace	Packaging/Labeling	Apparel & Footwear