Tracking People With RFID Passports

Researchers in Britain say passports with RFID transponders can be used to track individuals, but here's why their report isn't worth the paper it's written on.
Published: February 9, 2010

Tom Chothia and Vitaliy Smirnov, researchers at the School of Computer Science at the University of Birmingham in the United Kingdom, have published a paper entitled “A Traceability Attack Against e-Passports,” in which they claim there is “a flaw in one of the passport’s protocols that makes it possible to trace the movements of a particular passport, without having to break the passport’s cryptographic key.”

My reaction is: So what?

Don’t get me wrong. I think security and privacy are important issues. I’ve been advocating for years that end users and vendors address these concerns, but the “flaw,” as I understand it from reading the paper, poses no threat whatsoever to anyone’s privacy or security.

The authors cite a “public outcry” over Benetton‘s plans a few years ago to put tags in clothing, and “similar traceability concerns” involved with New York’s EZ-Pass program as evidence that there is a threat to privacy from RFID. But a handful of privacy people protesting Benetton and one article in The New York Times don’t mean RFID is a real threat to privacy—nor does it constitute a public outcry. The reality is that no one has ever had their privacy infringed on due to the use of RFID, despite the fact that more than 100 million people around the world carry an RFID tag on them every day, or use one on the windshield of their cars.

The authors explain, in some detail, a Basic Access Protocol (BAC) used to protect data on the RFID transponder, as well as how the tag data’s integrity is ensured through Passive Authentication, and how a third protocol, Active Authentication, “ensures that the passport has not been copied by signing a random nonce from the reader, using a signing key stored securely on the tag.” It all sounds exceedingly secure.

But the authors state: “The BAC protocol ensures that the data on the e-passport can only be read by someone who knows the key derived from the date of birth, date of expiry and number on the passport. Our attack lets someone who does not know this key trace a passport—i.e., if an attacker can observe a run of a particular passport, then they can build a device that detects whenever the same passport comes into range of the reader.” The rest of the paper explains how they did this.

But let’s examine the threat here. For someone to identify and track Mark Roberti via the tag in my passport, for instance, he would need to have pretty sophisticated technical skills, get some equipment into a secure immigration area and capture the transmission of data when my passport is being read by an immigration official. This is possible—but, of course, if he were caught, he would go to jail. Having intercepted enough information to trace my passport, the person would then have to install RFID interrogators in, well, every doorway in the country, in order to be able to identify my movements. OK, that person might know a few places I frequent and install readers in those doorways—provided the owners of those buildings either didn’t know or were willing co-conspirators.

U.S passports have a foil lining in the cover, so I’d have to have my passport open all of the time for it to be traced. Not every country includes foil linings, but the simple solution would be to put foil liners in new passports and give folks Mylar bags for their existing passports.

But the big question is, what would any dastardly criminal gain from tracking someone through the transponder in their passport? What financial benefit could be derived from doing this? And how is RFID better than the tracking technology invented by Johann Lipperhey—namely, binoculars—in 1608?

I’m thinking of writing a paper on a security threat I’ve discovered in all homes and most retail establishments. It’s called a window. This “flaw” in the design of most buildings around the world has gone undiscovered until now. But in my paper, I will explain how by taking a rock and throwing it through the window, criminals could gain easy access to your home and steal all of your belongings. If I could find a way to dress this up in erudite language, I think some university might actually publish it.

Mark Roberti is the founder and editor of RFID Journal. If you would like to comment on this article, click on the link below. To read more of Mark’s opinions, visit the RFID Journal Blog or click here.