Fresh articles

» IOS6 news and fixes
» Strange Martian crater
» 100 Petabits per second
» Artificial life created
» Space rock contains organic molecular feast
» 10 Failed Doomsday Predictions
» Universal phone charger
» Moon buildings
» Epassports RFID danger
» 500Gb optical

 
 

 
 

 Index

Sexy things-> Sexy things (4)
Bulk-> Bulk (15)
Technology-> Technology (42)
Space-> Space (35)
UFO-> UFO (5)
Funny-> Funny (4)
Earth Life-> Earth Life (9)
Internet-> Internet (10)
Health-> Health (1)

 
 

 
 

 Most popular

»X-ray
» Google unifies search results
»Google under water
»Moon buildings
»500Gb optical
»Scientists Levitate Small Animals
»Jet stream is weakening
»Orion new nasa vehicle
»Saturns moon like ocean floor
»How Cells Store Fat

 
 

 
 

 Other articles

»Orion new nasa vehicle
»Google buys FeedBurner
»Galaxy Collision
»UFO Flies Over Ica and Huatyara
»Wireless recharging
»China UFO
»Honda first hydrogen cars
»Saturns moon like ocean floor
»Are your Web surfing fingers getting tired?
»What the Internet really looks like
»Play Video Game Just By Thinking
» Google unifies search results
»Frisbee - Unmanned Aerial Vehicles
»Russia building nuke barge to power Arctic
»Laptop best battery
»Midori new operating system
»Vatican says aliens could exist
»Cassini Images Featured in National Geographic
»More Oxygen Could Make Giant Bugs on Earth
»10 Failed Doomsday Predictions

 
 

 
 

The Risk of ePassports and RFID

Let's take a look at a few other things now possible with ePassports:

ePassports aid Data Theft:

The 3 meter barrier has recently been broken for reading RFID data (e.g. your ePassport data)
from a distance 3 meters away. Attacks always get better. They never get worse. The next barrier
is 5, 10 and 20 meters.

An attacker can read the data from your ePassport (while you walk in the street!) and can use
your credentials to authenticate himself or duplicate your passport.

ePassports aid Terrorism:

Thanks to the ePassports is it now possible to build Smart-IED's. A Smart-IED waits until
a specific person passes by before detonating or let's say until there are more than 10
americans in the room. Boom.

Do ePassports make you feel more safe now as the government says they would do?
Breaking in?
The weakness is in the way the system has been rolled out. The terminal accepts
self-signed data.

This attack is different to the grundwalk attack. VonJeek's attack makes it possible to copy,
forge and modify the data so that it is still accepted as a genuine valid passport by the terminal.

Using a Certification Authority (CA) could solve the attack but at the same time
introduces a new set of attack vectors:

1. The CA becomes a single point of failure. It becomes the juicy/high-value target for the attacker.
Single point of failures are not good. Attractive targets are not good.

Any person with access to the CA key can undetectably fake passports. Direct attacks, virus,
misplacing the key by accident (the UK government is good at this!) or bribery are just a few
ways of getting the CA key.

2. The single CA would need to be trusted by all governments. This is not practical as this
means that passports would no longer be a national matter.

3. Multiple CA's would not work either. Any country could use its own CA to create a valid
passport of any other country. Read this sentence again: Country A can create a passport data
set of Country B and sign it with Country A's CA key. The terminal will validate and display the information
as data from Country B.

This option also multiplies the number of 'juicy' targets. It makes it also more likely for a CA key to leak.
Revocation lists for certificates only work when a leak/loss is detected. In most cases it will not
be detected.

Note: The last item received some comments. Some readers suggested that this can be fixed. Yes,
of course, any system can be fixed. Indeed it would be a first good step by the terminal to check
that a passport from country A is also signed with the CA key of country A and not by the CA key of
country B.

The current implementation and plans make it unlikely that this will be implemented securely. In the
end we are trusted those people who gave out ePassports that can be read by anyone and not just
authorized terminals. We are trusting those people who say that good security practice to verify
the validity of a passport is optional and not mandatory.

So what's the solution? We know that humans are good at Border Control. In the end they
protected us well for the last 120 years. We also know that humans are good at pattern
matching and image recognition. Humans also do an excellent job 'assessing' the person
and not just the passport. Take the human part away and passport security falls apart.
 Read this article Email this article

Article © News, Technology, Space, Science - Breaking News and interesting storiesShare

 
 

 
 
 
 

You need to login first



Satellite Shooted down

 
  Did you know?...

- Women in ancient Egypt prevented pregnancy with
plugs made of crocodile droppings?

- Based on artifacts and cave paintings, Ice Age women were likely to enjoy sex as much as their male mates?

- In 2005, the average first time for US girls occurred at the age of 17?

- Known aphrodisiacs of the food world include chocolate, oysters and spicy foods?

- That females have a weaker sex drive than men is a  cultural misconception?

- The most common sexual problem among men is premature ejaculation?

- It is a common misconception that pregnancy can’t occur without male orgasm?

- Whether put to use or not, males produce about 300 million sperm every day?
 
 

 
 

 Visit:

CNN Page

NASA Page

BBC UK

Google News

World of Warcraft News

Romanian Web Hosting

Romanian Domain Registrar

.BIZ Domain Registrar

Advertising

Funny Things

Golden Sands Bulgary

Web Hosting News

Web Hosting Romania

Gadgets Resources

Top Video Games Online
 
 




Members

Username
Password:

[New account] [Forgoten password]


 
 

Keyword:

 
 

©27-Jun-2017