Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk of Using RFID chips in Passports Oscar Mendez.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Risk of Using RFID chips in Passports Oscar Mendez."— Presentation transcript:

1 Risk of Using RFID chips in Passports Oscar Mendez

2 Department of State: Globally Interoperable It will not permit ``tracking'' of individuals. The new passport document is itself highly tamper resistant. The passport data on the chip does not require encryption in order to be secure and protected Source: http://edocket.access.gpo.gov/2005/05-21284.htm Oscar Mendezhttp://edocket.access.gpo.gov/2005/05-21284.htm

3 Privacy And Security Concerns Access to Readers to the open market Other countries do not have the same standards for security. The passport can be read at a distance without the knowledge of the individual Americans can be a target when overseas Oscar Mendez

4 State department The contactless smart chip that is being used in the electronic passport is a ``passive chip'' that derives its power from the reader that communicates with it. It cannot broadcast personal information because it does not have its own source of power. Readers that are on the open market, designed to read Type A or Type B contactless chips complying with International Standards Organization (ISO) 14443 and ISO 7816 specifications, will be able to communicate with the chip. This is necessary to permit nations to procure readers from a variety of vendors, facilitate global interoperability and ensure that the electronic passports are readable at all ports of entry. Source: http://edocket.access.gpo.gov/2005/05-21284.htm Oscar Mendezhttp://edocket.access.gpo.gov/2005/05-21284.htm

5 Technical information STMicroelectronics Manufacturer of read Type A or Type B contactless chips. Provided a complete technical information of the chips On the web. Everybody has access to this information. http://www.st.com/stonline/books/pdf/docs/8880.pdfhttp://www.st.com/stonline/books/pdf/docs/8880.pdf Oscar Mendez

6

7 Johns Hopkins University & RSA REVERSE ENGINEERED The Exxon-Mobil Speedpass uses a cryptographically-enabled tag manufactured by Texas Instruments, called the Digital Signature Transponder (DST), which incorporates a weak, proprietary encryption scheme to perform a challenge-response protocol. In 2005, researchers from RSA Labs and Johns Hopkins University reverse engineered the algorithm and were able to clone Speedpass tags. http://www.rfidanalysis.org Oscar Mendez http://www.rfidanalysis.org

8 From Vrije University Amsterdam Up until now, everyone working on RFID technology has tacitly assumed that the mere act of scanning an RFID tag cannot modify back-end software, and certainly not in a malicious way. Unfortunately, they are wrong. In our research, we have discovered that if certain vulnerabilities exist in the RFID software, an RFID tag can be (intentionall) infected with a virus and this virus can infect the backend database used by the RFID software. From there it can be easily spread to other RFID tags. No one thought this possible until now. Later in this website we provide all the details on how to do this and how to defend against it in order to warn the designers of RFID systems not to deploy vulnerable systems. Source: http://www.rfidvirus.org/ Oscar Mendezhttp://www.rfidvirus.org/

9 The US State Department initially rejected privacy concerns on the grounds that they believed the chips could only be read from a distance of 10 cm (4 in), but in the face of 2,400 critical comments from security professionals, and a clear demonstration that special equipment can read the test passports from 10 m (33 feet) away, the proposal was reviewed. RFID passports will start to be issued in mass distribution in October 2006.[29] In November 2005, the State Department stated that as of October 2006 all US passports will contain RFID chips with some security features. The passports will be shielded to prevent skimming. The department will also implement Basic Access Control (BAC), which functions as a Personal Identification Number (PIN) in the form of characters printed on the passport data page. Before a passport's tag can be read, this PIN must be inputted into an RFID reader. The BAC also enables the encryption of any communication between the chip and interrogator. http://www.wired.com/news/privacy/0,1848,67333,00.html Oscar Mendez

Download ppt "Risk of Using RFID chips in Passports Oscar Mendez."

Similar presentations

Isiah Collins. mathematical scheme for demonstrating the authenticity of a digital message or document. (Wiki) A way to protect important documents sent.

Isiah Collins. mathematical scheme for demonstrating the authenticity of a digital message or document. (Wiki) A way to protect important documents sent.
12 November 2002Digital Identity Forum – London Biometrics and ID Bill Perry Independent Consultant Phone: 077 8683 6764.

12 November 2002Digital Identity Forum – London Biometrics and ID Bill Perry Independent Consultant Phone:
Digital Identity Group May 2012. GIXEL  GIXEL is the professional association of electronic component and system industries in France. It brings together.

Digital Identity Group May GIXEL  GIXEL is the professional association of electronic component and system industries in France. It brings together.
G53SEC 1 Hardware Security The (slightly) more tactile side of security.

G53SEC 1 Hardware Security The (slightly) more tactile side of security.
Nairobi, Kenya 29-31October 2007 1 Fifth Special Meeting of the Counter- Terrorism Committee with International, Regional and Subregional Organizations.

Nairobi, Kenya 29-31October Fifth Special Meeting of the Counter- Terrorism Committee with International, Regional and Subregional Organizations.
Contactless Payment. © Family Economics & Financial Education – January 2007 –– Financial Institution Unit – Contactless Payment - 2 Funded by a grant.

Contactless Payment. © Family Economics & Financial Education – January 2007 –– Financial Institution Unit – Contactless Payment - 2 Funded by a grant.
The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy A. Juels, R. L. Rivest, and M. Szydlo 8th ACM Conference on Computer and Communications.

The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy A. Juels, R. L. Rivest, and M. Szydlo 8th ACM Conference on Computer and Communications.
Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.

Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.
Lesson Title: Threats to and by an RFID system Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Threats to and by an RFID system Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.

RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
Security in RFID Presented By… NetSecurity-Spring07

Security in RFID Presented By… NetSecurity-Spring07
Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security
SHERA USHER 4.19.2011 RFID in Humans. Brief History of RFID RFID can be traced back to WWII Sir Robert Alexander Watson-Watt developed the first active.

SHERA USHER RFID in Humans. Brief History of RFID RFID can be traced back to WWII Sir Robert Alexander Watson-Watt developed the first active.
RFID Technologies Master seminar : Tangible User Interfaces Bruno Dumas – DIVA Group University of Fribourg 9.12.2005.

RFID Technologies Master seminar : Tangible User Interfaces Bruno Dumas – DIVA Group University of Fribourg
RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.

RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.
Real World Applications of RFID Mr. Mike Rogers Bryan Senior High School Omaha, NE.

Real World Applications of RFID Mr. Mike Rogers Bryan Senior High School Omaha, NE.
RFID passports How does is work? Step by step By: Einav Mimram.

RFID passports How does is work? Step by step By: Einav Mimram.
EPC for Security Applications By Jacob Ammons & Joe D’Amato.

EPC for Security Applications By Jacob Ammons & Joe D’Amato.
Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.

Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.

Similar presentations

Ads by Google