[LINK] Industry Reply on e-Passport Cloning

[Geoffrey Ramadan]

Adam Todd wrote:
> At 03:16 PM 12/08/2006, Geoffrey Ramadan wrote:
>> Adam
>>
>> 1) e-Passports use Near Field electromagnetic properties (i.e. it is 
>> not like a radio transmitter which uses Far Field properties, but 
>> works like a transformer which uses inductive coupling). The Near 
>> Field boundary is defined at  Wavelength/2xPi  @ 13.56MHz this is 
>> about 3.52M  This defines the theoretical maximum for which this 
>> effect works.
>
> Gee did I say 4 meters in my message or what?
For reasons as explained (i.e. you also need to take into consideration 
the RFID tag geometry) the read range is going to be much less than 3.52M
>
>> The actual distance is dependent on the geometry of the antenna 
>> (inductance and other factors) and how much energy you can transfer 
>> to the tag. Noting that the Power the tag receives is dependent on 
>> how much "flux" it can collect (i.e. area), which is required to 
>> power the tags microcircuit (hence setting a min requirement)
>
> Yes like listening devices that have an inductive receiver in the 2Mhz 
> range, the more power you beam at the listening device over whatever 
> range you can beam it, the stronger the transmission output.  A nice 
> little capacitor could hold a charge for a short time, depending on 
> the design of the device and how active or inactive it is.
1) 2MHz has a Near field boundary of  24M

2) Tag designs for Near Field applications are different in design for 
Far Field design. I think you are confusing the two.

3) Your point about the capacitor is correct. The range is determined by 
the ability of the tag to obtain sufficient rectified voltage, and the 
RFID tag already uses a small capacitor to store this energy.

However, the capacitor in the RFID tag is fixed.... you cannot just 
change it.


>
> Same principals apply.  I am VERY familiar with "wake up and talk" 
> devices, in more areas than just listening or rfid.
>
>> A very simple approximation is that max read range is fixed by the 
>> size of the antenna. However, as shown above, the size of the tags 
>> antenna is also important (greater distance less flux/energy)
>>
>> Translation: small antenna tag, small read range.
>
> Yes generally speaking, but then the laws of physics can always be 
> manipulated using techniques that break the rules.
The very point I am trying to make is that RFID Tags, read range, etc, 
is totally governed by physics, and no amount of "manipulation" can 
change it.

You can create designs, and change properties (variables in the 
electrodynamic equations)  to  improve its performance, and I will 
concede that there are "tricks" to opimise these variables, but you can 
not "break the rules".

>
>> The best I have seen @ 13.56MHz RFID is an antenna frame (which you 
>> can pass through) the size of a small shed, able to read tags that 
>> are 30cm square at about 2 meters. The tags had also been 
>> specifically designed and tuned for this to work
>
> I've tested tags that are 5cm in size from distances of 8 metres, 
> transmitting data from a Dallas One Wire memory chip.
1) I can only assume that you have designed a RFID Tag based on Far 
Field design principals and NOT near field (inductive), in which 8m is 
possible.

2) The Dallas One Wire Memory chip is touch memory device that has an 
inbuilt battery. Quite different from a passive RFID tag used in 
e-Passports which has no active components. You can get several hundred 
meter read range using active RFID tags.



>
>> I would conclude that it would be impossible to read the e-Passport 
>> tag at any significant distance, and certainly not at 4m. It would be 
>> interesting to see how well a tunnel reader would work though!
>
> Nothing is impossible, it's a matter of how difficult.
>
> In todays era, it's not about difficult, it's about how persistent and 
> desperate.
>
This is the point I am trying to dispel.

It is all about the physics and no amount of persistence will change it.

>
>> 2) Also the passport has in a metal thread embedded into one of the 
>> pages (forming a ground plane). If the e-Passport is closed, it would 
>> be impossible to read.
>
> I wasn't aware this was included now.  In any event, I did say, 
> reading the passport at a checkpoint.  Not something impossible to do.
>
> In fact I'm working on a commissioned project presently that uses a 
> PDA for this very purpose.  I'm suppose to prove it can't be done, 
> however, given a laptop and some copper wire and a few Jaycar 
> components, I've proven I can at least do it in a cumbersome form.
I would be interested in seeing how you would do this in a "realistic" form.

>
>
>> 3) As pointed out before, even if they did copy a e-Passport, I 
>> believe this will make it easier to catch the fraudsters.
>
> Actually I think it will only create confusion.  Who is the fraud!  
> The Authorities can't get it right presently, well in my personal 
> experience, and that's growing in vast events.
They can't get it right because they rely on "human" operators to 
visually inspect passports. The persons biometric image is stored on the 
passport.

The e-Passport allows us to automate this process.

Either the biometric image taken at the checkpoint
a)  matches the passport or it doesn't.
b) matches the biometric image kept on file that is associated with that 
ID or doesn't
c) the biometric image on the passport matches the database on file or 
doesn't

i.e. there are now several ways to catching them out.

Reg
Geoffrey Ramadan

>
> I think sometimes we get too caught up with what's in the box and not 
> what is outside.  Maybe that's why I now enjoy film making more than 
> before - the challenge to make a proper that works, that doesn't 
> really work, but looks like it does, without spending a defence budget 
> on R&D to make something that isn't real.
>
> Inspirational is the minimum I get out of this work now.
>
> I have to admit, all my electronic gadget props have a truth in 
> function and will do a conceptual functioning of the requirement.
>
>