[LINK] Code highlights e-passport eavesdropping risk

Geoffrey Ramadan gramadan at umd.com.au
Wed Nov 1 23:36:03 AEDT 2006 

Kim Holburn wrote:
>
> On 2006/Nov/01, at 9:23 PM, Irene Graham wrote:
>
>> On Wed, 1 Nov 2006 20:35:45 +1100, Kim Holburn wrote:
>>> If the passport can be read from say 10 or 20 metres away and the data
>>> stored ....
>>
>> Physics. Apart from that so you've got a key to unlock a particular
>> passport chip. How are you going to communicate with the particular
>> passport chip, which emits a random UID, from 10 or 20 metres away?
>
> As I understand it the data is available via radio, that is the point 
> of RFID.  The ID in this case is the encrypted data.  You only have to 
> read it.  I don't believe you have to unlock the chip to read it, just 
> unlock the data.
>
> Once you have the data you can decrypt at your leisure.  The only 
> problem is powering the chip so it transmits the data.  To do that you 
> need a low frequency electromagnetic signal or equivalent or you wait 
> until someone else powers it and read it from a distance.  We can pick 
> up radio signals from stars millions of light years away.  You think 
> we can't do that with a passport?
e-Passports don't use "radio" type transmission (or far-field 
radiation). They use inductive coupling. i.e. it works like a 
transformer. The primary coil (transmitter) engergises the secondary 
coil on the RFID chip. This is rectified and used to power the RFID 
chip, which in turn modulates the load and is linked back to the primary 
coil via the same inductive coupling. And like transformers, there a 
physical limits as to how far you can inductively couple two 
transformers. I would guess about 0.5m for a e-Passport.

>
> I am assuming the chip is basically a passive RFID.  Have I got that 
> wrong?   Do you have to interact with the chip?  You can send it 
> commands?  That is a frightening thought.
See
ISO14443 Identification cards -- Contactless integrated circuit(s) cards 
-- Proximity cards

Reg
Geoffrey Ramadan B.E.(Elec)
Chairman, Automatic Data Capture Association (www.adca.com.au)
and
Managing Director, Unique Micro Design (www.umd.com.au)

>
>
> -- 
> Kim Holburn
> IT Network & Security Consultant
> Ph: +61 2 61258620 M: +61 417820641  F: +61 2 6230 6121
> mailto:kim at holburn.net  aim://kimholburn
> skype://kholburn - PGP Public Key on request
> Cacert Root Cert: http://www.cacert.org/cacert.crt
> Aust. Spam Act: To stop receiving mail from me: reply and let me know.
> Use ISO 8601 dates [YYYY-MM-DD] 
> http://www.saqqara.demon.co.uk/datefmt.htm
>
> Democracy imposed from without is the severest form of tyranny.
>                           -- Lloyd Biggle, Jr. Analog, Apr 1961
>
>
>
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

More information about the Link mailing list