The Smart Card Alliance is an association of companies across the smart card industry (from chip makers to customers), whose goal is to promote smart card technology in America. This is hard work, as there are many misconceptions about smart cards in the land of plastic cards. These days, one of their big missions is to establish the fact that contactless smart cards are different from RFID little tokens. And the current battlefield is called Real ID. The Smart Card Alliance has published many papers on this topic, and I will just react on two.
The first one is a positive paper about smart cards, Smart Card Technology: The Right Choice for REAL ID. It provides arguments in favor of the adoption of smart cards. naturally, the interesting part is the arguments that have been selected.
Two advantages are mentioned for the states:
- The Only Secure Identity Solution.
- The Only Technology to Provide the Cost Efficiency, Convenience and Flexibility for Multiple Applications
Three advantages are mentioned for citizens:
- One Secure Card = Multiple Uses
- Secure Cards Help to Protect Citizens from Identity Theft
- The Only Technology to Provide Strong Privacy Protection for Citizens
Security is there on both sides, of course, which is not surprising, because it is a very tangible and real advantage of smart cards for such an application. Identity Theft is mentioned as well, which is less obvious: smart cards are really hard to modify or counterfeit, but it would be quite extraordinary to imagine that the security measure on an ID (smart card or other) gets used for everyday transactions.
The really interesting thing is here that multi-application is mentioned twice. I know that multi-application can also mean multiple file systems or other data-only schemes, but I am still oriented to think that American states could be led to use an all-American Java technology. And the interest, of course, is to imagine what kind of applications can be bundled with an ID card. I will leave this to your imagination.
The second one is a negative paper on RFID, The Consequences to Citizen Privacy and National Security in Adopting RFID Technology for Border Crossing Identity Documents. This paper directly targets the PASS program, whose objective is to distribute identification cards to U.S. citizens who have limited travel needs (for instance, to Mexico and Canada). The idea is to allow U.S. citizens to travel in some countries without a passport, just like European citizens can travel inside Europe with their national ID card (if they have one). In terms of implementation, These cards are expected to include a RFID chip (no, not a smart card, a simple RFID chip). The idea is that the RFIDs will be read from a distance by the customs officer (who can stay cool/warm inside his office), and the “customers” would not have to exit their cars. The identification number would be used to get a record from a database, and the office would perform a visual match between the pictures on file and the individuals in the car.
The Smart Card Alliance is not in favor of RFID, and provides a detailed list of potential issues. Let’s start by security:
* First, of course, RFID identifies the holder (which is great for cattle and baggage), but it does not authenticate them, and it cannot include any secure processing, because there is no cryptography to protect them.
* Then, since RFID is not able to store authentication data (pictures), the entire system relies on the availability of an efficient access to a centralized database where the pictures are stored. History shows that this hypothesis does not hold, for instance when an attacker has cut the cable.
* Apparently, it is possible to make the system unusable by using a simple RFID transceiver with a strong enough signal. This is basically equivalent to cutting the network cable, and can force the customs officer to get back to manual checking.
* Of course, there is also my favorite privacy-related attack. Such a PASS card can be read from a distance, and not only by customs officer. In particular, it is a great bomb detonator (targeted at any U.S. citizen, or at a particular person). In a less lethal way, it is a great way to track someone.
There also point to other issues, related to cost and reliability:
* Since border crossing points already have smart card readers for electronic passports (which were not intended to read RFID chips), new readers will need to be purchased. Good for the reader industry, but quite costly.
* There are some issues with reading from a distance, which reduces the main advantage of RFID (no direct interaction needed). In particular, some windshields include a metallic shield, which seems to nicely cut RFID signals.
It is funny that the multi-applicative argument is not used here. Maybe that it does not apply (although the federal government would most likely have other applications to use). Another possible reason is that RFID is of course the perfect multi-application card: a unique number that identifies you uniquely, and which can be used by any applications, even your favorite attacker’s application. It’s just another kind of multi-application card.
No Comments