Dave Birch gave a talk at a new venue called RFIDUK, which was held in the august and ceremonial halls of the Theodore Bullfrog. One point that struck me was his comment that RFIDs are fast and reliable and they almost make their case on this alone. That is, communication is made within 100 millisecs or so, and it is done without the mechanical pain of older systems like smart cards or swipes.
Speed itself is one reason why mass transits love these things. In the queue for the mass transit, a one second delay versus a three second delay can be enough to trigger a riot when fans want in and on to get to the game. Reliability and maintenance speak for themselves; anyone who's worked big systems knows what these numbers do to your overall report card.
But when it comes to things like passports, I'm uncertain. I've not of late seen a situation where 100ms response times makes any impact on passport checks. Certainly a few years back passports (and their holders) were waved through on colour and size, no more. Then, there is reliability. And, in fact, there again I'm not so sure; if a chip is mucking up, isn't that something where you want to check up on?
RFID passports are expected to have photos, etc on them. If they are so important, then a few seconds ain't going to make any difference.
Otherwise, we could seriously talk about not even waving them, but just walking through at range. There's a thought! If we are going RFID, let's get the full benefit: 3 metre range and no wave, no pause. If the immigration watcher wants to check the photo, scan it and be quick about it, mate, coz I've got bags to collect, and the spouse is waiting!
Posted by iang at April 19, 2005 07:39 PM | TrackBackContrary to what Birch said, RFID is not yet there. I work for a logistics company and RFID is *very* sweet compared to barcode. However, if every piece on a pallet has a tag reading them out is nigh impossible: there are interferences and collisions and *that* problem is not yet solved.
Speed is an issue, too. RFID tags are *not* as fast as Birch obviously thinks they are.
The real point of using them really is the remote capability - and that's where the passport issue comes into play once again. It should never be possible to read the passport tags without the carrier knowing it. If the reach of the RFID fields is larger than, say, 5 cm (about 2"), I'm going to carry my passport in a tin foil cover...
Axel, there the RFID tags used in logistics are very different from what you will see on passports. These tags typically only contain a 32 bit ID (or something a bit longer) and can be read at a quite a distance. The tags, however, do not contain any cryptographic components (too much power consumption, and the costs are too high).
For passports, collision detection is only necessary so that you can hold your purse towards the reader, without needing to remove your passport from it (and separate it from other RFID cards you might have).
Posted by: Florian Weimer at April 20, 2005 03:46 AMRemember the basics of authentication? 3 parts:
-assertion
-identification
-authentication
The walking through and passing RFID check is basically part 1 The checking of the photo by a human being is part 3.
I'd rather he check my photo on a passport than have it stored on a gub'mint computer.
RFIDs in passports are not bad per se. The problem is more one of implementation--encrypt it, make it impossible to read if I don't want you to, etc.
The solution here would be some sort of an 'off' switch on the passport itself--currently, that 'off' switch is "I'll just keep it in my pocket, thank you, and take it out when I have to." It's easy to break out the tinfoil hats, and I can see moves by law enforcement under the usual trend of give 'em an inch, they take a mile, to set up scanners of passport RFIDs everywhere. I don't, frankly, trust "my" government to install sufficient restrictions on the use of such information.
Posted by: Zog at April 20, 2005 06:38 AMIang, I was also under the impression that much security function of immigration is the "sniff" test, or trained agents who are able to detect subtle, non-deterministic factors that raise suspicion and lead to furthter investigation (search, interviews, incommunicado material witnesses, etc). This information is gleaned during the casual questioning period. If this is the case, INS & friends have no interest in expediting that aspect of your arrival.
Posted by: allan friedman at April 20, 2005 10:17 AMAs someone who worked on mass-admission systems (see http://www.anteus.hu) for soccer stadiums, I can tell that RFID is inferior to barcodes. A good barcode scanner (the kind used in supermarkets) can scan a ticket from considerable distance (in the same 100ms timeframe), while printed tickets with barcodes are still considerably cheaper than RFID. For one-time admission paper is clearly superior. For repeated admission, the wear-and-tear of paper puts it at a disadvantage, but the costs of repeated printing of the barcode can be shifted onto the users in some cases.
In addition, barcodes are only visible if the bearer wants to make them visible, while RFID takes effort to conceal. If RFID passports become reality, I could probably sell a device that displays citizenship when pointed to a person for $1000 bucks per unit to Russia. There, foreigners are required to carry their passports with them at all times. Essentially, citizens of countries issuing RFID passports will have their citizenship written on their backs and foreheads, unless they have Faraday-lining in their pockets. Not a very good idea.
RFID has been successfully deployed for mass-admission to the subway in some major cities in Russia (St. Petersburg and Moscow for sure and maybe others), as pre-paid passes. The pass is transferable and refundable, so the same RFID can be recycled several times and is not attached to identity (it just won't let the same pass in more than once at the same station within a 5 minute period). In this case it is acceptable, and has been well-received indeed (despite some stereotypes propagated by western media, Russians do care about safety and privacy a lot -- see WebMoney vs. PayPal; the respective on-line payment systems).
Secure RFID tags that cannot be copied after having them read and that can be turned on and off are considerably more expensive than your ususal warehouse device.
Sure, one can afford more expensive stuff for passports (even a full-blown ECDSA challenge-response is probably within the realm of feasibility), but if you have to activate your passport each time before displaying it (an on-off switch is too easy to leave in the "on" position; a monostable on-for-10-seconds button is a better idea, and a pin is better yet), you have eliminated most of the convenience. Then why bother?
"Contrary to what Birch said, RFID is not yet there"
I wasn't talking about RFID for tags, I was talking about RFID for retail payments and explaining to the audience why Visa, MasterCard, American Express and others are investing in the technology.
Posted by: Dave Birch at April 26, 2005 11:45 AMDaniel A. Nagy said "If RFID passports become reality, I could probably sell a device that displays citizenship when pointed to a person for $1000 bucks per unit to Russia."
I expect you'd get the Nobel prize as well. The range on the chips used in the ICAO visa waiver is 8-10cm. Unfortunately, there's an inverse square law buried in there somewhere, so if you wanted to read the passport from even 3m you've no chance.
Wrong threat model.
A better, and fun, threat model is that a long range directional reciever might be able to pick up the passport's transmission when it is interrogated by a legitimate terminal: so that someone in the airport could tell when the important VIP or the drug mule has reached passport control.
I imagine some form of encryption might be in order.
Posted by: Dave Birch at April 26, 2005 12:11 PM