ePassport readers

Status
Not open for further replies.
M

Mr Magoo

Newbie
Joined
Dec 5, 2009
Posts
6
:?:Has anyone heard of or experienced having their passport details fraudulently collected by other than official agencies in airports, etc? Earlier in the year there was a report on a current affair program that perpetrators could walk by you (within a number of metres) and download your personal info from your ePassport. The report advised that wrapping the passport in aluminium foil could prevent this occurring.
I wonder if there is any truth in the info.:-|
Mr Magoo
 
Struggling to Redeem Your Frequent Flyer Points?
The Frequent Flyer Concierge team takes the hard work out of finding reward seat availability. Using their expert knowledge and specialised tools, they'll help you book a great trip that maximises the value for your points.

AFF Supporters can remove this and all advertisements

The data on the chip is PKI (Public Key Infrastructure) protected, guaranteeing that it was put there by an authorised issuing authority and has not subsequently been altered. The chip's digital signature meets standards determined by the International Civil Aviation Organization (ICAO), a specialised agency of the United Nations.
Click to expand...

Even if they could read it, the data should be encrypted and cannot be decrypted without the key that the Department of Immigration & Citizenship hold.

I wouldn't worry about wrapping it in foil, and no it shouldn't be metres. I believe this kind of RFID can only be read within close proximity!

The Australian ePassport
 
BlueAU said:
Even if they could read it, the data should be encrypted and cannot be decrypted without the key that the Department of Immigration & Citizenship hold.

I wouldn't worry about wrapping it in foil, and no it shouldn't be metres. I believe this kind of RFID can only be read within close proximity!

The Australian ePassport
Click to expand...

But, the point of public key encryption is that there is a "public key", which as the name suggests is public. There is also a secret key which would be held by DMIC. This secret key is not given out. So other immigration departments can only know Australia's public key.

So perhaps there must be multiple encryted versions on the passport for each country, produced from the various public keys of the other countries.
 
As there is no such thing as perfect security I'd suppose anything is possible..

I've no idea about the mechanics of an epassport. But let us consider an example where stealing data from an epassport is fruitless by design due to our paranoia (or concern for an attack as described by the OP).

Lets say the epassport contains a unique id number that represents one person from Australia, this number is encrypted.

id number: 1 (very plain)
encrypted id: c4ca4238a0b923820dcc509a6f75849b (quite a difference!)

When the RFID scanner reads your passport it receives the encrypted id (doesn't look very useful).

We then take that encrypted id, and search for a matching encrypted id number in a secure database (the id in the database would be encrypted in the same fashion when it was first placed in the database).

From the match, your passport details can then be pulled up and your identity verified.
Click to expand...
The above example would render an attack on the passport itself pointless, but this is just an example..

Generally speaking correctly used encryption is reasonably safe. Don't forget though that it isn't the only piece of the security puzzle.

On a side note regarding foil; I've heard that it can be used to beat the shop lifting scanners at department stores (another bad news special).
 
The first issue you have with Australian passports, is that to read the information from the chip, you have to pass it a set of keys, so if you were going to try snooping on it, you would need some way of working out what the keys are for the passport.

As for the aluminium foil, I have heard that some passport wallets have a Faraday Cage built in to them.
 
Maybe lead "foil" a few mm thick, but aluminium foil is not going to have any effect. If the RFID "signal" is so strong that it can be read from several metres away, aluminium foils is going to be useless.

But the reality is that the type of RFID chips using in passports need a reasonably strong RF stimulant signal, and rdiate such a low signal level that the readers need to be in very close proximity to the chip.

And just stimulating a response from the chip does not provide the personal details of the passport holder.

You may be better off asking this question of Mythbusters and get Jamie and Adam to "officially" bust the myth.
 
I doubt that encryption keys would be sent to the passport. it would be simpler and more likely that the passport only contains encrypted information and it returns this information on request. it is then up to the people receiving the information to decrypt it.

The aluminium foil would act as a faraday cage. So if indeed the passport holders are conducting faraday cages then aluminium foil would be just as good. Not sure you need to resort to lead, no need to attenuate the signal, just to prevent it getting to and from the passport, any conductor should do this.
 
Dare I ask what the point of trying to copy chip data would be? My understanding from watching people breeze past me at customs (I had to wait 1.5 hours in line) was that they had to insert their photo page to be read by the machine...

So it would seem that copying the info couldn't be used to get through customs, and why would you want those details for identity fraud when you can get more info on someone by going through theur garbage...
 
medhead said:
I doubt that encryption keys would be sent to the passport. it would be simpler and more likely that the passport only contains encrypted information and it returns this information on request. it is then up to the people receiving the information to decrypt it.
Click to expand...

Australian passports implement Basic Authentication Control which is designed to prevent the data on the chip being read until the machine readable zone has been read. This is done by a set of keys, derived from information in the macine readable zone..
 
oz_mark said:
Australian passports implement Basic Authentication Control which is designed to prevent the data on the chip being read until the machine readable zone has been read. This is done by a set of keys, derived from information in the macine readable zone..
Click to expand...
Yeah, so what you talking about is typical public key authication processes. I don't really understand what you mean with the comment. But these processes aren't typically going to involve transmitting keys - to do so weakens the cypher, and in the case of a public key is pointless because everyone should know the public key. More likely it transmits the specific information encrypted with the keys - trypical challenge/answer stuff I imagine.

ps. I'm really pushing the limits of my memory on the subject I did on this stuff at uni. So I could be wrong on specific details, and I'm trying to keep my comments general. I also don't want to dig out my notes etc.
 
My point, in the context of this thread, is to note that there a security features in the passport that prevent it transmitting information unless you verify that you are in possession of the passport. It doesn't just give up the information willy nilly to any old reader that may be around.
 
Yes, and I'm sure we all understand from the thread that australian passports are secure. My point, in the context of the tread, is to clarify the mechanism used to secure those passports.
 
oz_mark said:
Australian passports implement Basic Authentication Control which is designed to prevent the data on the chip being read until the machine readable zone has been read. This is done by a set of keys, derived from information in the machine readable zone..
Click to expand...
I believe it only Australian Passports starting with the letter N that have this control. The previous "M-series" passports do not have this control
 
So I could have a sexy lookin' spook just pass by me and pick up all my vital statistics...... I must put my mobile No. on it

Spooky....
 
Mr Ed said:
So I could have a sexy lookin' spook just pass by me and pick up all my vital statistics...... I must put my mobile No. on it

Spooky....
Click to expand...
All they can pick up is an encrypted version of the information contained in the passport photo page, such as the photo, passport number, date of birth, place and date of issue, expiry date, nationality. Decrypting the information into something useful is not so simple.
 
Two things, firstly with Public \ Private key encryption, the public key can only be used to encrypt data. It can not be used to decrypt data, only the private key can do that.

So anyone who has my public key can use it to encrypt data and send it to me, but the only key that can decrypt data is my own private key. If someone else has encrypted data and a copy of my public key it's not going to do them any good as the public key can not be used to decrypt data.

I could try and take some guesses on how an ePassport works (I have some theories, but obviously I don't know for sure). That said, I would take a very good guess that the data is encrypted, and may not even be full details, but simply a hash of the details in your passport purely for confirmation purposes.
 
Hi all repliers. Thanks for the info. I'm now totally confused but it would appear I have nothing to really worry about regarding identity fraud next tome I travel with my passport.:)

Mr Magoo
 
I'd say your pretty safe, they would need to get hold of your physical passport for there to be any risk, and even then ePassports have limited ability to be modified.
 
I was going to ask about the "Smartgate Systems". Answered my own question through a little bit of searching. Although it states that those passports beginning with the "M" number are eligable...

"All Australian passports issued after 24 October 2005 and all New Zealand passports issued after November 2005 are called ePassports. An ePassport has a microchip embedded in the centre pages and an international ePassport symbol on the front cover. The microchip contains the same personal information that is on the colour photo page of the ePassport, including a digitised photograph."

Mine starts with "m", but got issued October 2004. So, l take it that i have to wait another 5 years to get a e-passport. Any chance of an "upgrade/discount" or do l have to pay the full fee to get a new one? I could have done with one the other day as the que @PER was taking some time.


On another note; Why do Customs feel they have the right to skip 8 pages between countries stamped on a 32 page Passport when there is still 5 years left before expiry? Does anyone else get this or is just me?
 
Oneworldplus2 said:
I was going to ask about the "Smartgate Systems". Answered my own question through a little bit of searching. Although it states that those passports beginning with the "M" number are eligable...
Click to expand...

From memory, all M series passports are chipped. L was the series before that, and was the last ones to not be chipped.

If you have the "Biometric passport indicator" on the front of the passport - ie your passport looks like this, then you can use the new Smartgate system.
attachment.php
 

Attachments

  • AustralianBiometric.jpg
    AustralianBiometric.jpg
    9.5 KB · Views: 39
Status
Not open for further replies.

Enhance your AFF viewing experience!!

From just $6 we'll remove all advertisements so that you can enjoy a cleaner and uninterupted viewing experience.

And you'll be supporting us so that we can continue to provide this valuable resource :)


Sample AFF with no advertisements? More..

Recent Posts

Currently Active Users

... and 35 more.
Total: 1,112 (members: 85, guests: 1,027)
Back
Top