Passports (and other secure travel documents) are technology

Passports (and other secure travel documents) are technology.

I recently read a criticism of the RFID chips in biometric passports, and the main arguments were

1) Security vulnerabilities (either real or hypothetical) that could result in interception of sensitive data as it goes through the air
2) Physical fragility of the chip; reports of a child's passport's chip breaking when they simply sat on it

So that led me to think about the purpose of the chip. The most important feature is Passive Authentication; a checksum of the personal info and photo, signed by the issuing authority to prevent forgery.

Question: Why do we need a chip for that? The chips only store 16-32KiB of data. It could easily be printed on the paper passport, either as a high-density barcode or just in an OCR-able font (like the existing MRZ, but much smaller).

Pros:
* The only technology required to read the entire dataset is a high-quality scanner/camera. This allows it to be read more broadly (don't need special RFID machines) and also allows the holder to confirm which data the passport holds on them.
* RFID readers already need to scan the passport too, in order to read the MRZ to form the BAC key.
* Paper is resilient and reliable, provided the data is printed with some degree of redundancy. Printed data would easily survive a number of damage events that would completely destroy a chip.
* Paper is secure- an adversary cannot read the data without physically acquiring, opening, and scanning your passport.

Cons:
* The physical security only applies if the document can be closed. This approach would be better suited for traditional paper book passports than biometric ID cards.
* Other cons that I'm not seeing?

Other urls found in this thread:

google.com/search?q=eu travel passport
twitter.com/NSFWRedditVideo

>Other cons that I'm not seeing?
It doesn't provide the same stepping stone to total surveillance that an RFID chip does

Are you referring to the fact that it isn't possible to be sure about which data the chip stores? Or something else?

Why are the e-passport gates at heathrow such fucking garbage compared to every other british airport? someone answer me that please?

If I never travel outside of my home country, why should I give a shit.

What I'm saying is that training people to carry a remotely readable identification device is step 1 on the road to complete 1984 style surveillance.The paper version proposed by OP doesn't have this, which is a con from the government's point of view.

It also doesn't check the "but technology and stuff" checkbox that politicians love to tout.

Many people do, it is a very important matter for both governments and citizens alike that this travel is monitored. Your passport contains a fuck ton of personal information, and if you are at all interested in infosec, you would care whether your governing body chooses the correct data to store and the correct method of storing it

>The chips only store 16-32KiB of data.It could easily be printed on the paper passport

Good look printing 32KiB of data on a passport. Even a huge fucking QR code (the kind a phone can barely read anymore) can only store 3KB

>32 KiB of data on paper
How the fuck are you going to manage to cram that onto a passport page?

Also
>stupid nigger latino chink working at CBP manages to smear ink from his stamp onto fraction of your code
Now your passport is useless and you're stuck in the US until you contact your embassy and get a new pass port

>This allows it to be read more broadly (don't need special RFID machines)

You know that thing in your pocket? Yup, thats a "special RFID machine".

I can read my (european) travel passport no problem with an app on my phone. Doesn't work with my normal (german) passport because Samsung apparently fucked up their drivers somewhere (Galaxy Note 4).

Also, you need to enter the serial number printed on the passport to be able to read the RFID (= basically NFC) data, so you already need physical access.

I have a question. I have two active British passports. They were made 3 years apart. Are the chips likely to hold identical information?

QR codes need to be readable using low quality cameras from significant distances. There's no such limitation here. If printed in base64 (so 6 bits per character), and you print a 140x160 character grid, that's already over 16KiB. Introduce four colours and there would be no issue.

>How the fuck are you going to manage to cram that onto a passport page?
See above
>smear ink from his stamp onto fraction of your code
I mentioned redundancy in the encoding for exactly this reason.

You can rely a high quality scanner being available basically anywhere. You can't necessarily rely on an NFC device being available (expensive smartphones including them is a recent thing). But even if we assume RFID is sufficiently widely usable, my other points still apply.

I know. That's assuming BAC works correctly and the chip's software has no bugs. Look up the wikipedia article for "biometric passport".

Nope, at least here in Russia chips use Basic Access Control to prevent remote reading (the chip needs a key derived from birth date, issue date and passport number to prove that you're holding it in the hands). Also hashes.

Ah right. If I'm travelling on the continent I just use whichever one is closest to my hand in my bag. Sometimes even getting on a plane at one end with one and off at the other end with the other. Never been flagged or anything so I assumed the info was identical, save for the number of course.

>(european) travel passport
>normal (german) passport
How do these differ? Don't most people have one passport (excluding dual citizens)?

If you mean the same types of information, yes, they'll be the same. If you mean literally the same data, no- even if the same digital photo was used for both, the chip also stores other data that will differ. The passport number and issue date, for starters.

>I have two active British passports.
How did that happen? Travelled to Israel and need to visit Muslim countries afterwards?

Maybe the values are the same, so the data doesn't differ from the scanner's point of view, but they're not bit-to-bit identical.

I'm travelling internationally nearly weekly for work. You can get a second passport if you require yours for travel while its simultaneously being sent off for a visa or something like that.

You just have to get your employer to provide the government with a letter as to why it's absolutely necessary. I'm self employed so had a couple of extra hoops to go through.

Plus like you say, I keep Middle East, Russian stamps and visas in one passport and the US in another

A scanner that can read multiple layers of text (?) in different colors at a resolution far higher than normal OCR is more available than basically any (android) smartphone made in the last 5 years?

No, you need to have both if you want to travel outside the EU. The passport looks like OP, travel passport contains stamps from visited countries google.com/search?q=eu travel passport

No need for different layers. But overall, I concede the equipment availability argument; my others remain.

The OP is a scan of a British passport's ID page. The passport looks like pic related. It contains both an ID page and many visa stamp pages. There are no other commonly-issued travel documents for UK citizens. I was under the impression this is how passports normally work.

By your "normal"/non-travel german passport, are you perhaps referring to an ID card? e.g. a driver's license sized plastic card? Those wouldn't normally be called "passports", even though you can use them for EU travel.

Guess I had my vocabulary wrong. Yes, I meant a normal ID card, which was passport sized in germany until a few years ago and is now credit card sized and uses the same system to store digital information as the passport.

>Heathrow e-passport gates
>garbage
How so?
Remember to take your glasses off first m8