DHS’s proposed RFID tags vulnerable to Man-in-the-Middle Attacks

April 25th, 2006

The DHS asks in a recent RFI for technologies for RFID-equipped identification cards used for border crossings. The RFI specifies that “read ranges shall extend to a minimum of 25 feet” and, for people crossing on a bus, “the solution must sense up to 55 tokens.”This CNET article, New RFID travel cards could pose privacy threat, points out some of the privacy issues.

Bruce Shneier points out those potentially more serious security issues are involved as well:

“And when you start proposing chips with a 25-foot read range, you need to worry about man-in-the-middle attacks. An attacker could potentially impersonate the card of a nearby person to an official reader, just by relaying messages to and from that nearby person’s card. … Defending against this attack is hard. … Time stamps don’t help. Encryption doesn’t help.”

He goes on to lay out the basic scenario by which someone could subvert the system.

This seems like a classic example of the tradeoff between security and convenience.