[extropy-chat] RFID smartcard passports and driver's licenses

[Mike Lorrey]

Personal biometrics that stand a chance of being left lying around are
insecure keys. You leave your DNA all over the place, and your
fingerprints remain on everything you touch. Retina scans seem the only
really secure biometric, save the risk that someone is likely to gouge
out your eyeball to get your key (or forcibly scan you while under
restraints, physical or drug induced). 

Beyond this, the risk is that you have to trust any piece of equipment
that demands to scan you. This is vulnerable to man-in-the-middle
attacks similar to the fake-ATM scam, where you would see some kiosk
providing some product or service you wanted (stamps, ATM, subway
passes, concert/theater/airline/sports tickets, candy or other food
vending, etc) that would demand your retina scan and a scan of one of
your payment cards for something real. 

The kiosk might or might not portray an error after scanning you, thus
saving on output product, and prompting users to call a phone number on
the kiosk for 'customer service', which would allow for further
identity compromise through social engineering.

--- "Extropian Agroforestry Ventures Inc." <megao at sasktel.net> wrote:
> Your personal biometrics would be your "private key".
> Personal genomics  might be constitute a "super key" from which would
> 
> be  chosen  pieces of conserved genomics
> encrypted into the "private key".
> Your "public key" which would be the identity used for everyday 
> dealings. and would be a
> "low resolution" version of your "private key".
> Over a lifetime  the "private key" might be used to generate several 
> versions of a "public key".....if
> the "public key"  was compromised".
> 
> 
> 
> Samantha Atkins wrote:
> 
> >
> >
> >> On Apr 8, 2005 12:31 AM, Mike Lorrey wrote:
> >>
> >>>
> >>> The thing you are missing is that as RFID becomes ubiquitous, a
> hacker
> >>> doesn't need access to a database anymore to rip off your
> identity, it
> >>> is ALL sitting on your person in the form of chips ready to
> transmit
> >>> your personal information like Kitty Kelly playing a crack whore.
> >>>
> >> <snip>
> >>
> >>>
> >>> Are you getting that cold sinking feeling, yet?
> >>>
> >>
> >>
> >>
> > A solution to possible identity theft would be to tie the
> information 
> > to biometric scan.  Thus a would be identity thief would be 
> > immediately detected.
> >
> > A better solution also addressing privacy would be a small computer
> 
> > (perhaps the size of a key fob or built in to a cell phone) that
> could 
> > only be activated by the biometrics of the user and that allows the
> 
> > user to rigorously control how much information is transmitted in
> any 
> > encounter.  If the device was stolen it would be useless without
> very 
> > major decryption work.   It should also be possible to set the
> amount 
> > of information to be automatically available on request at will. 
> The 
> > information that I would want automatically available at a party
> would 
> > likely be very different than what I would want available in a 
> > business setting.
> >
> >
> > - samantha
> >
> > _______________________________________________
> > extropy-chat mailing list
> > extropy-chat at lists.extropy.org
> > http://lists.extropy.org/mailman/listinfo/extropy-chat
> >
> >
> 
> 
> 
> -- 
> Internal Virus Database is out-of-date.
> Checked by AVG Anti-Virus.
> Version: 7.0.300 / Virus Database: 265.8.7 - Release Date: 2/10/05
> 
> _______________________________________________
> extropy-chat mailing list
> extropy-chat at lists.extropy.org
> http://lists.extropy.org/mailman/listinfo/extropy-chat
> 

Mike Lorrey
Vice-Chair, 2nd District, Libertarian Party of NH
"Necessity is the plea for every infringement of human freedom.
It is the argument of tyrants; it is the creed of slaves."
                                      -William Pitt (1759-1806) 
Blog: http://intlib.blogspot.com


		
__________________________________ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/