Monday, November 07, 2005
RFID Collision IDs
RFID chips, including the ones specified for U.S. passports, can still be uniquely identified by their radio behavior. Specifically, these chips have a unique identification number used for collision avoidance. It's how the chips avoid communications problems if you put a bagful of them next to a reader. This is something buried deep within the chip, and has nothing to do with the data or application on the chip.
Chip manufacturers don't like to talk about collision IDs or how they work, but researchers have shown how to uniquely identify RFID chips by querying them and watching how they behave. And since these queries access a lower level of the chip than the passport application, an access-control mechanism doesn't help.
To fix this, the State Department needs to require that the chips used in passports implement a collision-avoidance system not based on unique serial numbers. The RFID spec -- ISO 14443A is its name -- allows for a random system, but I don't believe any manufacturer implements it this way.