Feeds

Kaliski not convinced on electronic passports

Better but not perfect…

Internet Security Threat Report 2014

RSA Europe 2005 RSA's cryptography guru Burt Kaliski has warned the US' planned introduction of electronic passports represents a long-term challenge for the security industry.

The US government will begin trialling the passports containing an RFID chip in December before the full introduction early next year. United Airlines staff have been testing one version of the technology since June.

Speaking at the RSA Security conference in Vienna, Kaliski, chief scientist at RSA Security, Kaliski told the Reg: “You have to look the whole deployment over its lifetime to make sure you don't introduce new problems and it must improve on the prior generation.”

“A passport obviously contains personal information so you need fine-grained access control. But with a chip you don’t know what information you are giving away. You don’t know where and what data you are giving away.”

Kaliski said: “There’s been good public dialogue – it’s good to see it getting this attention. But it’s important not to just stop with release number one.”

Kaliski said there was a tendency in the security industry to look at the early stages of any effort but then move attention on to the next “new” thing.

RSA began working with other companies on a specification for one time passwords in February. Workshops were held in May and earlier this week. The informal collaboration has one specification ready for formal acceptance and five more in draft form.

Looking back at the conference Kaliski said he enjoyed Dame Stella Rimington’s endorsement and appreciation of the industry because the intelligence services had initially been so suspicious of encryption technology.

More on Kaliski’s blog here.

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.