Tuesday, May 08, 2007

2D Barcode Isn't Secure For Proposed REAL ID

Authentication will be complete when both the barcode (physical world hyperlink), and database for it, are secure.

Hitachi was demonstrating their solution for this at the RFID Show in Orlando last week.

Smart Card Alliance says 2d barcode isn't secure

The Department of Homeland Security (DHS) should not rely on static 2D barcode technology to store citizens' personal information on REAL ID driver's licenses or identification cards due to its inherent security drawbacks, according to the Smart Card Alliance's comments in response to the DHS Notice of Proposed Rulemaking on minimum standards for REAL ID cards.

According to the Alliance, the static nature of 2D barcode allows printed media to be copied and disassociated from the original ID and its bearer, enabling misuse of the information. By contrast, a smart card's microcontroller chip cannot be altered or tampered with, and it incorporates numerous cryptographic features that enable reliable, strong authentication.

The response statement also notes that the proposed barcode technology cannot secure the information stored in the REAL ID document's machine-readable zone. Thus, required personal information -- including address, date of birth, eye color, height and gender -- could be vulnerable to access by unauthorized users.

No comments: