Review: Paper Titled "Security Document Theory" by James Moyer

August 22, 2007

by — Posted in Security, Technology

Someone accidentally sent me a link yesterday to a security document that I was meant to read. I read the document (located here) and later discovered he sent me the wrong link. Over all the paper is well written and has some strong theory behind it. I did have some concerns over this paper which I can address here.

Originally I sent this back to the person that forwarded the wrong link to me:

“…You had a line that said “…photo ID cards offer the terrorist all new weak points for exploitation” did you use the word terrorist (since the paper didn’t seem to be about terrorism (which then it would be forgiven in my viewpoint) because of the heart-strings you felt it would tug at? Wouldn’t a better line to keep the document a bit more politically neutral been some thing in the line of “photo ID cards offer possible weak points for exploitation” or using the term fraudsters like you do later in the paper? I don’t like the term terrorist since it has connotations that have widely been twisted since 9/11 and theoretically under some interpretations of the PATRIOT act writing this paper and examining possible weaknesses and publishing it could be a borderline activity (I don’t believe that but strict interpretation of the law could be taken as such).

Machine readable weaknesses could greatly be strengthened by not relying on a local computer but going to a central database while bring up the picture on the screen like advanced documents leading into a two factor authentication of machine then person verification instead of the other way around of a casual glance – this way the authenticator looks at it twice. I don’t like the idea of a centralized authority and I’m against a national ID card for this reason – the privacy concerns are immense. The simplest way would be when the card is printing place an MD5 hash that would need ned to match one printed holographically on the front of the ID. This way education would teach us (verifiers in general) that to verify the ID – we scan it and then type in the pin that should match against the MD5 hash on the magnetic strip. This allows us infinitely more security then we have now without the privacy loss implications of a centralized authority.

Document fraud is always going to continue as long as believe in the privacy and rights of the individual. Document verification does not nec. make our government more secure. While some of the 9/11 terrorist had expired Visas – other had perfectly valid non forged ones. If we track back history to the last major terrorist attack before that Oklahoma City bombing – that was done by an American with which I suppose had valid accurate documents. …”

As you can see by the verbiage I used and the fact that I didn’t pay extreme attention at first I had mistakenly thought the person that sent the link was the author. He was not and told me he couldn’t speak to the points contained within the paper. Fair enough.

I stated most of my points in my above email excerpt, however one thing started nagging at me later (the same nagging that urged me to write this post. The author fails to take into consideration (or glazes over the fact in his paper) the inherent insecurity during the migration period. While border guards, guards at federal government facilities, and TSA representatives can be well-trained ramping up to launch of new identification, the populace at large would not have the same training.

Because the population at large would be vaguely aware of a new system but not sure the details of what to look for this opens up a window of opportunity for larger fraud to happen then what dictates under the current system. I remember businesses having issues accepting the 20.00 bill when it was redesigned since many people thought it felt like play money and looked phony. While they usually (reluctantly) accepted it, I’m sure there was a good opportunity for counterfeiters during the weeks/months that followed.

Now if you notice above I mentioned federal agents, local police are normally no better at detecting these things. If they called it in they may get confirmation, but some police departments are lax and don’t follow a unified procedure. For an example of this idiocy please track down Steve Wozniak’s stories about having issues with the police saying his 2.00 bills were phony when a store manager who didn’t believe 2.00 bills existed asked the officer that came into the store.

I’m not saying we should stay the course during all of this and some states should have a stronger anti tampering mechanism. The realID issue trying to get into fruition is one attempt at the federal level to do this. I don’t believe in the realID system since it erodes our personal liberties so I don’t think there should ever be a central authority. I could go on and rail about the realID system – but you should search “ron paul realID” and here that man’s thoughts on the issue.

Finally the cost of this reimplementation of identification papers. This is something completely not absent in the document. If you look at the numbers implementing the realID system you can see the absolute cost that this will cost you for very little security in return.

“The man who trades freedom for security does not deserve nor will he ever receive either.
Benjamin Franklin

4 thoughts on “Review: Paper Titled "Security Document Theory" by James Moyer

  1. Hi! I finally got around to reading your comments on my SDT whitepaper. I have to admit, I haven’t looked at it for some time now…it was written in 2003/2004.

    Addressing your concerns in order…

    a.) Frankly, I didn’t remember using the word “terrorist” in that second paragraph. I’m not crazy about its use now either, but perhaps it seemed less severe/more relevant in 2003.

    b.) As far as I can tell, your proposal of having a MD5 hash is simply to show that the machine readable element is valid. That seems like a lot of work for something that doesn’t achieve much.

    c.) I guess I did glance over migration period problems. (I would have sworn I mentioned something about it–for instance, once a person knows what a new $100 bill looks like, they might accept them, but they will not necessarily know what they should be looking for in order to know the document is good.)

  2. Hi! I finally got around to reading your comments on my SDT whitepaper. I have to admit, I haven't looked at it for some time now…it was written in 2003/2004.

    Addressing your concerns in order…

    a.) Frankly, I didn't remember using the word “terrorist” in that second paragraph. I'm not crazy about its use now either, but perhaps it seemed less severe/more relevant in 2003.

    b.) As far as I can tell, your proposal of having a MD5 hash is simply to show that the machine readable element is valid. That seems like a lot of work for something that doesn't achieve much.

    c.) I guess I did glance over migration period problems. (I would have sworn I mentioned something about it–for instance, once a person knows what a new $100 bill looks like, they might accept them, but they will not necessarily know what they should be looking for in order to know the document is good.)

  3. That’s fine I ran across it and felt a need to just comment on it. It’s nothing personal in the fact of what I pointed out.

    If anything if you were to revisit and take this paper to the next step in the future just giving you or anyone else following in this direction another point of view on the subject.

    Though I still believe in the MD5 hash personally since this could give a degree of larger authenticity on machine readers that would not have a picture display to compare the person to a photo on file.

  4. That's fine I ran across it and felt a need to just comment on it. It's nothing personal in the fact of what I pointed out.

    If anything if you were to revisit and take this paper to the next step in the future just giving you or anyone else following in this direction another point of view on the subject.

    Though I still believe in the MD5 hash personally since this could give a degree of larger authenticity on machine readers that would not have a picture display to compare the person to a photo on file.

Leave a Reply