Forgot your password?
typodupeerror

RFID Passport Security "Poorly Conceived" 33

Posted by kdawson
from the we-knew-this dept.
tonk writes, "European expert researchers on identity and identity management summarize their findings from an analysis of passports with RFID and biometrics — Machine Readable Travel Documents or MRTDs — and recommend corrective measures that 'need to be adopted by stakeholders in governments and industry to ameliorate outstanding issues... By failing to implement an appropriate security architecture, European governments have effectively forced citizens to adopt new international MTRDs which dramatically decrease their security and privacy and increases risk of identity theft. Simply put, the current implementation of the European passport utilizes technologies and standards that are poorly conceived for its purpose.' The European experts therefore come to similar conclusions as the Data Privacy and Integrity Advisory Committee of the US Department of Homeland Security in a draft report, which seems to be delayed."
This discussion has been archived. No new comments can be posted.

RFID Passport Security "Poorly Conceived"

Comments Filter:
  • by HighOrbit (631451) * on Thursday November 09, 2006 @02:29PM (#16787709)
    Are these "data rich"? If so, why?

    The "machine readable" part should not need to contain anything more than a unique number (i.e. primary key) and perhaps a pki type hash to verify authenticity. The rest can be contained in a (hopefully) secure database using an international common format or schema. The id number could also be soley used as a passport serial number and not used for any finanical purposes.
  • The actual report (Score:4, Informative)

    by mgemmons (972332) on Thursday November 09, 2006 @02:32PM (#16787727) Homepage
    Here [fidis.net] is a link to the actual report.
  • Unique number (Score:3, Insightful)

    by digitaldc (879047) * on Thursday November 09, 2006 @02:47PM (#16787849)
    Maybe in 2008 you will be able to verify your vote for President with them as well?
  • by TheSHAD0W (258774) on Thursday November 09, 2006 @02:47PM (#16787851) Homepage
    Discard the "contactless" RFID option and use the old-style smartcards with the metal contacts. They're easier to design and can have more computing horsepower, since you don't have to power them passively, and they don't have problems with remote detection or electronic pickpocketing.
  • microwaves! (Score:4, Informative)

    by stew77 (412272) on Thursday November 09, 2006 @02:50PM (#16787865)
    From what I was told, a passport is still valid even when the RFID chip is unreadable (as long as the rest of the passport is OK, of course). Maybe we should simply microwave our new passports for 10 seconds.
  • No shit. (Score:4, Interesting)

    by Omicron32 (646469) on Thursday November 09, 2006 @02:51PM (#16787869)
    People on Slashdot have been saying this since it was first announced.

    They should talk to geeks more.
  • I think this is a good idea, as it can be just like pop it in then out. no real hassle, kinda like a debt card
  • Is ECM Possible? (Score:3, Interesting)

    by powerlord (28156) on Thursday November 09, 2006 @02:53PM (#16787881) Journal
    I was RTFA:

    "RFID chips are being used in the nation's passports, cards used to identify transportation workers and cards for federal employees, and may be features of the Registered Traveler program, the soon-to-be-released standards for all states' driver's licenses under the REAL-ID act, as well as proposed medical cards."


    and I thought, "with so many RFIDs, couldn't they interfere with each other?" and then I started wondering ...

    Most of the approaches people are talking about are "Passive Countermeasures" such as wrapping the RFIDs in a faraday cage.

    What about Active Countermeasures? Broadcast so much garbage on the carrier frequencies that the RFID can't communicate? (the start of a Personal Privacy Shield perhaps?) Yes, it lights up the broadcaster in ambient noise, but it is this even possible (and what effect would it have on other things around you?
  • A lot of the issues discussed about the architecture are true for any RFID implementation. I don't understand how they could not have realized these beforehand. RFID is generally an insecure medium. From the report one particularly aggregious security flaw that struck me was:
    • The key to access data on the RFID tag is stored on the passport itself and can be read by humans and machine scanners.
  • You'd think... (Score:1, Insightful)

    by Reidsb (944156)
    that people would more closely examine the security issues when dealing with something like this. I know I shouldn't be surprised, but I am.

    Honestly, even with good security, the system is only going to be as good as the people who check these passports when they are used. If they just have someone scan them in and assume the right person has the passport, then it's still not secure.
  • I for one welcome our new passport data sniffing RFID overlords, and proudly wear my tin-foil passport envelope so they can't steal my data unless they want to.
  • Well, what if a bunch of no-gooders with Leitz-like camera flashes (that really are mini-EMP devices) just "light up" all the terminals they can get into? Or, if they can not get into the building anymore, light up along the roadways leading into the airports? Well, suddenly, a LOT of people, even registered travelers might be screwed. Maybe even a "hardened" Faraday cage won't help them...

    This would very suck...
  • The "machine readable" part should not need to contain anything more than a unique number (i.e. primary key) and perhaps a pki type hash to verify authenticity. The rest can be contained in a (hopefully) secure database using an international common format or schema. The id number could also be soley used as a passport serial number and not used for any finanical purposes.

    Precisely, you wouldn't even need to have a name or photo on the passport. That way if a passport was stolen the thief would not know

  • Can anyone recommend appropriate, and easily accessable, shielding for RFID equipped stuff? For example would an antistatic bag be sufficient?
  • by swillden (191260) * <shawn-ds@willden.org> on Thursday November 09, 2006 @03:26PM (#16788115) Homepage Journal

    In response to the poster who asked why these passports are data rich: Because it avoids the need to place all of this detailed personal information in central databases which are accessed remotely from thousands of locations around the world. How would you secure such a database?

    The ICAO recommended approach is much more secure -- the problem here is that the EU has chosen not to implement the security features. The US State Dept. started down the same path, but changed course in response to public outcry.

    Here's a description of how the "basic authentication" as recommended by the ICAO specifications works -- this is from memory, but it should be very close to accurate:

    • The contactless smart card chip refuses to divulge any data until after the reader authenticates itself with a challenge-response protocol using an AES key (128 bits, IIRC) which is derived from an optically-scannable string printed inside the passport cover.
    • During the challenge-response protocol, a pair of session keys are generated, one is used by the passport chip to encrypt all data responses, and the other is used by the reader to individually authenticate each data request.

    So, unless you can break AES or exploit some other flaw in the passport chip* the only way to retrieve the data from the chip is to look inside the passport. If you can look inside the passport, however, you really don't need to talk to the chip at all, because with the exception of some digital signatures, all of the data in the chip is printed in the passport.

    What exactly is in the chip? Again from memory:

    1. A fairly high-quality JPEG image of the passport photo. Around 30KB. I really think they should have used JPEG2000 which would have maintained the high quality with maybe half as many bits, but...
    2. All of the personal data printed in the passport (name, address, birthplace, passport #, etc.)
    3. RSA digital signatures of all of the above, with signing key certificates so the authority chain can be traced back to the issuer's secret key (which may be signed by an ICAO key... I don't remember).

    In the future, other biometrics may be added as well, like a fingerprint image.

    The US State Dept. has chosen to go one step beyond the ICAO recommendations and add shielding to the passport cover, so the chip is isolated and can't be queried or detected when the cover is closed. Without that, an attacker couldn't read the data from the chip, but he could "ping" the chip and notice its presence.

    *Note that these chips were not created for passports, they're standard contactless smart card chips which have decades of use as security devices behind them, and which protect billions in credit card transactions annually -- nothing's perfect, but they're darned good, having gone through many years of breaks and application of countermeasures.

    • by martijno (533960)
      The ICAO recommended approach is much more secure -- the problem here is that the EU has chosen not to implement the security features.
      I really think they should have used JPEG2000 which would have maintained the high quality with maybe half as many bits, but...
      FYI, the Dutch passport does implement Basic Access Control and the image is JPEG2000.
      • by swillden (191260) *
        The image is JPEG2000? Are you sure? I didn't think that was an option in the specification. The ICAO test data sets definitely use JPEGs, of that I'm positive.
  • Wish I had mod points so I could mod swillden's post (#16788115 [slashdot.org]) up. He has informatively covered all the points.
  • by zmollusc (763634) on Thursday November 09, 2006 @03:59PM (#16788305)
    What do you think the response of a government official would be when an underling brings him/her a proposal for some new project/legislation that will benefit the official?
    a) 'Sounds interesting, but lets get some more input and make sure there is no downside for our employers, the public'.
    b) 'Woot! More power and influence for me! Promotion for you, but if it goes wrong, you will get the blame!'
  • by Rich0 (548339) on Thursday November 09, 2006 @04:19PM (#16788421) Homepage
    A previous post indicated that the problem with storing just an ID number on the passport and querying the rest of the info from a central DB is the problem of giving the whole world access to that DB.

    There is a solution:

    1. ID reader queries chip to obtain nation of origin.
    2. ID reader presents a certificate from the owner with the ID of the reader to the nation of origin, requesting permission to read the passport. Nation of origin authenticates request and provides signed packet with reader ID, valid authorization time range, timestamp, and certificate of nation of origin. This approves that the nation of origin recognizes the reader as a valid one for reading the passports.
    3. Reader caches #2 to reduce traffic, and presents this packet to the passport. The passport verifies that the ID reader is approved to query the passport by its nation of origin.
    4. Passport returns its ID, certificate, and signed permission to query with some expiration date encoded.
    5. Reader presents #4 to nation of origin to query its database. This proves that the passport is physically present.
    6. Nation of origin returns signed database entry.

    Quick objections might be that this sounds like a lot of round trips, but all but one of these trips could be cached (the reader could be given permission to query passports for a day or more at a time). Another objection might be that every reader would need to get permission from every nation, but this is also not the case - there merely needs to be a chain of trust. So, the US could grant France access to its passports, and then France could delegate access to individual readers.

    Various pros and cons exist and I think the actual-implemented solution is not a horrible one. I just wanted to show that a central DB doesn't have to be impossible-to-secure.
  • I really, really, really, don't think the State Department has thought this through.

    Data that is just "Out there" is not safe, even if you encrypted it.

    I would feel much more comfortable if the RFID chip was used to identify that the Passport was valid, that's it.

    They could have rotating PGP keys anytime the passport goes through a customs port. The PGP keys could then be linked to your data.

    Example:
    You pass through customs in France, you get assigned a key...that key (only that passport) arrives in the US
  • by kc1man (1016974) on Thursday November 09, 2006 @04:31PM (#16788509)
    The general idea behind the e-passport is to create harder-to-fake passports as well as speed border processing. I will avoid the issue of creating counterfeit passports, as in the long run adding an RFID chip to this document will only make it harder to counterfeit. Old non-RFID passports will continue to be accepted for at least another 10 years. By then, it is likely that counterfeiters will have caught on and the issue will be moot. As for speeding border processing, this is not going to help anything. The passport still needs to be opened, and in the US case, a "passkey" needs to be entered into the system for the data to be readable (crackers already have found ways of decoding the signal and data if they have some basic info about the holder). This can easily be done using 2D barcodes which are not readable without the holder's knowledge. The problem is with everyone else who can read your passport. Whether the person is able to read all your private data, or simply determine that you hold a passport from a particular country, it already poses problems with security. As it looks like the passports are here to stay, the only viable solution is to put them into an RF shielded case, such as the RFID Shield [rfid-shield.com]. Some will say that the passport already has shielding. This is not always true. The Irish e-passport has no shielding at all. Furthermore, a partially open passport has a greater chance of being read, even if the cover contains shielding. This can easily happen in a purse or in your pocket if you accidentally shove your wallet between the pages.
  • MR. T Documents? Does that mean we all have to get bad Mohawks for our passport pictures?
  • I am personally curious about how middleman attacks are prevented since that is where the most securty issues are (IMHO). its easy to make sure that only the desired recipient can read the data (encryption does a great job of that). For a passport though, only existance needs to be verified. It doesn't matter if attacker X doesnot find out anything about victim Y as long they can pretend to be that person and for that, it doesn't mater how much encryption is on the data if the attacker can just intercept th
  • by tonk (101504) on Thursday November 09, 2006 @07:24PM (#16789645) Homepage
    The ICAO recommended approach is much more secure -- the problem here is that the EU has chosen not to implement the security features.

    This is not correct. The EU has implemented those security features - Basic Access Control (BAC) especially is a European development, mainly brought into ICAO by German Federal Office for IT Security (BSI). BSI also proposed Extended Access Control (EAC) for additional data such as fingerprints. The study on which the Budapest declaration is based has all this analysed.

    The US State Dept. has chosen to go one step beyond the ICAO recommendations and add shielding to the passport cover, so the chip is isolated and can't be queried or detected when the cover is closed.

    The shielding within the cover is not a complete Faraday cage, see RFID Passport Shield Failure Experimental Report [flexilis.com]

    The contactless smart card chip refuses to divulge any data until after the reader authenticates itself with a challenge-response protocol using an AES key (128 bits, IIRC) which is derived from an optically-scannable string printed inside the passport cover. [...] So, unless you can break AES or exploit some other flaw in the passport chip* the only way to retrieve the data from the chip is to look inside the passport.

    The basic problem is, that

    • RFID communication is open to eavesdropping, that
    • the entropy of the key space is rather limited as the keys (MRZ hashes) consist of names, birthdays, serial numbers, etc., and that
    • as the machine readable zone (MRZ) from which the key is hashed does not change for a passports lifetime of 10 years (in Germany), the key is not changeable.
    During the challenge-response protocol, a pair of session keys are generated, one is used by the passport chip to encrypt all data responses, and the other is used by the reader to individually authenticate each data request.

    If you have access to the MRZ, you can just decrypt the session keys. Successfull brute force attacks on eavesdropped passport-to-reader-communication is already feasible within hours, see ePassport Privacy Attack [riscure.com]. Once the MRZ is known, e.g. when you have to leave your passport in a hotel or after a successful brute force attack, the passport can be 'pinged' e.g. when going through a door and then be used as a trigger for something. Excessive eavesdropping of passport-to-reader communication e.g. at airports allows for later brute forcing and then identity theft.

    The Budapest declaration and the study behind it focus in all these issues and take all your points into account. BAC and what is already known on EAC has been analysed. Still the resumee is 'poorly conceived'.

    Because it avoids the need to place all of this detailed personal information in central databases which are accessed remotely from thousands of locations around the world. How would you secure such a database?

    Well, as the US want to store all the data collected from the passports for 50 years, maybe they have an answer to that question?

    Note that these chips were not created for passports, they're standard contactless smart card chips which have decades of use as security devices behind them, and which protect billions in credit card transactions annually -- nothing's perfect, but they're darned good, having gone through many years of breaks and application of countermeasures.

    The problem is not the chips. The problem is the RFID interface, the limited keyspace entropy, the absence of the option to change the key, well, see above.

    Another problem with the passports is the use of biometrics in General, which is also covered within the study and the declaration.

    The bottom line is: RF interface and biometrical identification do not increase security, but risks. These passports will cost lots of privacy, security, and tax money.

    • This is not correct. The EU has implemented those security features

      Thanks for that correction. That's what I get for reading only the abstract.

      The shielding within the cover is not a complete Faraday cage, see RFID Passport Shield Failure Experimental Report

      According to that report, the shielding is only ineffective if the passport is open. I suggest you keep your passport in a flat sleeve or put a rubber band around it if you carry it in a purse or bag where it could fall open. I carry mine in a f

  • by JustNiz (692889) on Thursday November 09, 2006 @08:57PM (#16790247)
    and it has an obvious rfid chip in the back.
    I'm trying to think of any reason why I shouldn't just smack it with a hammer a few times.
  • Why utilize a 3 letter word that's commonly in utilization when you could utilize a 7 letter alternative and get 2 extra syllables!

"I'm not afraid of dying, I just don't want to be there when it happens." -- Woody Allen

Working...