[Dave Birch] Bruce Schneier‘s blog points me at the "Budapest Declaration", which also came up at the International Biometric Foundation meeting that I went to yesterday (I was leading the round table on public sector issues).  The declaration includes this:
European governments have effectively forced citizens to adopt new international Machine Readable Travel Documents which dramatically decrease their security and privacy and increases risk of identity theft. Simply put, the current implementation of the European passport utilises technologies and standards that are poorly conceived for its purpose. In this declaration, researchers on Identity and Identity Management (supported by a unanimous move in the September 2006 Budapest meeting of the FIDIS “Future of Identity in the Information Society” Network of Excellence) summarise findings from an analysis of MRTDs and recommend corrective measures which need to be adopted by stakeholders in governments and industry to ameliorate outstanding issues.
Since e-passports are a very important kind of digital identity, it’s important to understand the issues that they are highlighting.

Technorati Tags: ,

The technologies that the FIDIS groups are talking about are the RFID chips being issued in the new e-passports (not just in Europe) and the Basic Access Control (BAC) and Extended Access Control (EAC) protocols for accessing data on the chips.  Ssnce CHYP and its partners offer the Electronic PAssports Testing Service (EPATS) which helps suppliers to assess compliance and interoperability for their e-passport products, we have practical experience that may be relevant to the discussion of these technologies.

Put simply, BAC means that you need to read the MRTD "strip" in a passport before you can read the chip contents.  The chip contents (which comply with the ICAO specifications) are all data elements that are printed in the passport anyway, so you don’t learn anything more by reading the chip: it’s primarily an anti-counterfeiting device.  Now, it is feasible for an eavesdropper a few metres away to listen in on the transmission from the passport back to the terminal, but without access to the MRTD it will be meaningless.

The data is signed (well, a hash of the data is signed) using a private key from the issuing country.  The corresponding public keys are stored in the ICAO Public Key Directory (PKD), so the border control terminals need to download these every day, which may not have been thought through as well as it might be.  But, in theory at least, you cannot forge an e-passport because you cannot forge the digital signature that is blown into the chip, even if you can forge the written signature on the passport.

So why are these technologies seen as reducing security?  What could an attacker achieve by reading the chip in your passport, even if they could find some way of doing from a couple of metres rather than 5cm?  If they light up the chip, all they’ll get back is a random chip identifier and some data they can’t decode without reading the MRTD data in the passport, unless they can brute force the BAC key because it has been made dependent on other data in the MRTD strip (this is a genuine problem in some countries and needs fixing).  But the idea put forward elsewhere that a bomb could learn the characteristics of the chips used in, say, UK passports seems a low probability to me since all e-passports will use the same chips from a handful of manufacturers.  In the UK, where 2.5 million e-passports have already been issued, as well as the rest of the EU, BAC is mandatory (and the government have said that it will be mandatory for ID cards as well, so they will presumably have to have the MRTD strip printed on them somewhere) and EAC will be mandatory for fingerprints when they are added to e-passports in the future (the "Data Group 3" encoded left and right index fingers).  EAC allows the e-passport to verify the terminal and includes session encryption (here’s how it workshere’s how it works), although there are some reaonable concerns about how exactly the PKI will work in practice (since the EAC certificates will have to be distributed to terminals worldwide by the issuing authorities).  It’s a genuinely important topic for discussion, so if you have any other threat models, please share them.

A coda to pay the rent: if you want to know more about the EPATS service, it’s here…

Epats Web 0906

[posted with ecto]

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: