Hong Kong Smart Identity Cards In 2003

griffinn writes: "The Hong Kong Government has announced its plan to replace the identity cards of all Hong Kong citizens with smart cards, starting 2003. I don't know anything about smart card technology, but I suppose some sort of asymmetric cryptographic scheme is employed to fortify any data stored in it, so smart ID cards should be immune from DeCSS fiascos. But is it possible for someone to just make an identical copy of my smart ID card, and 'become me'?"

For information that comes straight from the "HK Special Administrative Region Government," there's more information in here than I expected. Two paragraphs in particular caught my attention:

Besides, immigration officers would be able to update a temporary resident's conditions of stay readily. In anti-illegal immigration operations, law enforcement officers in the field can use a special reader to confirm instantly whether a person's permission to stay was valid without holding him up for further checks.

"More importantly, a smart card with biometric data stored on it will lay the foundation for the Immigration Department to introduce automated passenger clearance system in future which will bring benefits to the travelling public as more immigration counters can be opened without increase of manpower," Mrs Ip said.

Your papers, please?

Re:Could Someone "Become You"?

[Mike1024]

Hey,

Your facial geometry

Interestingly, according to This review on zdnet, you can often get past commercial face recognition software by taking a photo of the person's face, printing it out as a mask, cutting a nose hole (for someone with a similar nose), and putting on:

The face recognition systems proved easier to crack than the fingerprint or voice recognition systems. We tried to gain entry using a mask we created by printing a digital image from a color printer. This didn't work. But then we cut a nose hole in the mask and placed the mask on someone with a somewhat similar nose. At the default thresholds, we were able to fool Miros's TrueFace Network several times and Visionics' FaceIt NT once.

Retina, hand and fingerprint scanners would be as secure as could be expected but facial geometry systems tend to be less secure. Multi-camera set-ups would doubtless be more secure, but the price would start getting very high.

Personally, my favourite technology is te retina (or iris) scanner, because they can distunguish living from dead, so there's no risk of someone taking a chainsaw to your hand to get access to your bank account. They'll just have to do it at gunpoint...

Michael

...another comment from Michael Tandy.

Anonymous smartcards?

[MikeFM]

Does anyone know if there is sucha thing as a fully anonymous smart card that identifies a person uniquely. So I could say scan the card into a computer terminal and buy/sell with the money I have on the card and build something similar to a trust rating (karma points) based on the id I had on the card but there'd be no way to track my identity back to who I was irl from that card even if I had done business with you in person? (ie you'd of course know my id for this transaction which would let you look up information about me as of that transaction but you could not check out any other transactions I'd made or learn anything about me you didn't learn in person).

Dunno. It just seems to me there are benefits of being known and anonymous both so I'd like to be able to do both at the same time. This sounds unlikely but if you think about it you do this when you go to a costume party to some extent. You can become known within the limited confines of the costume but unless you offer your real identity you will again be unknown when you switch costumes (unless you have a lame costume of course). Would this be something like American Expresses's one use credit cards?

Cat and Mouse

[nigelb0]

There's always a way around these things. Naming a product 'SmartCard' only fools the population for a short period.

A copy

[Fervent]

Along with a copy of the smart card you'd also have to take considerable "traditional" measures to become the person. Change the way you look. Change your birth certificate. Change other official documents.

Copying the card would have the same effect as using your older brother's ID to purchase alcohol. It may work in some cases, but if someone looks at the ID they will obviously realize it is not you.

Re:The use of biometrics is dangerous

[IvyMike]

China:

• Amnesty International Annual Report on Human Rights, 2000
• Human Rights Watch World Report, 2000

United States of America :

• Amnesty International Annual Report on Human Rights, 2000
• Human Rights Watch World Report, 2000

My take on it: China commits some serious violations of human rights, and I'd be worried about the smart card IDs there. But I'm a U.S. citizen, and I'd also be worried about smart card IDs here. We've got our own human rights issues to work out. I'm an optimist, so I think that the U.S. won't turn into big brother, but I also think this is possible only through the constant vigilance of people like you and me.

Could Someone "Become You"?

[n3rd]

More importantly, a smart card with biometric data stored on it...

If Hong Kong has biometric information stored on their smart cards, then more than likely someone could not "become you" since, as most of you know, biometric data is specific to one person.

Re:Could Someone "Become You"?

[MemRaven]

I very much doubt that you changed:

• Your retinal pattern (feel like changing the pattern of blood vessels and nerves at the back of your eye?).
• Your fingerprints (feel like grafting on someone else's finger-skin or burning the skin on your fingertips?).
• Your hand geometry (feel like breaking every bone in your hand?).
• Your facial geometry (and this doesn't count your skin hanging on it) (feel like breaking your jaw, your cheekbones, your forehead?).

If anything, this makes such a scheme much more secure than existing plans. You can easily forge a signature, and with the right changes you can match a photograph pretty well. But anything else requires significant body mechanics changes, which are very very difficult to do.

The US Immigration has actually created the INSPASS program, which uses a card and your hand geometry to allow you to walk through immigration at many US airports (San Francisco has it, I know). It's a concept which is coming to more and more uses in governments.

SMART CARDS in CANADA

[grovertime]

This is not just an Asian thang. In conjunction with Sun, there is a Vancouver based company (could be Victoria) that is quickly implementing smart card tech for the residents there, in the hopes that the health card system will be replaced with universal smart cards which apparently have tons of security encryption to prevent the copying the poster asked about (what that encryption is still seems to be a bit of a mystery with these particular cards). The first test is, oddly enough, being done on kids in sporting leagues who will use the smart cards to track, pay and interact with their leagues efficiently. Sorry, I can't remember the name off hand. I'm gonna go find the company name and then post it under this.

1. 
   My Vote's On This Doofus
   

Smart cards limit data access.

[zCyl]

A coworker of mine was doing smart card security research recently. A smart card is not simply a data storage device, but instead actually contains a small processor. This processor can be programmed to perform public key encryption and hashing, and thus, the smart card is able to limit data access. Rather than pass out the private key to the computer where the person is trying to to authenticate themself, the smartcard receives a secret which can be signed with the private key, passed back out to the authenticating computer, and there compared with the public key with that user. It can be done in a manner similar to PGP signing of email, without the card even possessing the instructions necessary to export the private key from the card.

The equipment that would be needed to get the private key off would be pretty expensive, since you would need to be able to break the card apart and read individual memory locations with some sort of electron scanning microscope or something. (Which is tougher than it sounds.) However, Hong Kong's use of biometric data makes that even more difficult, because you would then have to modify the person carrying the copied card so their biometric data matches what's stored on the card.

Essentially, copying a smartcard like this is astronomically difficult, and at the very least, m uch more difficult than xeroxing a paper card or making a duplicate of a plastic card with a hologram.

Re:Smart cards limit data access.

[wkurdzio]

I worked for a company called 3GI for a couple summers and winters when I was off from school. They're a large smart card-solutions firm based out of Williamsburg, VA, in the USA (my hometown). Anyway, for the first year, I was a programmer and was exposed to smart cards for the first time. They're pretty cool and aren't as big a threat to privacy as people think. Here's why: * Smart cards are dumb. The OS on them does a half-dozen important functions: power on, dencrypt the data w/ the correct key (usually a PIN, but biometrics are becoming more popular 'cause PINs aren't very secure), read data, write data, encrypt the data given a key, and power off. Smart cards can't store applications and run them -- they aren't powerful enough for that. If you've seen a card that runs applications, it's a Java card. Even then, Java cards can't do much more than simple math. * Smart cards can't hold a significant amount of data. Cost-effective smart cards hold 32 kilobytes of encrypted data. There are others that hold more, but their cost goes up exponentially as the amount of space goes up. 32K isn't a lot; it's not even enough to hold complete a person's complete demographics and a fingerprint, especially if you want each smart card to hold discrete information about a billion or more people (the population of China). * The encryption methods smart cards use are pretty secure. Some of the older cards use DES; the new cards use 3DES and can be programmed to use other encyrption methods. I don't know much about cryptography, but I understand 3DES is pretty difficult to crack. Perhaps someone more fluent in cryptography can elaborate, but it's safe to say it's very tough to crack a smart card. A colleague at 3GI once related to me that it would take someone several months to brute-force a four-character-PIN-keyed smart card when valid characters are digits and the case-insensitive alphabet. Think about how long it would take someone to crack a smart card keyed on a fingerprint (11 or more coordinates on medium resolution coordinate system)! Even then, you've only decrypted the raw data which is a bunch of 0s and 1s unless you know the exact topology of the data stored on the card. * Smart cards are slow to read. Reading all 32K from a smart card can take 45 seconds. Writing takes even longer. It's a big disadvantage of smart cards (probably their only disadvantage), but at least they can't be "scanned" like memory cards can. * Their are very few standards in the smart card industry. This makes almost every smart card system different even if they use the same cards and/or even the same APIs. Some APIs encrypt data before it's sent to the card where it's encrypted even further. If you don't know the exact layout of how the data is stored on the card, you'll gonna have one hell of a time figuring it out. A lot of companies use data-mangling techniques to mangle data into values that can be stored in a smaller amount of space. A common practice is to store large intergers as two numbers: value 1 = large interger hard-coded integer value 2 = large integer mod hard-coded integer To summarize, smart cards are a good thing and are not a threat to privacy. Please don't mod an otherwise informative post down b/c of this, but a good analogy is the age-old argument that guns don't kill people -- the wrong people armed w/ guns do. Technology isn't a threat to privacy -- the wrong people armed w/ technology are.

Smart cards

[Mike1024]

Hey,

But is it possible for someone to just make an identical copy of my smart ID card, and 'become me'?

This depends on how well the security is done. The simplest smart cards simply store data, i.e. you input data and then if you send a standardised command, you get it back.

The most advanced smart cards process commands like an unopenable, solid box with a computer in.

An example way they could identify each card securely would go something like this:

Verifying terminal sends the card some random data
Smart card accepts data and is programmed to digitally sign it with a public/private key algorithm.
Smart card returns data to terminal

A more complex model might be:

Every card has a private key, and every card has a matching public key, held in a goverment database.
A goverment terminal sends a request for data (i.e. What is this person's SSN?) signed with an official goverment key
The smart card checks the govt signature against the public key stored internally.
The smart card returns the requested data, signed with the card's private key.
The govt terminal checks the signature against the public key database.

They can take pretty much as much programming as you care to put in, if you buy a good card. You could, for example, require a password to be sent to the card before it works. Anything you want, within reason. Including wiping the card if someone tried to probe it.

If you wanted to make yourself a new identity, if you could get a blank card and a copy of the programming, and you could get a new public key inserted on the official database, it might be possible to make yourself a card, but it would require substantial technical knowledgability, if it was all secured properly. It would probably be easier to wrongly send for the ID card requisition forms and fill them in with fake details.

Michael

...another comment from Michael Tandy.

Trusted System, Not Trusted User

[Andrew+Dvorak]

With all of the various authentication systems emerging I sometimes tend not to think "Can this user be trusted" but "Can I trust the system?"

Example:

• I use my smartcard to access a facility with the understanding that I trust that facility's access control system.
• If the access control system has been compromised, somebody could make use of the data received by the reader and spit it out to another system therefore forging my identification.

(yes I understand that my example has to do with controlling access to a facility, but it introduces an interesting idea that more security is in fact less secure.)

Traditional authentication systems make use of material items which cannot be duplicated easily. I have a drivers' license. It cannot easily be duplicated by just anybody such that it is an exact replica. Many consider these to be analog authentication systems, where, after a period of use, the quality of the materials degrade.

Newer, digital authentication, is alleged to be even more secure but I must argue otherwise.

• The quality of any material objects, such as a smart card, do not degrade with use.
• In a digital format, a duplication can be made such that it is indistinguishable from the original.

Possibly a solution which makes use of digital and analog identification would be even more secure.

But hey, this is a topic that requires much more research than I have time .. so make what you will of this comment :-)

why would Hong Kong do this?

[swifticus]

this sounds like a way for Hong Kong to keep a closer eye on citizens. i can't see any reason why they would want to take on this challenge.

"In addition, the implementation of a smart ID card scheme will be a significant step forward in enhancing our overall information infrastructure and in keeping Hong Kong in the forefront of world information technology development."

who would want to deal with this stuff? is HK planning on educating the population about what they're carrying? think about your grandparents carrying smart ID cards.

Smartcards are made very hard to copy.

[Ungrounded+Lightning]

... is it possible for someone to just make an identical copy of my smart ID card, and 'become me'?

Smart cards are designed to be difficult to read, even distructively or by "sneak paths" (such as variations in power usage or radio emissions). The engineers working on them, even in private enterprise, are investigated and security-cleared, and work in relatively isolated areas. (I recall when some people working with me at a large chip company were transferred to that project - in a separate building. I'd done classified work before and had no interest in doing it again. B-) )

So copying your smartcard to 'become you' is unlikely - unless that particular smartcard's technology is broken.

If it IS broken, it will likely be by some VERY well-financed sorts - either organized crime or governmental.

If it's governmental they'll want to use the break for covert activity, and will keep as low a profile as possible. So they'll play dirty tricks on their enemies - starting with the "short list".

If it's organized crime, they'll want to make a profit on their investment quickly, before the break is discovered. So there will probably be a sudden large crime wave, looting some very big targets or a great host of smaller ones, and then the smartcards will be replaced with a different technology.

Either could be a problem for some of us here. But I wouldn't worry too much about script kiddies. If they get in on it at all it will likely be on the tail end of the "organized crime" scenario.