RFID Passport Security "Poorly Conceived"

tonk writes, "European expert researchers on identity and identity management summarize their findings from an analysis of passports with RFID and biometrics — Machine Readable Travel Documents or MRTDs — and recommend corrective measures that 'need to be adopted by stakeholders in governments and industry to ameliorate outstanding issues... By failing to implement an appropriate security architecture, European governments have effectively forced citizens to adopt new international MTRDs which dramatically decrease their security and privacy and increases risk of identity theft. Simply put, the current implementation of the European passport utilizes technologies and standards that are poorly conceived for its purpose.' The European experts therefore come to similar conclusions as the Data Privacy and Integrity Advisory Committee of the US Department of Homeland Security in a draft report, which seems to be delayed."

The actual report

[mgemmons]

Here is a link to the actual report.

Data Rich == Enhanced Privacy

[swillden]

In response to the poster who asked why these passports are data rich: Because it avoids the need to place all of this detailed personal information in central databases which are accessed remotely from thousands of locations around the world. How would you secure such a database?

The ICAO recommended approach is much more secure -- the problem here is that the EU has chosen not to implement the security features. The US State Dept. started down the same path, but changed course in response to public outcry.

Here's a description of how the "basic authentication" as recommended by the ICAO specifications works -- this is from memory, but it should be very close to accurate:

• The contactless smart card chip refuses to divulge any data until after the reader authenticates itself with a challenge-response protocol using an AES key (128 bits, IIRC) which is derived from an optically-scannable string printed inside the passport cover.
• During the challenge-response protocol, a pair of session keys are generated, one is used by the passport chip to encrypt all data responses, and the other is used by the reader to individually authenticate each data request.

So, unless you can break AES or exploit some other flaw in the passport chip* the only way to retrieve the data from the chip is to look inside the passport. If you can look inside the passport, however, you really don't need to talk to the chip at all, because with the exception of some digital signatures, all of the data in the chip is printed in the passport.

What exactly is in the chip? Again from memory:

1. A fairly high-quality JPEG image of the passport photo. Around 30KB. I really think they should have used JPEG2000 which would have maintained the high quality with maybe half as many bits, but...
2. All of the personal data printed in the passport (name, address, birthplace, passport #, etc.)
3. RSA digital signatures of all of the above, with signing key certificates so the authority chain can be traced back to the issuer's secret key (which may be signed by an ICAO key... I don't remember).

In the future, other biometrics may be added as well, like a fingerprint image.

The US State Dept. has chosen to go one step beyond the ICAO recommendations and add shielding to the passport cover, so the chip is isolated and can't be queried or detected when the cover is closed. Without that, an attacker couldn't read the data from the chip, but he could "ping" the chip and notice its presence.

*Note that these chips were not created for passports, they're standard contactless smart card chips which have decades of use as security devices behind them, and which protect billions in credit card transactions annually -- nothing's perfect, but they're darned good, having gone through many years of breaks and application of countermeasures.