Slashdot Mirror
British "Secure" Passports Cracked
hard-to-get-a-nickna writes "The Guardian has cracked the so-trumpeted secure British passports after 48 hours of work:
'Three million Britons have been issued with the new hi-tech passport, designed to frustrate terrorists and fraudsters. So why did Steve Boggan and a friendly computer expert find it so easy to break the security codes?'"
Wait for a few minutes and you'll see ;) In the meantime, you might want to read the FAQ
"When I first heard Daydream Nation it quite frankly scared the living shit out of me." -- Matthew Stearns
Governments fail. Shocking!
Remember, kids: government intervention is good.
Global warming is a cube.
Home Office spokesman.
"If you were a criminal, you might as well just steal a passport."
Missing the point dude.
If my passport gets stolen, I report it. It gets cloned, I've no idea somebody is impersonating me, screwing up my life (and others).
Please people, support NO2ID and tell Blair where to shove his flawed ID cards and CCTV cameras.
Anyone quoted by a reporter knows how little they understand
Don't believe what you read is the truth.
I just finished reading the article.
In short, the weakness lies in the fact that although DES3 is used to encrypt the communication between the passport chip and the reader, the key is based upon data that's available on the passport:
I hear there's rumors on the Slashdots
The dumb thing is that the personal information is SUPPOSED to be unencrypted - it's part of the spec. Thus, the 3DES (Ha Ha) encryption of the "hello" connection is irrelevant; though if the key really is based on public information it looks like someone really has lost the plot.
In any case, isn't 3DES being phased out because the cost of cracking it has fallen dramatically recently?
What fundamental principle of encryption are they breaking? If anything, a fundamental principle of encryption is that there can't be such a thing as a "secret key" if you're either putting it in the passport or if you're deploying it to everybody that needs to scan passports (remember DVD encryption?).
What's important is to have the data in the passport (along with the picture) digitally signed, in order to avoid tampering. The article claims that these passports are indeed signed and they didn't break the signature. Big surprise, since all they did was get a RFID reader and decrypt 3DES with the key right in front of them.
Don't see how you can... but anyway an exploit would be a problem with the reading software, not with the passports. And it could be more easily patched after deployment.
The article then presents some more valid points... but these have nothing to do with the basic encryption being broken. FUD mostly, surprise, surprise.
As a Slashdot discussion grows longer, the probability of an analogy involving cars approaches one.
Is this true? I had the impression that the 911 terrorists had valid ID, but I haven't read the 911 commssion report...
Can somone point me to some information confirming or disproving this assertion?
It means you can get away with all sorts of stuff and then claim "It wasn't me mate", someone must have cloned my passport.
We do have some complete fuckwits in charge. Of course, we do have some complete fuckwits voting for them, so it kind of balances out. Someone care to suggest an improvement on democracy?
Deleted
FTA: "Remember, information - such as a new picture - cannot be added to a cloned chip."
I believe the missing word is "yet".
SIG: TAKE OFF EVERY 'CAPTAIN'!!
Computer security on such a large scale is very, very difficult to get right.
They should have called in the experts, Microsoft!
"Sorry sir you can't travel this evening as you haven't run your RFID chip through Passport.NET Live Update recently. We recommend you do this every second Tuesday of the 6 months proceeding travel or you may lose your right to enter your home upon return."
"Sir, do you have the 25 digit customs key for your new passport? It should have been printed on the back of the envelope it came in."
Passenger: "Excuse me, I'm having some problems with Genuine Passport Activation. I paid £66 for this a month ago but when I tried to board the International Express 737 this morning I was told that wasn't genuine."
As usual, the RFID passport leaks information and is easy to clone.
I don't want to sound trollish, but the major force behind biometric passports worldwide is Homeland Security in USA: "You want visa free entrance to US? Make biometric passports!". Honestly, this is plain bullying.
Besides, if the border guard thinks the passport is "secure", then he'll spend less time thinking about that person and just rely on the big "OK" that pops on his screen when he swipes the thing instead of evaluating the person with his brain and guts.
TFA mentions brute-force protection. For a thing, like credit card, that can be replaced within 3-5 days, it's ok, but for a passport, that some joker "brute-forced" and now it is locked, it is really tragic, especially if You are away from home and this is Your only ID.
I think that the ID should be un-trivial to counterfeit. It should deter "common" people from tampering with it for some small, petty crimes. For well funded operations, obtaining a real passport isn't a problem - bribe the migration official and he issues You one on whatever name.
My slightly watered point is - ID should be used for "some" identification. Trust is a human thing and not machine solvable.
Heck, Your motherboard may be bugged right now by some weird conspiracy and no matter what security measures You take, such as bug sweeps or cable checks, You're screwed already since CIA and NSA and Mossad altered the CPU. It's a human thing.
Lone Gunmen crew.
We don't have a democracy, in either the pure form (which is an unworkable ideal anyway) or the popular interpretation (which is much more sensible approach in practice).
Blair has an absolute majority of MPs in Parliament, which effectively means he can force through almost anything. That doesn't mean an absolute majority of the electorate support him. Remember, Labour lost the popular vote in England at the last general election, and even with the support of MPs from our neighbour countries to prop them up, they still only received around 1/3 of the overall popular vote.
Blair and co have gone about forcing laws through and creating legacies, but the simple fact is that they have no mandate to bring in the kinds of sweeping change they are championing, unless at the very least they also have support from the other main parties who brought in other people's votes. Clearly in many of these so-called anti-terrorism matters, they do not.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
The security algorithm was good. The problem was they did not keep the keys secure.
And Again, We the british Public ask, what exactly have we gained from being forced to pay over our hard earned cash for these cards?
That would enable very cheap readers to authenticate passports and holders, and no option to fake it.
Even if people were to succeed in faking it, a criminal (let's not go down the terrorist route for once) wouldn't be able to erase his old identity from the books without deep inside help, which would probably be noticed by too many people.
Oh, how I hate this kind of spin: "This doesn't matter," says a Home Office spokesman. "By the time you have accessed the information on the chip, you have already seen it on the passport."
It matters a great deal because what they said couldn't be done can be done.
It transpired a couple of years ago that some models of the expensive Kryptonite bicycle lock could be opened with a BIC pen. The Kryptonite company could have spun this by saying "This doesn't matter, because the security expert who demonstrated this didn't really steal the bicycle, and bicycle owners actually keep their valuables in their safe deposit boxes."
What the Kryptonite company really did was acknowledge that this was a serious problem and recalled all the locks.
Would that the UK government addressed the security problem instead of the PR problem.
"How to Do Nothing," kids activities, back in print!
1. I don't understand why they use RFID. If you are not supposed to read it from further than two centimeters then why not use a contact chip (smartcard) ? It would be as practical to read and you would be sure that no one could read it without your knowledge. 2. The argument in the article that goes "if you can read it you can clone it" it completely bogus and make them sound like idiots. Have they never heard of challenge-request authentication ? The basic idea is that the reader authenticates the chip to ensure it is not a forged one. To do this you have a shared secret in both the chip and the reader. The reader then sends a random challenge to the chip, which encrypts it with the secret and send the result back. The reader does the same operation and compares the result. If it matches it considers that the chip knows the secret and is thus original.
The key idea then is that the chip never sends the secret directly, so a cloner could never guess it, even if it could issue an unlimited number of challenges to the original chip. And without the secret, it cannot produce a clone that would authenticate.
So in short to clone the chip you need more than the chip, you need to compromise the manufacturer of the system to get the secret.
The sooner you fall behind, the more time you have to catch up.
May the Maths Be with you!
The basic problem isn't the algorithm they choose. It's that their goal is incompatible with security.
They wish to establish a world where all people can be instantly identified, correlated with commercial profiles, and tracked wherever they travel.
How can this be done "securely"? It cannot.
Let's assume you get these politicians to understand some basics of encryption and physical security (and good luck with that). So, you now have a system where all people can be instantly identified and tracked by the government. Secure from... what, exactly? Secure from being tracked by unauthorized people?
Who is unauthorized, and why? I certainly have no say in who gets authorized to track me. Thousands or hundreds of thousands of random workers have access to the "authorized" level. This doesn't sound very "secure" to me.
It's like an electrocution collar you get to wear around town, "secure" in the knowledge that its encryption protocol is flawless. The only people who can activate it are from the police department, or friends of police officers, or people who sneak into the police building and use a computer there when nobody's looking. It is secure, and cannot be triggered except from the police station. Yet, in the broader sense of security, the mere fact of the collar's existence around my neck is the absolute opposite of security.
It doesn't really matter how secure they make the algorithms. A system whose purpose is to authoritatively track and identify all individual humans "from above" is insecure, by definition.
But just look at history. A better choice always takes more time to create, and is more expensive to design and implement, but in the long run it pays off much better. Take Unix, most of RSA's products, etc. There's no short cut to success, there is no overnight solution. Its just that a lot of people with power can't simply realize that common fact.
Well, to whoever said common sense was common
Microsoft: "You've got questions. We've got dancing paperclips."
Have we learned nothing?
The article states that if you can see the human-readable part of the passport, or even just take a good guess at the details, you can extract the rest of the data from the RFID chip -- and clone it. Encryption is used to ensure that nobody can eavesdrop on a transaction once initiated, but that doesn't help the fact that every transaction is presumed legitimate -- and the very nature of RFID means that you aren't always able to know that a transaction is taking place. If there isn't a human being checking passports, just a machine -- and one day, that is exactly how it will be -- one of those cloned RFID chips will be enough to get you past it.
Attempting to automate people out of the loop is asking for trouble, because we can always know what tests a machine is performing and falsify the results. Criminals are not stupid -- and smart people can often be bought. If the anticipated returns are high enough, you can be sure that someone will put up the stake. Security through obscurity is worse than no security, because it leads people to believe that their details are safe when they are not.
By the way, if you want to see how easy it is to commit identity theft, start here.
Je fume. Tu fumes. Nous fûmes!
They should have called in the experts, Microsoft!
Okay I know you're joking, but Microsoft have been one of the biggest critics of the UK government's ID card system as providing the ideal conduit for ID theft; so perhaps the Home Office really should have called them in.
True - provided you're trying to get Alice to talk to Bob! Those two know a thing or two about cryptography by know and can deal with keeping keys secret, using strong passwords etc.
It all gets rather harder if you're dealing with a huge messy system composed of hoardes of busy people who neither understand nor wish to understand the system. And that's just the immigration officers, never mind joe public!
The system that they cracked seems entirely fit for the (obviously intended) purpose of preventing casual sniffing of the RFID information. It makes the perfectly pragmatic assumption that, if the bad hats get physical posession of the passport you're screwed anyway.
They could have used a "secret" key (or something more sophisticated) because every immigration desk in every participating country then needs a secret key to "unlock" the info - and as soon as one of those (inevitably) leaks every passport in a dozen countries would have to be updated or replaced.
The problem is that all any technological change like this can achieve is to make counterfieters work that little bit harder (the article didn't say if the info had been digitally signed - which would really help there and would be totally unrelated to anti-RFID-snooping measures).
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
How is this cracked?
The passport functioned as designed. The only thing the key is designed to prevent is remote surreptitious downloading of the data from the chip. If you hand someone the passport, what sort of privacy do you expect?
Call me when they can successfully ALTER the chip data and create a valid digital signature. Merely copying the data won't help.
This reporter is clueless. I stoped reading when he/she said that 3DES is "military encryption times 3". DES was a civ cyper by desgin and was "broken" a long time ago due to weak keys and such a small key space. 3DES was quick fix and is still used and is still OK in some situations. But it is not military standard (I think AES is however).
As others above have stated, this is not "cracked" either and they are unable to change the data on the chip. Futhermore they need to read the inside page of the passport to "sniff" for the chip data. I would be happier however, with a contact card rather than contanctless....
If information wants to be free, why does my internet connection cost so much?
The question isn't whether it's crackable. You're never going to be able to make a 100% secure passport or any other type of identification for that matter. If you get a smart enough group of people together with the proper resources they will be able to crack it. The question is whether or not the technology in question is a cost effective improvement over it's predecessor.
My non expert analysis of the situation is that the entire system of passport control (whether they be conventional, machine readable, RFID, etc.) depends on the ability of the people chekcing the passports. It is up to them to confirm whether the person presenting the passport is actually the person depicted in the picture as well as confirm the authenticity of the document itself. All these security features, or rather ANY security features that might be added will only serve to make it more difficult and expensive to acquire a fake passport that "works". These new security measures may not guarantee 100% the validity of the passport but it is a move in the right direction and better than nothing changing at all. Given the relatively strict time constraints placed by the US government I have to say that in my mind this particular technology is adequate for the time being. I must admit I have not seen or heard an alternative which might feasibly have been implemented within the same time frame on such a large scale. Do I believe that it is possible for a system to be devised that automatically confirms identity with 100% certainty? Possibly. Do I want that sort of security, no! The better these automatic systems become the easier they can be abused by people who are more concerned by their own pockets rather than my safety & privacy.
As a side note, the article refers to a study where supermarket checkout cashiers were shown to fair badly at the task of matching faces to photos, however I would like to believe that those working in passport control have not only been specifically trained for this task but are also naturally better at it.
The jist of the article is that they don't believe the security added by the RFID chip is worth what was paid for it not that it is inherently making the situation any worse.
To get to the other side?
The revolution will not be televised... but it will have a page on Wikipedia
However, it turns out they made the same blunder that tyro users of computer systems everywhere do: they chose a key that was easy to guess.
From TFA:
I think it can be convincingly argued that the reason they did this is that commercial product development is inherently prone to security blunders.
Start from this well known cryptography maxim: any fool can create a system he cannot break into.
The implication is that you need bring in outside people to criticize, even break your product. But that's not how businesses operate. Businesses run on sales; you have to convince buyers to have confidence in your product. Sales can't plant confidence in the customers' minds if they have doubts in their own. That's fine for sales, but what about engineering? Well, you don't start into the development of a product without at least a healthy dose of optimism. Businesses run on optimism. And they protect themselves by denial.
Security problems are very easy to deny. There is no such thing as evidence of security; you can only try to find evidence of insecurity and fail. So how hard and long should you look? Most of the time if things look OK, they're taken to be OK.
I think it's no accident that RSA, one of the best companies in the field, was started by academics. The academic approach isn't better in every case, but it does have a lot more respect for the importance of proving the null hypothesis.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
It has not been cracked !
....
As usual the journalist is confusing everything. What these bozos have done is just read the content of the RFID chip exactly in the same way a custom officer would have done: using the key which is *printed* on the passport !
Basically this chip do what it has been designed for: improve the difficulty to create fake passports.
Now of course you have always some neo-luddites like those who are spreading FUD in order to sway opinions who will never read the details of the article and just remember the passports have been "cracked"
Pityfull
http://www.transparency.org
That's a big part of the problem. Whose retarded idea was it to use RFID? Wouldn't, say, a smart card chip like the chip & pin card in credit cards have been MUCH better because then you actually need to physically have the passport in your hand to read it - instead of being able to read it through envelopes, clothing and the like with no evidence that it's been read?
Oolite: Elite-like game. For Mac, Linux and Windows
This is the same situation as in Holland. The new Dutch passport also contains RFID technology and security experts cracked the system even before it was released. See this article.
Weak encryption keys are the part of the problem.
Anyway, this project cost some millions euros, and solves nothing. It only creates new problems making identity theft much easier to accomplice.
Aluminum foil, when wrapped around an RFID tag (or passport) makes it impermeable to the readers. Just think, a tinfoil hat for your passport! You'll look just like twins!
Then it would be perfectly secure, because nobody would bother to read the chip, just pontificate endlessly on what they *believed* was on it.
"My country, right or wrong; if right, to be kept right; and if wrong, to be set right." --Senator Carl Schurz (1872)
Of course it's not a democracy. In a strict "one man, one vote" definition, a democracy should always act as the majority wish on any specific subject. But in practice, this only works in the presence of a completely informed and rational population, which you can never realistically achieve (regardless of good will) because of the sheer scale of what's involved.
Hence we commonly use the word "democracy" informally, to mean a government that acts according to the overall principles and intents of the population, yet without holding a referendum on each specific subject, and we elect representatives whose views are supposed to reflect those of the population to do the detail work. But Blair's Labour government isn't even that kind of democracy, as plenty of surveys show when you look at the government's position on controversial subjects such as Iraq or civil liberties vs. the general population's preferences.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
There was a specific requirement for a contact-less solution as they were concerned that any contact would potentially wear out after 10 years of frequent travel.