Security and Privacy Issues in Epassport - PowerPoint PPT Presentation

1 / 57
About This Presentation
Title:

Security and Privacy Issues in Epassport

Description:

Machine-Readable Travel Documents, an abbreviation used by the ICAO, means ... cheap. no support for cryptography. single identifier (kill command-render. tag ... – PowerPoint PPT presentation

Number of Views:1075
Avg rating:3.0/5.0
Slides: 58
Provided by: University514
Category:

less

Transcript and Presenter's Notes

Title: Security and Privacy Issues in Epassport


1
  • Security and Privacy Issues in E-passport
  • Ari Juels, David Molnar, and David Wagner
  • Presented by
  • Vivian Bates and Pano Elenis

2
Outline
  • Key Words
  • Introduction
  • Radio Frequency identification (RFID)
  • Biometrics
  • Related Work
  • Security and Privacy Threats
  • Cryptography in E-passports
  • Strengthening Todays E-passport
  • Future Issues in E-passport
  • Conclusion

3
Key Words
  • US-VISIT


  • United States Visitor and Immigrant Status
    Indicator Technology program
  • ISO
  • International Organization for
    Standardization
  • ICAO
  • International Civil Aviation
    Organization, the issuer of the biometric
    passport standard currently being applied. The
    ISO 7501-12005 is a short form of the ICAO
    standard
  • RFID
  • Radio Frequency Identification is an
    automatic identification method that rely on
    storing and remotely retrieving data using
    devices called RFID tags or transponders
  • RFID (chip)
  • Radio Frequency IDentifier (chip) a
    family of small chips that are capable of
    permanently and/or temporarily store information
    and duplex communication with a reader using
    radio waves
  • MRTD
  • Machine-Readable Travel Documents, an
    abbreviation used by the ICAO, means machine can
    read passports, visas and official travel
    documents
  • Faraday Cage
  • A capsule of radio wave blocking material
    (example aluminum) used to protect the RFID-chip
    in biometric passports from being read at other
    times than when reading is expected
  • Biometric
  • The verification of a human identity
    through the measurement of biological or
    behavioral characteristics. A unique, measurable
    characteristic or trait of a human being for
    automatically recognizing or verifying identity

4
Introduction New Generation
of Identity Cards Combination
of RFID and Biometric TechnologyPurpose Reduce
Fraud Identity Check Enhance security
  • ICAO guidelines
  • RFID chips to store and transmit data in a
    wireless manner
  • biometric identity verification (face
    recognition)
  • ISO 14443 specifications
  • radio frequency of 13.56MHZ
  • small passive chip
  • no on-board source of power
  • power derived indirectly from signal of a reader
  • intended read range 10 centimeters

5
US-VISIT US-VISIT is a first step in a
multi-layered approach to enhance border security
mandated adoption by October 2006 of
Biometrically enabled passports by twenty-seven
nations in its Visa-Waiver Program (VMP)
  • Foreign visitors traveling to the United States
    must have their two index fingers scanned and a
    digital photograph taken to match and
    authenticate their travel documents at the port
    of entry
  • The US-VISIT requirements do not replace visa
    requirements for entering the United States
  •   For more information on visas, please visit the
    U.S. Department of State's

6
Passports
  • RFID tags are being embedded in passports issued
    by many countries
  • First E-passports issued by Malaysia in 1998
  • information
  • visual data page
  • record the travel history (time, date, and place)
    of entries and exits from the country
  • 5,000,000 1st generation in circulation, image of
    thumbprint
  • 125,000 2nd generation in circulation, extracted
    fingerprint only
  • Standards for RFID Passports
  • International Civil Aviation Organization (ICAO)
  • ICAO Document 9303, Part 1, Volumes 1 and 2 (6th
    edition, 2006)
  • ICAO refers to the ISO 14443 RFID chips in
    e-passports as "contactless
    integrated circuits
  • ICAO standards provide for e-passports to be
    identifiable by a standard e-passport logo on the
    front cover.

7
Passports
  • RFID tags are included in new UK and some new US
    passports beginning in 2006
  • The US produced 10 million passports in 2005
  • Estimated that 13 million will be produced in
    2006
  • The chips will store the same information that is
    printed within the passport
  • Include a digital picture of the owner
  • The passports will incorporate a thin metal
    lining to make it more difficult for unauthorized
    readers to "skim" information when the passport
    is closed

8
Radio waves have the longest wavelengths in the
electromagnetic spectrum These waves can be
longer than a football field or as short as a
football
http//imagers.gsfc.nasa.gov/ems/radio.html
9
History of RFID
  • Radio Frequency Identification automatic
    identification method that rely on storing and
  • remotely retrieving data using devices called
    RFID tags or transponders
  • 1946 Leon Theremin invented an espionage tool for
    the Soviet government which retransmitted
    incident radio waves with audio information
  • 1939 The British IFF transponder invented by the
    British used by the allies in World War II to
    identify airplanes as friend or foe
  • 1948 Harry Stockmans paper "Communication by
    Means of Reflected Power" (Proceedings of the
    IRE, pp 11961204, October predicted that
    "...considerable research and development work
    has to be done before the remaining basic
    problems in reflected-power communication are
    solved, and before the field of useful
    applications is explored.
  • Mario Cardullo U.S. Patent 3,713,148 in 1973 was
    the first true ancestor of modern RFID (a passive
    radio transponder with memory)
  • 1973 The first demonstration of today's reflected
    power passive and active (backscatter) RFID tags
    done at the Los Alamos Scientific Laboratory

10
General RFID
  • Data transmitted by a mobile device called a tag
  • Tag read by an RFID reader
  • RFID process according to the needs of a
    particular application
  • Data transmitted by the tag may provide
  • identification
  • location information
  • product tag specifics
  • price
  • color
  • date of purchase
  • Two Types of Tags
  • Passive
  • Active

11
Passive RFID Tags
  • Internal power supply
  • Electrical current induced in the antenna by the
    incoming radio frequency signal
  • CMOS integrated circuit tag to power up and
    transmit a response
  • Most passive tags signal by backscattering the
    carrier signal from the reader
  • Response not necessarily just an ID number
  • Tag chip can contain non-volatile EEPROM for
    storing data.
  • Embedded in a sticker or under the skin

12
Passive RFID Tags
  • Smallest devices measured 0.15 mm 0.15 mm
  • Thinner than a sheet of paper 7.5 micrometers
  • Lowest cost EPC RFID tags (used by Wal-Mart,
    Target, Tesco in UK and Metro AG in Germany) for
    5 cents
  • Antenna tag size of a postage stamp to the size
    of a post card
  • Passive tags practical read distances ranging
    from about 10 cm (4 in.) to a few meters
  • Non-silicon tags made from polymer semiconductors
    are currently being developed by several
    companies globally
  • Less expensive than silicon-based tags

13
Active RFID Tags
  • Own internal power source which is used to power
    any ICs that generate the outgoing signal
  • More reliable than passive tags due to the
    ability for active tags to conduct a "session"
    with a reader
  • Onboard power supply transmit at higher power
    levels than passive tags, allowing them to be
    more effective in "RF challenged" environments
  • like water (including humans/cattle, which are
    mostly water)
  • metal (shipping containers, vehicles)
  • longer distances

14
Active RFID Tags
  • Ranges hundreds of meters
  • Battery life of up to 10 years
  • Include sensors such as temperature logging
  • concrete maturity monitoring
  • monitor the temperature of perishable goods
  • humidity, shock/vibration
  • light, radiation, temperature and atmospherics
    like ethylene
  • Range 300 feet
  • Larger memories than passive tags
  • Store additional information sent by the
    transceiver
  • The United States Department of Defense
  • reduce logistics costs
  • improve supply chain visibility for more than 15
    years

15
Supply Chain vs. Passport RFID
  • Passport RFID
  • shorter intended read range
  • tamper resistance
  • cryptography
  • Supply Chain RFID
  • simple
  • cheap
  • no support for cryptography
  • single identifier
  • (kill command-render
  • tag inoperable)
  • frequency 915 MHz
  • range read 5 meters

16
BiometricsA unique, measurable characteristic
or trait of a human being for automatically
recognizing or verifying identity
  • Practical biometrics for e-passport deployment
  • Face recognition-automated analog of the ordinary
    human process of recognition
  • Fingerprint- determines that two friction ridge
    impressions originated from the same finger or
    palm
  • Imaging and automation fingerprint matching
  • Fingerprint scanners optical or silicon-sensor
    forms
  • Iris- uses pattern recognition techniques based
    on high resolution images of the iris of an
    individual's eye

17
Related Work
  • Pattinson
  • Points out the need for direct link between
    optically scanned card data and secret keys
    embedded in e-passports
  • Outlines the privacy problems with-passports
    readable by anyone
  • Jacob
  • Discusses issues in e-passport deployment in the
    Netherlands
  • Highlights the importance of basic access control
  • Investigates the issues surrounding a national
    database of biometrics identifiers
  • Smart Card Research Group at IBM Zurich
  • Demonstrates a Javacard application running on a
    Philips chip that performs basic access control
    and active access control in under 2 seconds

18
E-Passports Security and Privacy Threats
  • Clandestine scanning
  • Clandestine tracking
  • Skimming and cloning
  • Eavesdropping
  • Biometric data-leakage
  • Cryptographic weaknesses

19
Secrecy and Privacy Threats
  • Clandestine scanning
  • Problem Baseline ICAO guidelines do not require
    encryption or
  • authentication between passports
    and readers
  • An unprotected chip is subject to
    short range illegal scanning
  • Clandestine tracking
  • Problem The standard for e-passport RFID chips
    (ISO 14443) stipulates the emission (without
    authentication)
  • of a chip ID on protocol initiation
  • A different ID on every passport (even if data
    can not be read) could enable tracking the
    movement of passport holder by unauthorized
    parties
  • Skimming and cloning
  • Problem Baseline ICAO regulations require
    digital signatures on e- passport data

  • Digital signatures allow the reader to verify
    that data came from the correct passport
    issuing authority
  • No defense against cloning because the digital
    signatures do not bind the data to a particular
    passport or chip

20
Secrecy and Privacy Threats
  • Eavesdropping
  • Problem Faraday cages do not prevent
    eavesdropping on legitimate passport to reader
    communications
  • Function creep e-passports will be used in new
    areas like e-commerce
  • feasibility may be feasible at a longer
    distance
  • Detection difficulty in passive do not involve
    powered signal emission
  • Faraday cages (a metallic material in the cover
    or holder ) prevent penetration of RFID signals
  • Biometric data leakage
  • Problem Baseline ICAO regulations require
    digitized headshots (Secrecy needed for
    authentication)
  • Automation required with e-passports and
    physical environment is not strictly controlled
  • Cryptographic weakness
  • Problem ICAO guidelines include an optional
    mechanism for authenticating and encrypting
    pass-port-to-reader communications
  • No mechanism to revoke access once a reader
    knows the k key

21
E-passport Threats
  • Data leakage threats skimming-covert reading of
    contents
  • Installation of RFID readers in doorways
  • Security checkpoint
  • airport
  • sporting event
  • concerts
  • Clandestine readers resemble anti-theft gates
  • shops
  • entrances to buildings
  • Identity Theft new identity or fake documents
  • photograph, name, birthday, social security card
  • Tracking and Hotlisting
  • Tracking static identifier track movement of
    RFID device
  • Hotlistings target specific individuals
  • RFID enabled bomb keyed on collision avoidance
    UID
  • Unattended triggering
  • Comprehensive targeting

22
Biometric Threats
  • Automation
  • Human oversight
  • Opportunity for spoofing authentication system
  • Spillover
  • Compromised data one system threaten integrity of
    unrelated ones
  • Special properties Passport photos
  • Image Quality
  • Higher quality than the image an attacker may
    produce
  • Forgery
  • Spoof face-recognition systems

23
Cryptography in E-passports
  • Pano Elenis
  • ICAO Specifications

24
The ICAO Specifications
  • One mandatory cryptographic feature
  • Passive authentication
  • Data on e-passport signed by issuing nation
  • Permitted algorithms RSA, DSA and ECDSA
  • Only demonstrates that data is authentic
  • Does not prove that container for data is
    authentic (i.e. the passport)

25
The ICAO Specifications
  • Two optional cryptographic features for improved
    security
  • Basic Access Control and Secure Messaging
  • Ensures that data is only ready by authorized
    RFID readers
  • Stores a pair of secret cryptographic keys (KENC,
    KMAC)
  • Active Authentication
  • Anti-cloning feature
  • Relies on public-key cryptography

26
Basic Access Control
  • When a reader attempts to scan, a
    challenge-response protocol is engaged
  • Proves knowledge of (KENC, KMAC) keys Upon
    successful authentication, a session key is
    derived and the passport releases its data
  • KENC and KMAC are derived from optically
    scannable data printed on the passport
  • The passport number, the date of birth of the
    bearer, the date of expiration of the passport
    and three check, one for each of the three
    preceding values.

27
Key Establishment Mechanism 6
  • Random nonce
  • Checks MAC and decrypts
  • Keying material
  • Concatenation
  • Encrypt
  • Checksum
  • Keying and Nonce
  • Concatenation
  • Encrypt
  • Checksum

28
Encryption and Decryption
  • Two key 3DES in CBC mode with
  • Zero IV (i.e. 0x00 00 00 00 00 00 00 00)
    according to ISO 11568-2

29
Retail Message Authentication Code
  • Cryptographic checksums are calculated using
    ISO/IEC 9797-1 MAC algorithm 3 with
  • Block cipher DES
  • Zero IV (8 bytes)
  • ISO9797-1 padding method 2.

30
Basic Access Control Shortcomings
  • Entropy of key is too small
  • ICAO PKI Technical Report warns that entropy key
    is at most 56 bits
  • Some of these bits may be guessable in some
    circumstances
  • A single fixed key is used for the lifetime of
    the e-passport
  • Impossible to revoke a readers access to the
    e-passport once it has been read
  • Databases of keys may be inadvertently
    compromised
  • Basic Access Control is still better than no
    encryption at all

31
Active Authentication
  • Anti-cloning feature
  • Does not prevent unauthorized parties from
    reading e-passport contents
  • Relies on public-key cryptography
  • Proves that e-passport has possession of a
    private key
  • The corresponding public key is stored as a part
    of the signed data on the passport

32
Active Authentication Mechanism
ISO/IEC 7816 Internal Authenticate mechanism
  • Random nonce
  • Verifies signed message with passports public key
  • Random nonce
  • Concatenation
  • Signs X with private key with ISO 9796-2 padding

33
Active Authentication
  • Public-key must be tied to specific e-passport
    and biometric data to avoid man-in-the-middle
    attacks
  • Every reader capable of Active Authentication and
    is compliant with the ICAO specifications must
    also have hardware capability for Basic Access
    Control
  • Deployments that neglect this part will open
    themselves to a risk of cloned e-passports

34
Active Authentication Issues
  • The certificate required for verifying Active
    Authentication also contains enough information
    to derive a key for Basic Access Control
  • When used with RSA or Rabin-Williams signatures,
    responses can be distinguished
  • As a result, tracking and hotlisting attacks are
    possible even if Basic Access Control is in use
  • It is recommended that Active Authentication be
    carried out only over a secure session after
    Basic Access Control has been employed and
    session keys derived.

35
Cryptographic measures in planned deployments
  • A Federal Register notice dated February 18, 2005
    provides a number of details on U.S. e-passport
    plans
  • The Federal notice offers three reasons for the
    decision not to implement Basic Access Control
  • The data stored in the chip is identical to the
    data printed in the passport
  • Encrypted data would slow entry processing time
  • Encryption would impose more difficult technical
    coordination requirements among nations
    implementing the e-passport system
  • Faraday cages will enough to prevent
    eavesdropping

36
Flaw in Federal notice reasoning
  • Reason 3 is flawed because all the data required
    to derive keys for Basic Access Control on the
    data page, no coordination amongst nations is
    required
  • Faraday cages are not sufficient to protected
    against unauthorized eavesdropping
  • Lack of Basic Access Control means that any ISO
    14443 compliant reader can easily read data from
    the e-passport
  • Original deployment choices of the U.S. puts
    e-passport holder at risk for tracking,
    hotlisting and biometric leakage

37
Planned Deployments
  • Malaysian identity cards/passports are not
    compliant as it predates ICAO standards
  • Other nations may or may not meet the United
    Stats mandate for deployment in 2005
  • Due to complaints from several countries, the
    deadline as been extended from October 2005 to
    October 2006

38
Strengthening Todays E-passports
  • Faraday cages
  • Simple measure to prevent unauthorized readings
    (skimmings)
  • Materials such as aluminum fiber can block RF
    signals
  • Does not prevent an eavesdropper from snooping on
    a legitimate reading
  • Faraday cages were deprecated in favor of Basic
    Access Control because they do not prevent
    eavesdropping.

39
Strengthening Todays E-passports
  • Larger secrets for Basic Access Control
  • Long term keys only contain 52 bits of entropy
  • Brute-force attack
  • The addition of a 128-bit secret, unique to each
    passport, would strengthen the resistance to
    brute-force attacks
  • Private collision avoidance
  • The collision avoidance protocol in ISO 14443
    uses an UID
  • Care must be taken that each UID read is
    different and that UIDs are unlinkable across
    sessions
  • A countermeasure would be to pick a new random
    identifier on every tag read

40
Strengthening Todays E-passports
  • Beyond optically readable keys
  • Current ICAO approach ties neatly together with
    physical presence and the ability to read
    biometric data
  • Might not be possible for next-generation ID
    cards
  • Important to create a keying mechanism that
    limits a readers power to reuse secret keys and
    a matching authorization infrastructure for
    e-passport readers

41
Future Issues in E-passports
  • Visas and writeable e-passports
  • Upon the acceptance of e-passports, there will be
    the desire to support visas and other
    endorsements
  • Being that multiple RFID chips may interfere with
    each other, the feasibility to include a new RFID
    tag with each visa stamp may not be possible
  • Instead, all the data would have to be stored on
    the same chip as the passport data
  • Requires the ability to write data after issuance

42
Future Issues in E-passports
  • A simple first attempt at visas on e-passports
  • An area specified as append-only memory for visas
  • Visa would be named by e-passport and signed by
    issuing government
  • Could possibly include sanity checks to ensure
    a visa is properly signed and names the correct
    e-passport before committing it to the visa
    memory area

43
Future Issues in E-passports
  • Another thing to consider is that some travelers
    do not want border control to know where theyve
    traveled
  • For example, most Arab countries will refuse
    entry to holders of passports which bear Israeli
    visas
  • The previous example is considered a legitimate
    reason, but someone entering the United States
    from Canada may be harboring terrorists
  • It may be hard in the future to determine the
    legitimate reasons from the illegitimate, but
    preventing illegitimate visa removals will become
    a goal of future visa-enabled e-passports

44
Future Issues in E-passports
  • Function creep
  • Passports might some day come to serve as
    authenticators for consumer payments or mass
    transit passes
  • Has the ability to undermine data protection
    features as it will spread bearer data more
    widely among divergent systems
  • May lead to consumer convenience (i.e. removal of
    optical scanning and faraday-cage use)
  • Unless new privacy features are added, it is
    conceivable that an e-passport can reveal a great
    deal of private information
  • For example, an age check at a bar can also leak
    information about their passport number, place of
    birth, and possibly elements of their travel
    history
  • Web cookies are an instructive example of
    function creep

45
Conclusion
  • The secrecy requirements for biometric data imply
    that unauthorized reading of e-passport data is a
    security risk as well as a privacy risk
  • At a minimum, a Faraday Cage and Basic Access
    Control should be used in ICAE deployments to
    prevent unauthorized remote reading of
    e-passports.
  • Because the U.S. deployment uses Active
    Authentication, readers are required to include
    the capability to optically scan e-passports.
    This capability is sufficient for Basic Access
    Control and would therefore require no change or
    coordination with other nations to implement it.
  • Todays e-passports deployments are just the
    first wave of next-generation identification
    devices

46
Current News
  • 27 countries participating in the Visa Waiver
    Program
  • Andorra, Australia, Austria, Belgium, Brunei,
    Denmark, Finland, France, Germany, Iceland,
    Ireland, Italy, Japan, Liechtenstein, Luxembourg,
    Monaco, the Netherlands, New Zealand, Norway,
    Portugal, San Marino, Singapore, Slovenia, Spain,
    Sweden, Switzerland and the United Kingdom.

47
Current News
  • According to a statement released by the
    Department of State on August 14, 2006, the
    issuance of e-passports to the public begins
    today
  • Production has started at the Colorado Passport
    Agency and will be expanded to other production
    facilities over the next few months
  • Consistent with globally interoperable
    specifications adopted by the International Civil
    Aviation Organization (ICAO), this next
    generation of the U.S. passport includes
    biometric technology
  • A contactless chip in the rear cover of the
    passport will contain the same data as that found
    on the biographic data page of the passport
    (name, date of birth, gender, place of birth,
    dates of passport issuance and expiration,
    passport number), and will also include a digital
    image of the bearers photograph

48
Current News
  • The Department of State has employed a
    multi-layered approach to protect the privacy of
    the information
  • Metallic anti-skimming material incorporated into
    the front cover and spine of the e-passport book
    prevents the chip from being skimmed, or read,
    when the book is fully closed
  • Basic Access Control (BAC) technology, which
    requires that the data page be read
    electronically to generate a key that unlocks the
    chip, will prevent skimming and eavesdropping
  • A randomized unique identification (RUID) feature
    will mitigate the risk that an e-passport holder
    could be tracked. To prevent alteration or
    modification of the data on the chip, and to
    allow authorities to validate and authenticate
    the data, the information on the chip will
    include an electronic signature (PKI)

49
Current News
  • The Electronic Passport Logo
  • Will be displayed at border inspection lanes and
    transit ports equipped with special data readers

50
Current News
  • Hackers Clone E-Passports
  • Successfully cloned to a blank RFID tag
  • Not possible to change data on the chip without
    being detected
  • Due to cryptographic hashes that authenticate
    data

51
Passport Front Cover
52
Inside Cover and First Page
53
Data and Signature Pages
54
Visa Pages
55
Visa Pages
56
Old and New Passport
57
References
  • http//travel.state.gov/passport/eppt/eppt_2788.ht
    ml
  • http//www.state.gov/r/pa/prs/ps/2006/70433.htm
  • http//travel.state.gov/passport/eppt/eppt_2502.ht
    ml
  • http//www.infoworld.com/article/05/10/26/HNrfidpa
    ssport_1.html
  • http//www.dhs.gov/xnews/releases/pr_1160497737875
    .shtm
  • http//www.icao.int/mrtd/Home/Index.cfm
  • http//www.wired.com/news/technology/0,71521-0.htm
    l?twrss.index
  • http//http.cs.berkeley.edu/daw/papers/epassports
    -sc05.pdf
  • http//en.wikipedia.org/wiki/RFID
  • http//www.aware.com/products/compression/icaopack
    _gg.html
Write a Comment
User Comments (0)
About PowerShow.com