Technical analysis of security mechanisms used in RFID E-passport, related threats, security and privacy issues.

confidencehandElectronics - Devices

Nov 27, 2013 (3 years and 8 months ago)

110 views

Technical analysis of
security mechanisms
used
in RFID

E
-
passport, related
threats,

security and privacy issues.


Shah Sheetal


Viterbi School of Engineering, University of Southern California,

Los Angeles, CA, USA

E
-
mail: sheetals at usc.edu



Abstract

I
n past few years terrorist attacks and illegal intru
sion across country borders ha
s increased
which

led to strict and tedious passport verification process. This t
u
r
ned down legitimate travelers.
M
any countries are in process of deploying electronic passpo
rts to travel
e
rs
f
or facilitati
ng
traveling, automating

passport verification process and increasing border security. The e
-
passport
as it is some times called
,

deploys

two popular technologies
:
Ra
dio frequency Identification
(RFI
D) and Biometrics.
Persona
l
credentials

and

Bearers biome
tric data is stored on RFID

chip
which is used in verification process

by border security officers
.
The RFID chip
raises

some
security and privacy issues

like issuance, encryption, read range and so on, but there are also
oth
er aspects to consider with implem
entation of RFID. Recently, state

gov
ernments

decision
has
been

criticize
d because of security and priva
cy issues related to RFID technology.

This paper is

a
sinc
e
re

attempt to intro
duce the two technologies
involved in e
-
passport,
their

background, technical aspects of the authenticatio
n and access control mechanisms
proposed by
International Civil
Aviation

Organization,
analyze

cryptographic ma
jors and threats related to e
-
passport. Also

propose

future

changes and solutio
ns based on analysis of the recent studies.



1

Introduc
tion


United S
tates Government is taking major steps for improving border security

and facilitating

travel
.

A
s a result
an electronic passport is proposed which
uses

RFID

-

A
new generation

technolo
gy


along with

Biometrics

.
Many European countries are also in process of deploying
biometric passport
,

also known as electronic passport or e
-
passport.
The international Civil
Avi
ation Organization (ICAO herein after) has been developing
standards

for t
hese new generation
passports
, visas and other travel documents
.

According to ICAO specifications

[1]

the

smart card
processing

chip will be embedded within the passport

which will store bi
ometric information of
the owner

along with the information which i
s present on
current
the passport in text format. This
s
t
ored information can then be used by border control offic
ers by the time of travel. The general
idea behind this is to prevent passport forgeries, make the inspection and verification process quick
s
o that travelers spend less time in waiting in queues, Tracking and identifying suspect criminals
and
terrorists

and executing a Visa Waiver program[2] for travelers who want to travel
to United
States for less than 9
0 days
[3]
.

ICAO is formed by United Nat
ions
Organization for promoting safety and orderly
development of civil aviation in the world.

ICAO
constantly

improving

specification
s

for Machine
readable travel documents (MRTD) DOC 9303

[4] which should

be followed by

e
-
passport
s or any
m
achine readabl
e travel document
. The specifications mandate a basic authentication mechanism
called

Passive authentication


and specify two optional mechanisms
called

Active
authentication


and

Basic Access Control mechanism
”[6
]
. It is left on the participating count
r
ies
to implement or neglect these optional mechanisms
. However studies shown that all the three
mechanism
s have

some flaws which compromises privacy and security of passport owner.
Though
,

forgery of passport made harder, “Security guru’s” claim that the
authentication and
access control techniques are not sufficient to prevent cloning
and cracking

the
e
-
passport
.

The main purpose of this paper is to discuss the
basic
technologies
and authentication and
access control mechanisms
used
in
e
-
passport
.
Discuss

the threats associated with the technologies

if any
.
Analyze the cryptographic details of the mechanisms specified by ICAO and discuss the
problems associated with them with respect to privacy and security vulnerabilities which have
been criticized recent
ly.
The paper will also discuss the improvement mechanisms and
recommendations given by security scientists and researches along with my personal opinion from
the studies

and suggestions for future improvements
.


2
Brief introduction to
Technologies Used
in
E
-
passport



2.1

RFID




Radio Frequency Identification (RFID) is an automatic identification method, relying on storing
and remotely retrieving data using devices called RFID tags or transponders. An RFID tag is an
object that can be attached to or inc
orporated into a product, animal, or person for the purpose of
identification using radio waves

[7
]
. RFID is traditionally used for tracking products and achi
e
ved
great success in supply chain management system
.

RFID technology is used in many different
Id
entification systems in the form of barcodes and embedded chips.

An RFID chip, which may
also be called an RFID tag, is a small microchip designed for wireless data transmission. This
microchip is generally attached to an antenna in a small package. In
e
-
p
assport
s this package is a
part of the passpor
t cover in the passport book [8
].

Most tags have just 64 to 128 bits of read only
memory, which they transmit to any reader that asks. Some tags have a small amount of writable
memory.

There are two types of RF
I
D tags, active and passive.
Passive RFID tags carry no onboard
source of power and they derive power from reader
. Passive tags have practical read distances
ranging from abo
ut 10 cm (4 in.) up to a few meters [9].

Active RFID tags have both an on

board
po
wer source and an active

transmitter. T
he read
-
range
for active tags
can be several kilometers.


Currently RFID technology is used in following Identification systems
-

Smart kitchens, washing machines, closets

Smart products for store returns, product rec
alls

In “Proximity cards” used for physical access control

Plastic recyclables that sort themselves

EZ
-
PASS, and similar auto
-
payment tags, which are frequently active rather than passive.

Library books, and other inventory control situations

Livestock and

pets, even some eccentric humans

Supply chain management system

Product tracking system

However RFID technology used in
E
-
passport

is not the same as used in these Product
tracking or supply chain management system.
Passport tags are unusual in that they
provide more
functionality, rather than being tightly optimized for cost as is the case with commercial tags
.

Th
ese tags possess

processing capacity.

Deployment of RFID in
e
-
passport
s

is
said to be for
enha
ncing

border security and facilitate
travel [
13
]
.
United S
tates participation in Visa Waver program

[2]

may
also
have
led government
to
embed

RFID chip in
e
-
passport
s.

Moreover
RFID Tags that can broadcast biometric data can help verify passport holder's identity

without making actual contact to inspectio
n device
.
Wireless communication allows higher data
rates and does not involve wear and tear of device.
Data can be
efficiently
transmitted to reader,
and compared against original templates

taken
from user. Another use of RFID i
n
e
-
passport

is
hopefully

h
arder to forge or clone a passport.

However, using wireless technology does introduce
new security risks as compared to traditional passports.

There are several threats associated with RFID technology. RFID is v
ulnerable to
Clandestine
scanning
,
Clandestin
e tracking
, skimming,

cloning

and e
avesdropping
.
Every RFID system could
be in danger of being attacked in some way or another.
RFID technology has been criticized for
S
ecurity and privacy issues
.
Most of the secret personal information such as biometric i
nformation
is embedded in e
-
passport

therefore privacy is an important issue when it

comes to
e
-
passport
s.


2.2

Biometrics




“Biometrics is the automated measurement of biological or behavioural features that
identify a
person” [19, p. 328] or “Biometric
s are

the automated means of
recognizing

a living person
through the measurement of distinguishing phys
ical or behavioural traits.” [5
].

According to ICAO specifications

[5],
use of b
iometrics
in e
-
passports and Machine Readable
Travel Documents (MRTD here
in after) is for improving

the qua
lity of the background check
while enrollment process and increasing

the strength of the binding between the travel document
and the person who holds it.

The original of use of biometrics in e
-
passports is thus to combat

look
-
alike” fraud.

Biometrical identification means verification of human identity
by what he/she has.

A human
being can be identified by his
behavioural and physical

characteristics
.

W
hen you identify a person
by his

voice
,

you are doing biom
etric identif
ication. People

use biometrics, in particular facial
features, voice characteristics and bodily

characteristics to identify
the
people they know. In
human
-
computer identification system, t
echniques used for identification

using
behavioral

characteristics i
nclude keystrokes

dynamics and voice recognition

while techniques using physical
characteristics may be iris recognition,

retina recogn
ition,

face rec
ognition,

hand geometry
reorganization and
finger
print

recognition
.

All
reorganization techniques

more or
less use the same
technique for biometric
identification and
authentication. While enrolling
for passport a

high
quality biometric image i
s captured. The Image can be fac
ial Image, a thumb pri
nt, a scan of hand
geometry or image of i
ris.

There exist

differ
ent techniques for
sampling and comparing

of biometric

data
. In one
technique
fingerprints can be treated as a complete picture, which

is visually compared to another
picture to locate similarities.

This is the standard method which is used by humankind

fo
r
biometric
reorganization
. However this process is prone to false positives and which can be fooled
easily.

Ano
ther way of authenticating

fing
erprints

is by computationally
lo
cating small details

in the
pattern

or template
. The
se minute

details

ca
n be ass
igned

numerical values, which are sent through
some algorithm to create

a checksum, or a template representing the unique characteristics of this
particular fingerprint.

Whenever
,

the fingerprint pattern of the

individual needs to be checked,

the
scanned i
mage of

fingerprint is

sent through the same
algorithm
. The new

sample is compared to
the stored template, and if the two have a satisfactory degree of

simila
rity, the identity is confirmed
and user is authenticated.

The
i
nitial
biometric patterns can be s
tored in a form of template
in permanent computer
memory during enrollment, which can be accessed while identification process.

The biometric
implication in e
-
passport is discussed in [5]. The major
components of a biometric system used in
e
-
passports are:




Capture


acquisition of a raw biometric sample



Extract


conversion of the raw biometric sample data to an intermediate form



Create Template


conversion of the intermediate data into a template for storage



Compare


comparison with the information i
n a stored reference template.




3
ICAO Specifications and

m
echanisms
used
in
E
-
passport

-


For deployment of
e
-
passport
s th
e
r
e

are three basic security concerns

i.e. Un
forga
bility, copy
protection and prevention of unauthorized reading of passport.
The

ICAO specifications have both
mandatory and optional security and authentication features

for covering these concerns
. The only
mandatory requirement is that the information stored on the
e
-
passport

chip be digitally signed by
the issuing country and that

the digital signature be checked before use.

Implementations of other
access control features are left on participating country. Let’s discuss operation of e
-
passport and
authentication techniques in detail and see if there are any flaws which need to be
improved.


3.1
Passive Authentication



Passive authentication

is a data authentication mechanism and
mandatory cryptographic feature for
e
-
passport

provided by ICAO st
andard
. It
dose not require processing capabilities for th
e chip in
e
-
passport or MRTD
.

The basic reason behind Passive aut
hentication

is document int
egrity. It makes
sure that the
contents of document are authent
ic and not changed or tampered.

The data stored on passport is organized in Logical data structure (herein after LDS)

which
consis
ts of number of files called data groups. LDS and data groups are specified in ICAO
guidelines

[20].

Each da
ta group in LDS is hashed and a


Document Security O
bject


is formed from these
hashes.

T
his object is digitally signed by
private key of
issuing co
untry

[6
]
. T
he reader or
“Inspection S
ystem” contains public keys of each state called
“Document Signer Public K
ey”

or a
valid certificate called
“Document Signer C
ertificate

. [6]



The steps involved in passive authentication are as follows:

When
e
-
passp
ort

is kept in proximity of the inspection system, The Document Security Object
(S
O
D) is read from the chip. The Document Signer (DS) is read from the Document Security
Object (S
O
D).

The digital signature of the Document Security Object (S
O
D) is verified b
y the

inspection system, using the Document Signer Public Key (KPuDS
)

which is stored in inspection
system
.

This ensures that

the Document Security Object (S
O
D) is authentic, issued by the authority
mentioned

in the Document Security Object (S
O
D) and uncha
nged. So the contents of the

Document Security Object (SOD) can be tr
usted
.


The inspection system reads relevant data groups from the LDS.

By hashing the contents and
comparing the result wi
th the corresponding hash value
in the Document Security Object (
S
O
D) it
ensures that the contents of the data group

are

authentic and unchanged.

ICAO guidelines for PKI [6] suggest that Passive aut
hentication

does not prevent exact
copying of the chip content or chip substitution. Therefore a passive authentication sys
tem
SHOULD be supported by an additional physical inspection of the MRTD
. Passive authentication
provides no protection against skimming or ea
vesdropping attack by outsiders, it just verifies
integrity of the data.


3.2
Active Authentication



Another aut
hentication
optional
mechanism provided by ICAO guidelines

is Active authentication.
This can be used for protecting
e
-
passport

against chip

substitut
i
on. Active authentica
tion
mechanism requires processing capacity of
e
-
passport

chip.

Active authenticatio
n work
s on public
key cryptography in which passport proves possession of private key using challenge response
protocol.

Every E
-
pass
p
o
rt chip contains its own key pair i.e. a public key
which exist in digital
document
(DG
-
15)

[20]

and a private key which
is stored in secure memory on the chip.

As the
public key is part of Document Security Object it is already authenticated by issuers digital
signature

by passive authentication
. When data is read from Machine Readable Zone

(herein after
MRZ)

[6]

of passpor
t,

it is compare
d with MRZ value in Data Group1 (DG1)
. As Passive
authentication is mandatory the

authenti
city and integrity of data group 1 and 15 ensured hence
visual MRZ is authentic and unchanged for sure.

To ensure that the Document Security Object i
s not a copy
,

the inspection system uses
challen
ge response protocol.
The challenge response

mechanism works as follows




Figure
1:

Passive authentication


As specified by ICAO guidelines the
Active authentication is performed using ISO7816
INTERNAL AUT
HENTICATION command

[6]
. The inspection sy
stem generates a random
nonce and sends i
t to
e
-
passport

chip using INTERNAL AUTHENTICATE command
.

The
e
-
passport

chip receives
this

8
-
byte challenge

(
say M
). I
t generates its own random nonce
of 8
-
bytes
(
say M1
)
.
It then calculates hash of (M || M1) c
reates trailer [23, § 3.21]

signed with private key of
e
-
passport
. The 9796
-
2

[23]

padding itself makes use
of

SHA
-
1 or
some other
hash function
. Chip
then cal
culates message represe
ntative X, signs

X

with its private
key
and sends it to Inspection
system. Computed signature is an RSA signature or Rabin Williams signature.

Sig (X)

is then sent to inspection system and inspection system verifies the signature with
public key which is associated with the passport.


As sh
own by
A. Juels

et al.

[24]

man
-
in
-
the
-
middle attack is possible in which one passport is
presented, but a different passport is used as an oracle to answer Active Authentication queries.

But
United State Govt.

recognized
this
threa
t

and put the constraint

that data cannot be overwritten
on th
e chip after personalization [27
].

Similarly ICAO specifications mandated that Active
Authentication must occur in conjunction with an optical scan by the reader of the machine
-
readable zone of the e
-
passport. As a res
ult, every reader capable of Active Authentication and
compliant with the ICAO specification also has the hardware capability necessary for Basic Access
Control

[24
]
.

Similarly, Annex G [5] clearly mentions that Active authentication makes chip substitutio
n
more difficult but not impossible. The e
-
passport presented to inspection system may be equipped
with a proxy chip for a genuine chip which is located at remote place. ICAO call this a
“Grandmaster Chess attack” which is similar to “Cryptographic Tunneli
ng attack” carried out
successfully on smart cards by which attacker can gain access to genuine chip. ICAO admits that
“the inspection system is not able to notice that it has authenticated a remote chip instead of
presented chip”

So the chips used in e
-
pa
ssports should be manufactured to resist a range of side channel and fault
injection attacks traditionally applied to smart cards.


3.3
Basic Access Control



ICAO standards [4] admit

that some countries might be concerned about possible sk
imming and
eave
sdropping attack

so ICAO offers an optional Basic Access Control mechanism in
e
-
passport
.
Basic access control ensures tha
t the contents

of the chip can only be read wh
en bear
er willingly
offers

e
-
passport

to
be read and it is

read in secure way. The chip
protected by Basic Access
Control stores a pa
ir of secret cryptographic keys
. When a reader attempts to
scan the passport, it
executes

a challenge

response mechanism

that proves knowledge of the pair of keys
which are
derived from

the information collected

from

MRZ
and derives a session key. If authentication is
successful, the passport

chip releases its data contents

otherwise the reader is considered as

unauthorized and the passport refuses read access.

Aft
e
r

inspection system is authenticated the
chip en
forces the inspection system to create a secure and encrypted communication channel for
secure messaging
.


F
ollowing steps are performed to authenticate the inspection system



Key derivation step
-

The inspection system reads the ‘MRZ information’ from th
e chip consisting of the concatenation
of Document Number, Date of Birth and Date of Expiry, including their respective check digits.
The most significant 16 bytes of the SHA
-
1 hash of this collected information is used to derive
Basic Access Keys.

The key
s are derived from SHA
-
1 hash of
concatenation

of most significant 16 bytes and a
predefined 32 bit counter ‘c’. where c=1(i.e. ‘0x 00 00 00 01’) for encryption

and c=2 for MAC
computation
.

The key derivation mechanism is as shown in figure





Figure

2:

co
mpute keys from key seed scheme.
This figure is taken from ICAO Document 9303.


Authentication and key establishment step
-

Authentication and key establishment follows ISO 11770
-
2 Key establishment mechanism 6 and
uses triple DES as block cipher

[5]
.

Th
e inspection system

requests a challenge

by sending the GET CHALLENGE comm
and.
The chip generates a random 8
-
byte nonce and sends it to Inspection system
.

The inspection system generates a random nonce and a keying material both 8
-
bytes
. A
concatenation S
R

is created
by combining the nonce keying material and nonce from chip.

It then
computes
the cryptogram
C
R

from S
R
.

Compute
s

the checksum
M
R

from C
R

then

M
R

||

C
R

is sent
to chip for mutual authentication.

The chip does exact

opposite procedure to generate

original nonce

and checks if inspection
system returned
the
correct value. Chip then computes cryptogram and checksum following the
similar procedure as inspection system and sends it back.

When Inspection system receives C
T

and
R
T
,

it first checks MAC M
T

and decrypts C
T

following the sim
ilar procedure
it
generates original
nonce

and checks if it returned correct value.



Figure 3: Basic Access Control


After successful authentication,
subsequent communication is

protected by

Secure Mes
saging
.


The entrop
y of the key is 56 bits which is considerably small and may give encouragement to
a brute
-
force attack
.

Basic access control is effective against simple skimming attack
s where
attacker has no knowledg
e of the victim and his respective information like date

of bir
th and
passport number but some
one who is trying to target a known person would certainly know at least
his date of birth
. As p
assport num
bers generally
follow

particular format like Los

Angles Passport
has first two digits as “03” and re
st bits are

assigned serially, i
ssu
ance

and expiration dates

have

high correlation with passport numbers.

As these entropy

bits are easily guessable
, it

further

reduces entropy key making brute force attack easier.


Basic access Control uses SHA
-
1 or some other tradi
tional hash functions for computing
hashes.
Some conventional cryptographic hashing functions (MD4, MD5, SHA
-
0) have been

already

broken within practical limits

in really less time
.

As we will see in next section SHA
-
1
itself has vulnerabilities which may
cause Basic Access Control
and active authentication
mechanism
s

to fail.



3.4
Extended access control
-


Extended access control mechanism prevents
skimming and
unauthorized
access to additional
biometrics.
According to ICAO specifications Extended Access
Control mechanism is similar to
th
e Basic Access Control

the only difference is Extended Access Key set is used instead of the
Document Basic Access Keys
. Extended access control key definitions are left to implementing
states.

Dennis Kijgler of
Germany is

developing such an

extended access control mechanism. It
includes active authentication protocol to make biometric informa
tion of passport more secure
[26
].



4
E
-
passport

threats




4.1
RFID Security Threats

-


T
hreats related to RFID technology

affect
e
-
passport security
.

Major RFID threats include
c
landestine

scanning
, c
landestine tracking
, s
kimming and Cloning
.

A
ll

threats

relate to

reading the
information on passport chip

without knowledge of passport holder.

These
attack
s

on e
-
passports
can be carri
ed out for identity theft purposes or to trace the movements of an individual. A person
traveling in a bad neighborhood could be attacked just on the basis of his or her nationality,
revealed through skimming

or clandestine scanning
. Cloning is duplicating

the
e
-
passport

without
knowledge of passport holder.

Basic access control

dose not guaranty avoiding skimming and
cloning attacks.

Recently studies

show
e
d that UK e
-
p
assport successfully hacked and cracked in
just 2

hours. Germany e
-
passport has been clon
ed [11, 12]
.

Eavesdropping is the intercepting of conversations by unintended recipients.
An
eavesdropping attack can occur, if the
contactless

smart card is actively communicating with a
legitimate reader.
RFID
e
-
passport
s are vulnerable to eavesdropping
and none of the techniques
specified in ICAO guideline prevent
Eavesdropping
.


4.2
Biometric Security Threats

-

Privacy
-

The main issue raised by use of biom
etrics in e
-
passpo
rts is privacy of an individual
. As currently
deployed RFID chip continuously bro
adcasts the information and prone to Skimming and
Eavesdropping attacks
,

the biometric personal data stored on RFID chip can be compromised
raising privac
y concerns. No
body want
s

a non
-
authorized pe
rson to access the data in his

passport
by just walking by

with handheld contactless reader equipment. A more controversial issue is that
the passport chi
p will contain

pictures (actual JPEGs) in unencrypted form. In particular,
compromise of biometric data such as fingerprints or hand
geometry

can give attacker
access to
critical or secured locations like bank lockers or secure defense sites by making false finger

[28]

or
facial mask.

Biometric data leakage
-

As discussed by Ju
e
l
s et al [24] leakage of biometric data on an e
-
passport possesses its own
security ri
sks. Moreover, biometric leakage may spill into other environments. The more popular
that biometric authentication becomes, the more important it becomes to secure biometrics. In
particular, if the passport facial image becomes a standard biometric outside

the passport context,
the insecurity of the RFID passport will make it an easy target for obtaining a person’s official
biometric “identity”.

5

Associated problems and
Re
commendations for strengthening E
-
passport

-


One of the
techniques used by United S
tates Government is
add
ition of

RF blocking material

to the
cover of an e
-
passport. Materials such as aluminum

fiber are opaque to radio waves and could be
used to create

a Faraday cage, which prevents reading the RFID device

inside the e
-
passport.

This
wi
ll avoid possible clandestine scanning and tracking attacks and restrict eavesdropping as far as
e
-
passport

is completely closed.

In Black Hat conference in Las Vegas, US, Lukas Grunwald, of German computer security
company DN
-
Systems, showed that RFID pas
sports can be cloned with relative ease. He found
that passports designed according to the International Civil Aviation Organization (ICAO)
standard can be cloned.

[11]
[12]

However, if the information stored on passport is encrypted it will make cloning an
d hacking
tedious. Many countries are thinking over encrypting data stored on passport but in current
deployment US Department of states clearly refuses
encrypting the data offering
excuses [29] but

security experts debate that the data on passport is not
openly
published w
i
th
out knowledge of the
passport

h
older and as discussed by Juels

et all [
24
] the data encryption dose not actually

take

long
time

as the stored data is really less (64KB)
.

Encrypting the data will make the system

compli
cated
but ultimate
ly will improve security and privacy in e
-
passport
.

Ka
rthikeyan et al

[22]

propose an algorithm to secure RFID tag without

much extensive
cryptography

based on simple matrix
multiplications

which can be
implemented

in
e
-
passport

to
make them secure.


One m
ore assumption for the technology being deployed is standard reading distance for a reader
is limited (i.e.10 cm.). But there is no public record to establish that the authorized readers cannot
in fact read the proposed RFID passport from a greater distanc
e. As Schneier notes, the claim that
RFID passports can only be read from a distance of a few centimeters is “spectacularly naive,”
because “all wireless protocols can work at much longer ranges than specified.”[10]
.
Additionally
there is no public evidenc
e that hostile attackers cannot design unauthorized readers capable of
reading at a greater distance.

Again, covering the
e
-
passport

with RF blocking mate
rial is the only solution to this

problem.


The critical assumption made

in ICAO PKI specifications [
4
] is Document basic access keys can
not be obtained from a closed document and document is willingly handled over to the inspection
system. But recently research students from Vrije University in the Netherlands speaking at the
August 2006 Black Hat confe
rence in Las Vegas showed that the passport can be read from 60
centimeters

away if they are opened by just 1 cm, using a device which can be used to hijack radio
signals that manufacturers have touted as unreadable by anything other than proprietary scann
ers.

Recently Kevin Mahaffey

f
rom Flexilis demonstrated that the
e
-
passport

holder can be
attacked though the passport is open a fraction of an inch

[14][15]. The live demonstration video is
published on the web

[16].
As demonstrated in video, p
assport ho
lder

s nationality can be used as
the means of target for attack.

Taken to a logical extreme, this could enable what has been
described as a RFID
-
equipped mine which only detonates in the presence of U.S. citizens.
As
proposed

by Kevin[17] the improved
shi
elding

on both sides of passport is a good solution and can
sooth many of the
concerns

about skimming and eavesdropping of passport data along with
minimizing privacy and security concerns involved in
e
-
passport
s.


As discussed

earlier
,

keys for Basic Ac
c
ess Control have

52 bits of

entropy, which is too

low
to
resist a brute
-
force attack and the key can be guessed from some commonly available information.
ICAO PKI technical paper [5] dismisses this threat suggesting that there are easier ways to obtain
the

information stored on a passport. This ignorance can lead to identity theft and more
importantly biometric threats. Biometric Information stored on e
-
passport chip may not be publicly
available. If attacker gains access to finger print information he/she
can create false finger [28]
gaining access to critical and secret locations which are based on biometric authentication.

The situation
of guessing the access key
is similar to many password
-
based authentication and
session
-
setup protocols. So another appr
oach to nullify the security issue is ‘Encrypted k
ey
exchange protocol


discovered

by Bellovin and Merritt

[21],

which

do not s
uffer from this
problem. A

low entropy password is used to exchange a high entropy secret that cannot efficiently
be guessed usin
g an off
-
line attack. Using this encrypted key exchange protocols for basic access
control would strengthen the security of the passport considerably.

One more approach

here would be to add a 128
-
bit secret, unique to each pass
port
to the key
derivation al
gorithm
, which will make brute force attack much harder. This

secret
key may reside
with the rest of the information stored in e
-
passport.


As discussed in earlier section, Basic access control and Active Authentication use

SHA
-
1
hash
function

for computin
g hashes. Recent studies show that
SHA
-
1 is not collision free and can be
broken in 2^69 attempts instead of 2^80
[32]
. It takes 56 hrs to break SHA
-
1 with current
computing speed which will be definitely less in future. Schneier
[33]

suggests, 'It's time
for us all
to migrate away from SHA
-
1.' Alternatives include SHA
-
256 and SHA
-
512."

NIST is already
phasing out SHA
-
1 and recommending the use of newer hash algori
thms such as SHA
-
256
[34]
.
T
he ICAO standards should also require the use of these newer and st
ronger hashing algorithms.


ICAO LDS

document

[20]

clearly specifies the

inclusion of the passport number within the logical
data structure (LDS). This

creates a trusted link

between the

passport

number, the printed data
page and the electroni
c credential
held within the e
-
passport chip
.

However there is no

direct link
be
tween the credential and the chip
.
Mandating chip serial number

and including

in both the f
ile
system maintained on the passport chip

and also

with the digitally signed LDS

will

significant
ly
increase the chain o
f trust of the credential and

enable several

cryptographic operations to verify
the rela
tionship between that of the e
-
passport chip

and

the credential
s

being presented
.

A paper published by Molnar et al [18] show how the p
rivacy iss
ues related to RFID
technology

can be
resolved through trusted computing and key management
. Similarly Juels [24
]
propose a future solution of optical key management combined with tru
st management. This
approach will

significantly
strengthen
e
-
passport
s in

near future.

So an alternative to mutual authentication between the reader and the passport chip would be
for both to communicate with a mutually trusted third
-
party. In the case of a shared root
certification authority, this third party would be ICAO or
the UN.
There can also be
active third
-
party agent, this could be a secured computer owned by the passport holder’s nat
ive country,

connected to the border control computer network. This way, any certificates that the passpor
t chip
inherently trusts

can be

used to verify the identity of the secured computer. If the passport chip can

trust the secured computer
, it can be assured that all its communications with the reader are fresh,
i.e., it doesn’t have to worry about keeping up
-
to
-
date with revocation list
s

[25]
.

6
Conclusion



We

discussed the
technologies used in e
-
passports and authentication mechanism proposed by
ICAO specifications for securing e
-
passports
,

after analyzing these
principles
and security and
privacy issues we can conclude

that

unautho
rized reading of e
-
passport data is a security

risk as
well as a privacy risk. The risk will only grow

with the push towards unsupervised use of
biometric

authentication.

Current security mechanisms proposed by ICAO standards
include some

weak protection m
easures

which can end up compromising the security and privacy measures that
were meant to

be enhanced

with the new

technology.

Analyzing resent studies from security scientists we saw how the current ICAO safeguards
can be defeated in a number of ways

and

their consequences
.
Armed with the information stolen
from a passport, the criminal can carry out a variety of identity theft crimes

and gain access to
secured critical areas. Considering these security breaches w
e also discussed
some proposed
solutions b
y various security scientists along with
alternate cryptographic techn
iques

to adequately
protect the information on the
passport chips
.

From these studies we can clearly say that world is heading towards
implementing an
international database containing t
he personal information of all citizens or passport holders which
would greatly decrease the risk of passport fraud. However, this security measure will compromise
the individual

s basic right of privacy unless serious security constraints are applied
on
i
mplementation and use of the database.


7 Future Work
-


I believe, attention should be paid to the further development and security improvements of e
-
passport. The e
-
passport is here to stay, but with few cryptographic enhancements and
implementation of
trusted computing. One of the major issues I can predict i
s implementation of
national and

international databases for verification of passports and people. I believe these
databases will be implemented in near future, but deployment of proper security and

privacy
measures will deicide success or failure of the e
-
passport program.

Today’s e
-
passport deployments are just the first wave of next
-
generation identification
devices.
A carefully planned and proper implementation of cryptographic and other security

measures will undoubtedly improve the security of e
-
passports and make them nearly impossible
to forge.

With completely secured and unforgable e
-
passport, future deployment of e
-
Visa will just
remain the matter of implementation.

In current proposed secur
ity mechanisms we can get technical directions for future
deployment of
electronic visas which can be implemented by new high assurance smart card
operating system technology that could provide adequate security to allow multiple countries to
safely write
information to the same smart card chip.



References



[
0
1]

The International Civil Aviation Organization,
http://www.icao.int



The MRTD site, which provides information about the development of
s
tandards for
Machine readable travel documents,
including electronic passports.
http://www.icao.int/mrtd/Home/Index.cfm

[02]

The US Department of State travel.state.gov


web pages, giving information regarding
travel to and from the US, and the Visa Waiver Program
http://www.travel.state.gov/visa/temp/
without/without_1990.html


[
0
3]

Visa waiver

program FAQs
,

http://cbp.gov/xp/cgov/travel/id_visa/vwp/vwp.xml


[
0
4]
ICAO machine readable travel documents

(MRTD) DOC 9303 October 2004

http://www.icao.int/mrtd/publications/doc.cfm


[
0
5]

ICAO TAG MRTD/NTWG:
“Biometric Deployment of Machine Readable Travel

Documents V2.0”.
ICAO, May 2004.



[
0
6]

PKI for Machine Readable Travel Documents offering ICC read
-
only access.


[
0
7]

http://en.wikipedia.org/wiki/RFID


[
0
8]

Juels, Ari:
RFID Security and Privacy: A Re
search Survey.
RSA Laboratories,
September
2005.


[
0
9]

ISO 14443
-

An introduction to the contactless standard for smart cards and its relevance to
customers


[11]

http://www.engadget.com/2006/02/03/dutch
-
rfid
-
e
-
passport
-
cracked
-
us
-
next/



[12]

http:/
/www.workpermit.com/news/2006_08_04/rfid_technology_cloned.htm


[13]



http://www.state.gov/r/pa/prs/ps/2006/70433.htm


[10]

http://www.schneier.com/blog/archives/2004/10/rfid_passports.html


[15]


http://www.flexilis.com/download/RFIDPassportShieldFail
ureDemonstration.pdf


[14]

http://www.flexilis.com/e
-
passport.php


[16]

http://www.youtube.com/watch?v=
-
XXaqraF7pI


[17]

http://www.flexilis.com/download/RFIDPassportTechnicalAnalysis.pdf


[18]

Molnar

D, Soppera A and Wagner D
.
Privacy For RFID Thr
ough Trusted Computing


[19]

Matt Bishop:
“Computer Security; Art and Science”.
1. Edition. Addison Wesley, 2003.


[20]
Development

of a Logical Data Structure
-

LDS for Optional Cap
acity Expansion
Tec
hnologies Revision

1.7 2004


[21]

Steven M. Bellovin

and Michael Merritt. Encrypted key exchange: Password based protocols
secure against dictionary attacks. In IEEE Security & Privacy, pages 72

84, Oakland, CA,
USA, May 1992. IEEE.


[22]

Karthikeyan Sindhu &

Nesterenko Mikhail. RFID Security without Exten
sive Cryptography


[23]

ISO/IEC 9796
-
2, Second Edition 2002



[24]

A. Juels, D. Molnar, and D. Wagner. Security issues in e
-
passports. 2005.


[25]

Gaurav S. Kc and Paul A. Karger. Security and privacy issues in machine readable travel
documents (MRTDs
). IBM Technical Report (RC23575), IBM T. J. Watson Research Labs,
April 2005.


[26] Dennis K¨ugler. Security mechanisms of the biometrically enhanced (EU)

passport.
Presentation at the Security in Pervasive Computing conference, Boppard, Germany, April
20
05.

URL:
www.spc
-
conf.org/2005/slides/SPC_Passport.pdf


[27]

Concept of operation for the Integration of Contactless chip in the U.S. Passport V2. 2004.

http://www.statewatch.org/news/2004/jul/us
-
biometric
-
passport
-
original.pdf


[28]

Lisa Thalheim, Jan K
rissler, and Peter
-
Michael Ziegler. Body check: Biometric access
protection devices and their programs put to the test.
c’t
.
URL:
http://www.heise.de/ct/english/02/11/114/


[29
]

Department Of State Federal Register: October 25, 2005 (Volume 70, Number 205)[
Final
Rules]

URL:
http://edocket.access.gpo.gov/2005/05
-
21284.htm


[30]

Department of state [Federal Register: February 18, 2005 (Volume 70, Number 33)]

[Proposed Rules]
.

URL:
http://a257.g.akamaitech.net/7/257/2422/01jan20051800/edocket.access.gpo.gov/200
5/
05
-
3080.htm


[31]

Landt, Jerry (2001).
Shrouds of Time: The history of RFID

(PDF). AIM, Inc.. Retrieved on
2006
-
05
-
31
.


[32]

Article on “
Crack in SHA
-
1 code 'stuns' security gurus


URL:
http://www.eetimes.com/showArticle.jhtml?articleID=60402150


[33]

http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html


[34]

NIST Comments on Cryptanalytic Attacks on
SHA
-
1


URL:

http://
csrc.nist.gov/CryptoToolkit/shs/NISTHashComments
-
final.pdf