Thursday, December 21, 2006

Back on the Subject of ID cards (ish)

The subject of the new UK passport with it's RFID chip has got some people quite worked up. It also encouraged a lot of discussion by security experts. I made the point earlier on that these security vunerabilites would not necessarily apply to the ID card when it was created. In addition to this, I feel that there are a few other myths that need to be addressed.

Initial Points
The first point to make is that the chip on the passport is intended to be read all around the world, the information about how to access the passport has been published by the ICAO. The chip is designed to be readable. So this quote...

“The Home Office has adopted a very high encryption technology called 3DES - that is, to a military-level data-encryption standard times three. So they are using strong cryptography to prevent conversations between the passport and the reader being eavesdropped, but they are then breaking one of the fundamental principles of encryption by using non-secret information actually published in the passport to create a ’secret key’. That is the equivalent of installing a solid steel front door to your house and then putting the key under the mat.”

...is deeply misleading, it is that way by design (ICAO's design, not the Home Office's). The protections are in place so that anyone attempting to access the chip needs to open and look at the passport to be able to access the information on the chip.

Accessing the Information
Oft confused are the subjects of encryption, access control and digital signing, this is something that needs clarifying. Encryption is the encoding as data in such a way that it can only be read by someone who has the encryption key. At it's simplest:

"Hello World" -> "Ifmmp Xpsme"

Unreadable unless you can work out the pattern used to encrypt the data. The UK passport encrypts it's conversation to the RFID scanner, but the data held on the passport itself is not encrypted the purpose of this security feature is to prevent "conversations" between a chip and a scanner being eavesdropped.

Authentication is a method of obtaining access to a system, a username and password, or simply a password. The passport is protected a simple access control system. What the Guardian article refers to is the authentication system that uses a password based on data contained on the last page of the passport.

Digital signing is a method of ensuring a document is authentic, it is in essense a unique stamp on a document. A digital signature consists of two parts a private and public key. The private key is kept by the issuing authority and used to sign the document, the public key is distributed and can be used to verify a document's authenticity. Any alterations to a document and the digitial signature is invalidated. The UK passport is digitally signed to prevent forgery.

Why All This Matters
The article puts forward the scenario where a postman is able to steal your passport letter, initiate a brite force attack against the RFID chip and return it a day late having stolen the data on the passport. This sounds plausible and would be very hit and miss, passports are not renewed that often so the number of cloneable passports a single postie could obtain would be very low.

Having stolen this data, it may be theoretically possible to clone a passport, but the data on the chip could not be altered in any way due to the digital signature. This would mean that the ID criminals would need to find someone who looked like you to use the passport. It also means that this method could not be used to clone passports for sale on the black market. Additionally, once biometrics were added to the passport, an identity thief would also need to find a method to mimic these biometrics.

And the dangers...
Traditionally, criminals have obtained fake passports by posing as someone else and applying for either a new passport or a replacement passport, using their photos. If we compare the two methods.

Traditional
  • Obtain detailed background doucmentation on a person
  • Send off for a passport application

EPassport Cloning
  • Bribe a postie
  • Research the people in the postman's area
  • Obtain passport letters, brute force attack the RFID chip
  • Construct a replica passport with a cloned ID chip
  • Find someone who looks similar to the passport user to use the passport

Passport cloning is far to difficult a process involving far too much effort for it to be worthwile to ID criminals.

citizenandreas [at] slick47 [dot] co [dot] uk

1 comment:

el tom said...

*Sigh*

Seriously, how long until this gets scrapped? is there a No2ID Labour group?