Browse archive

Latest news

Is it time to professionalize information security?

Google researcher reveals another Windows 0-day

Twitter finally offers 2-factor authentication

DHS employees' info possibly compromised due to system flaw

Teens are into online sharing, but are also more privacy-aware

The dangers of downloading software from unofficial sites

Microsoft decrypts Skype comms to detect malicious links

A spotlight on grid insecurity

Review: Logging and Log Management

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Hacking charge stations for electric cars

On the Security of E-Passports

by Marc Witteman - CTO of Riscure - Monday, 3 December 2007.

Electronic Passport security mechanisms

With the aim to reduce passport fraud the MRTD specs primarily addressed methods to prove the authenticity of passport and its data, and the passport holder. The technology used for this includes PKI (Public Key Infrastructure), dynamic data signing and biometrics. The latter (biometrics) however is still under discussion and not yet fully crystallized in the specifications.

Passive Authentication

PKI (Public Key Infrastructure) technology was chosen to prove the authenticity of the passport data. This technology is successfully applied on the internet for e-commerce, and has gained high popularity. Certificate based authentication requires only reading the certificate by the inspection system, which can then use a cryptographic computation to validate the authenticity using the public key of the issuing country. This method is called passive authentication and satisfies with RFID chips without public key cryptographic facilities, since it involves only static data reading. Although the authenticity of the data can be verified, passive authentication does not guarantee the authenticity of the passport itself: it could be a clone (electronically identical copy).

Active Authentication

The cloning problem is addressed with an optional signing mechanism called active authentication. This method requires the presence of a asymmetric key-pair and public key cryptographic capabilities in the chip. The public key, signed by the issuing country and verified by passive authentication, can be given to the inspection system, which allows verification of a dynamic challenge signed with the private key. While the private key is well protected by the chip it effectively prevents cloning since the inspection system can establish the authenticity of the passport chip with the active authentication mechanism.

RFID

For the incorporation of modern electronic technology in the existing paper documents it was decided to use (contactless) RFID chips. These chips can be embedded in a page of the document and put no additional requirements on the physical appearance of the passport. A question that arises here is whether this is the only reason to apply RFIDs instead of contact based cards. Other reasons could be related to the form factor of contact smart cards which complicates embedding in a passport booklet, or the fact that contacts may be disturbance sensitive due to travel conditions. With the choice for RFID the privacy issue arises. RFIDs can be accessed from distances up to 30 cm, and the radio waves between a terminal and an RFID can be eavesdropped from a few meters distance. An adversary with dedicated radio equipment can retrieve personal data without the passport owner’s consent. This risk is particularly notable in a hostile world where terrorists want to select victims based upon their nationality, or criminals commit identity theft for a variety of reasons.