e- passports t

Erik Poll
Digital Security Group Radboud University Nijmegen

overview
e-passports functionality and security mechanisms problems, problems so far future

e-passports
e-passport contains RFID chip / contactless smartcard
in Dutch passports, passports a Java Card

chip stores digitally signed information:

initially just facial images (photos) also fingerprints later maybe iris

aka biometric passport or MRTD with ICC/chip introduction pushed by US in the wake of 9/11
to solve what problem?? p

e-passport p p logo g
3

Protocols & standards

ISO 14443 defines physical communication for RFIDs ISO 7816 originally developed for contact smartcards defines standard APDU commands & responses, p ICAO standard for e-passports defines specific IS0 7816 commands and responses for passports additional EU standards standardise optional parts of ICAO specs & fix timeline additional advanced secuity mechanisms on top of ICAO
4

National id-cards & terminology

Nederlandse Identiteitskaart (NIK) conforms to the same ICAO specification

NB possible confusion eNIK is a future extension of NIK, with digital signature capability MRTD = Machine-Readable Travel Document just has Machine (OCR) Readable Zone, the MRZ, but need not contain a chip ie. e-passport = MRTD + chip MRZ
5

European Electronic Passport

Facial images: deadline 28 August 2006 Fingerprints: deadline 28 June 2009 protected by additional security mechanism, extended access control Participants: all members except UK, IRL, NOR

e-passports & authentication

authentication of data authentication of the chip p authentication of the terminal
why? y how?

authentication of the passport holder

how? passport data: age, height, gender,... facial image, fingerprint, iris signature

Biometrics to authentication passport holder

Facial image (DG2, ISO 19794-5)
JPEG or JPEG2000 image Basic, B i F Full ll F Frontal, t l T Token k I Image Feature points (e.g. eyes)

Fingerprint g p (DG3, ( , ISO 19794-1) )

Uncompressed, WSQ, PNG, JPEG or JPEG2000 How to indicate the fingerprint cannot be enrolled (no DG3, empty DG3 DG3, no template), template) how to store 2 fingerprints (2 images images, 2 templates)

Iris image (DG4, ISO 19794-6) NB one would prefer not to store the raw biometrics, but some (hash of) derived info. Why? How?
8

Security mechanisms
Passive Authentication (PA) ICAO digital signature on passport data on chip mandatory Basic Authentication Control (BAC) ICAO optional, access control to chip, to prevent EU mandatory unauthorised access & eavesdropping Active Authentication (AA) ICAO optional chip p authentication ie prevent cloning Extended Access Control (EAC) EU only, y, mandatory y for chip and terminal authentication 'advanced' biometrics,
ie fingerprint & iris

Passive Authentication
passport chip consists of 16 data groups (DGs)
DG1 MRZ DG2 face DG3 finger DG4 iris ... DG15 Active Authentication ...

and d a security object b SO, signed hash values of the data groups To check the signatures, terminal needs country signing certificates Passive Authentication mandatory on all e-passports
10

Basic Access Control (BAC)

Contactless interface is both advantage and disadvantage BAC allows to read the data only after reader authentication: th ti ti reader proves knowledge of the MRZ of the passport The authentication key is derived from document nr, nr date of birth, date of expiry BAC is ICAO optional (recommended) feature, in EU mandatory d t
Interoperability issue How to find out the p passport p is BAC-protected? p try & you find out

11

Basic Access Control (BAC)

protects against unauthorised access and eavesdropping
optically read MRZ send MRZ receive additional info Machine Readable Zone

encrypted
12

Alternative: Faraday Cage

protects against unauthorised access, but not eavesdropping
used in US passports, initially instead of BAC

13

Active Authentication (AA)

protects against passport cloning (which BAC doesn't) ie authentication of the p passport p chip p
public key, signed by government (DG15)

send challenge

prove knowledge of corresponding private key

14

possible drawback of AA: challenge semantics

passport chip that supports AA will sign any challenge terminal could choose challenge c with some semantics eg. c = Sign(SKterminal, IDpassport ++ date ++ location) card replies Sign(SKpassport, c) can be useful - eg unfakeable log of entry to the country but do we want it? NB AA should be protected by BAC This can be prevented by not using a challenge signed by an asymmetric key, but using assymmetric crypto to establish a shared secret symmetric key that is used for MACs as in EAC

15

Different ways to do authentication

1. Shared key (symmetric or assymmetric, possibly diversified) A -> B : Encrypt(K, random || idA) B -> > A : Encrypt(K, Encrypt(K random || idB) 2. Cipher-based authentication using public keys A chooses random key K A -> > B : Encrypt(PubKeyB, K) B -> A : MAC(K, idA || idB) 3. Signature-based authentication A -> B : challenge h ll B -> A : Encrypt(SecretKeyB, challenge || idA || idB) Challenge semantics only possible with 3, because signature in 3 requires assym. SKB key that only B has
16

Extended Access Control (EAC)

includes authentication of terminal by passport why would we want this? leaking leakin privacy-sensitive privacy sensitive information information, e eg at hotel check check-in in esp fingerprint & iris how would we do this? some terminal certificate what are problems with this? certificate revocation hard to realise
certificates for short perios

ISO 7816 Card Verifiable (CV) certificates used rather than X.509 p public key y certificates.

how do you revoke a terminal certificate on all passports? passport does not have time to check certificate expiry
chip can only record date of last transaction

17

Extended Access Control (EAC)

Two phases Chip Authentication replaces AA starts Secure Messaging (SM) with stronger keys Terminal Authentication uses traditional challenge-response:
terminal sends certificate chain to chip p chip sends challenge terminal replies with signed challenge Checking expiry of certificates by passport requires knowing the date. Passport keep track of latest date in trusted certificates.
18

Extended Access Control

Chip Authentication chip -> terminal: PKpassport terminal chooses ephemeral DH key pair (SKtemp, PKtemp) terminal -> chip: PKtemp chip and terminal compute shared symmetric key K K = KA(SKpassport,PKtemp) = KA(SKtemp,PKpassport) with derived session keys y for encryption yp Kenc and MAC Kmac

19

DG DG1 DG2 DG3 DG4 .. DG14 DG15 DG16 SO

Content MRZ Face Finger Iris SecurityInfo* AA public key Security Object

read/write R R R R R R R R R

mandatory / optional m m o o o o m

acccess control BAC BAC BAC+EAC BAC+EAC BAC BAC BAC

*ANS.1 data structure indicating support for Chip and Terminal , and defining. f g. Chip p Authentication Public Key K y Authentication,
20

problems bl with ith passports, t so far...

passive vs active attacks on RFID

passive attacks
eavesdropping on communication between passport & reader possible from several meters

active attacks
unauthorised access to passport without owner's knowledge possible up to 25 cm activating RFID tag requires powerful field! aka virtual pickpocketing variant: relay attack

22

Problem with BAC: low entropy in MRZ

MRZ key based on passport number, expiry and birth dates passport numbers typically issued in sequence, so low entropy and strongly correlated with expiry date entropy, 3DES max 112bit, BAC max 56/74bit, in practice 30-50 off-line brute force attack on eavesdropped traffic is possible l [Marc Witteman & Harko Robroch, 2006] first discovered for Dutch passport, but other countries had p the same problem solutions?
changing the key derivation procedure rejected by ICAO for compatibility compat b l ty issues ssues not handing out passport no's in sequence causes organisational & operational problems

23

Problems with Belgian passports

First generation of Belgian passports (2004-2006) did not support BAC so MRZ (DG1) skimmable ki bl in i faction f ti of f a second, d all ll passport info in about 10 secs These p passports p also provide p info not required q by y ICAO, , incl place of birth digital version of handwritten signature
Also, same problem with low entropy of MRZ as Dutch passports

24

Problem with test version of Dutch passports

Dutch passports contain a JavaCard JCOP chip, produced by NXP, which can also provide MIFARE Classic emulation Chips Chi used d in i test-batch t t b t h of f the th passport t did provide id thi this MIFARE functionality, using default factory keys! Eg g ov-chipcard p or RU access card can be cloned onto such chips In the real passport, MIFARE emulation was switched off

25

Problem with ISO 14443: fixed UIDs

Normal ISO 14443 tags sent a fixed UID as part of the anti-collision protocol This Thi would ld allow ll t tracking ki of fi individual di id l passports t non-standard standard hardware Producing random UID requires non Some countries still used fixed UIDs (eg Italy)
First batch of Dutch passports did not have truly random UIDs, as 2 bits in the random UIDs are always the same...

26

Another problem: Spot the security flaw

BAC protocol
1. terminal -> passport: GET_CHALLENGE 2 passort 2. t -> t terminal i l : nonce 3. terminal -> passport: (m, MACMRZ-key(m)) where m = encrypt yp MRZ (nonce) ) MRZ-key key ( 4. passport checks MAC, decrypts m, checks nonce Code to do this
mutualAuthenticate(APDU apdu) { if(!checkMAC(apdu, K)) ISOException.throwIt(SW_WRONG_MAC); N = decrypt(apdu, K); if(myN != N) ISOException.throwIt(SW_WRONG_CHALLENGE); // return OK }

27

Information leakage/timing attack

BAC protocol
1. terminal -> passport: GET_CHALLENGE 2 passort 2. t -> t terminal i l : nonce 3. terminal -> passport: (m, MACMRZ-key(m)) where m = encrypt yp MRZ (nonce) ) MRZ-key key ( 4. passport checks MAC, decrypts m, checks nonce There is a danger of information leakage through different responses for wrong MAC and wrong nonce or, different response times for wrong MAC and wrong nonce If so after eavesdropping a correct BAC session with a passport, you can replay that session to detect that passport: the MAC will be correct correct, the nonce will be wrong
28

Problems with terminals

Lukas Greenwald reported some terminals crashing with a buffer overflow on malformed JPEG missing input validation, as usual... Jeroen van Beek (UvA) reported some terminals failing to check digital signatures correctly ICAO specs somewhat tricky
eg will terminal spot a clone of a passport that says it d sn does not t support s pp t AA?

29

 bla

Erik Poll

Radboud Universiteit Nijmegen

30

Problem: determining passport origin

Error messages of the card reveal manufacturer ie provide fingerprint

BSc thesis by y Henning g Richter here in Nijmegen

31

Errors can leak information

An Error Has Occurred. Error Message: System.Data.OleDb.OleDbException: Syntax error (missing operator) in query expression 'username username ''' and password = 'g'' g . System.Data.OleDb.OleDbCommand.ExecuteCommandText ErrorHandling (Int32 hr) at System.Data.OleDb.OleDbCommand.ExecuteCommandText ForSingleResult (tagDBPARAMS dbParams, Object& executeResult) at

32

Fingerprinting passports
All e-passports react the same to correct protocol runs.... but what about incorrect ones? Eg q commands out of sequence
eg B0 (READ BINARY) before completing BAC eg 44 (REHABILITATE CHV)

commands not in the ICAO specs at all commands with silly parameters

33

Example commands & responses

Commands sent to card include 1 instruction byte, eg
A4 B0 84 82 ... SELECT FILE READ BINARY GET CHALLENGE EXTERNAL AUTHENTICATE

Responses from card include 2 bytes status word, eg

9000 6D00 6986 6700

...

No error Instruction not supported Command Not Allowed Wrong Length

Defined in ISO7816, re-used in ICAO specs

34

Example responses to B0 instruction

B0 m means ns "read " d binary", bin " and nd is only nl allowed ll d after ft BAC
response (status word) Belgian Dutch French Italian l German 6986 6982 6F00 6D00 6700 meaning not allowed security status not satisfied no precise diagnosis not supported d wrong length

255 other instructions to try, and we can try different parameters ...
35

Fingerprinting passports
Response to strange inputs provides unique fingerprint for ten nationalities originally tested
A Australian, t li B Belgian, l i Dutch, D t h F French, h German, G Greek, G k Italian, It li Polish, Spanish, Swedish

The fingerprints depends on implementation choices in the software

4 commands suffices to distinguish between these nationalities. The response p to
instruction byte 82 identifies Australian, Belgian, French, and Greek A4 identifies Dutch and Italian 88 identifies f Polish and Swedish 82 with different parameter identifies German and Spanish

Code to do this is very simple & very fast

36

More fingerprinting possibilities

ATS (Answer To Select) sent by RFID on activation to indicate eg supported dd data rate, b but also l operating system version (in "historical bytes") Other OS behaviour eg Dutch passport recognisable as Java Card, as it supports Global Platform Physical characteristics power consumption, response times, ....
JCOP41V22 , so it it's s an New Zealand passport sends "JCOP41V22" IBM/NXP JCOP card, version 4.1, running Java Card 2.2

37

What goes wrong?

38

Organisational hassle
How realiable is the issuance process?
Someone obtained a Dutch ID card with a picture of himself as the Joker from Batman of

few countries bother to read the chip on a regular basis exchanging certificates (bilaterely via diplomatic post) is a big hassle hardly any countries use fingerprint data is quality of fingerprints info really good enough ? yet more certificate hassle, hassle as terminal have to be equipped with a short-lived terminal certificate, one for every country do personnel trust the chip, and can they interpret errors? was it just security theatre? or was the real motivation Automated Border Control?

Questions?

Code for passport terminal and passport available at http://jmrtd.sourceforge.net

40