Saturday, November 18, 2006

RFID Passports Cracked

It seems that the new uber-secure RFID Passports issued by many European countries after pressure from the U.S. are not that secure after all.

RFID Passports are ordinary-looking passports containing, besides the "human readable" information and authenticity signs, a Radio-Frequency Identification Chip which stores all printed information (and more) and transmits them to wireless readers used at Border Control. The reason for the chip's existence is that it is considered (or at least was) impossible to copy or forge so that even if a malicious person managed to reproduce the actual document he would never make it in producing a valid chip to complete the passport.

So one could ask "what if I buy an RF Reader for $9.99?". Well, authorities are using the 3DES encryption algorithm to encrypt the information on the chip. It is currently considered an above average method, providing 112 bit effective security.

The problem starts with the (known) fact that three public pieces of information are used to build the encryption key: (in the exact order) the passport's serial number + the owner's birth date + the passport's expiry date. So... you don't have to attack the encryption! Just find out (pretty easily) that kind of information and you have yourself the actual encryption/decryption key. Then you can go home, in your garage and clone or modify the chip's contents.

This is very much disturbing since the whole purpose for the new passports was the security provided by that chip but it turns out there are a few wide cracks in it.


Another problem with these passports is that they transmit in the air and that they are (normally) unique. So... one could identify you by placing an RF Reader inside a dumpster that you walk by every day. And maybe place a bomb inside that would go off if you and only you be in proximity.

Of course, official authorities have issued passports sleeves that act as "RF shields". According to this the chip cannot be read from inside that sleeve and you only take it out just before the police checkpoint. Well, it has been demonstrated that even then, the chip can be read. You just have to be really close to the subject. Doesn't seem like a problem when you are packed up against each other in a crowded area like the subway or a huge waiting line in the airport.

To sum up, current government efforts to control foreigners in their countries seem like panicked maneuvers of a nation under attack. If they feel that way, then somebody should admit it and then maybe we can all go home at toss those e-passports away (maybe shred them and burn them just to be safe).

And for the last time, just leave cryptographers to deal with cryptography issues!

Committee members are excellent at screwing it all up.


No comments: