Face and fingerprints swiped in Dutch biometric passport crack (anothercard skim vulnerability)

Fri Feb 3 04:00:00 EST 2006

Actually, the international standards for the Machine Readable Travel Documents
(passports, aka MRTDs) are written by the International Civil Aviation
Organisation (ICAO).

Both the US and EU passports comply to the ICAO standards. However, EU
passports will be further protected by a so called Extended Access Control 
procedure. This procedure provides, among others, terminal authentication to
the passport, to reduce the risk that biometric data is read by rogue readers. 

Also, there are many small details in which the passports from different
countries may differ. For instance, the 'RFID' anti-collision identifier used
when setting up a connection between the passport and the reader may either be
fixed or generated randomly for each session. Or, as is indeed the case in the
Dutch passport, the passport number may correlate with the issuing date,
reducing the entropy of the key derived from the Machine Readbale Zone (MRZ).

The "Riscure" attack is based on this correlation; they estimate the remaining
entropy of the data on the MRZ to be roughly 2^35. This MRZ data is used to
derive the symmetric session keys. Their attack works by recording (ie
eavesdropping) a succesful communication session between a passport and a
reader. Then, all possible combinations of the MRZ data can be tried off line
to generate the corresponding session keys and check whether that succesfully
decrypts the recorded session.

Note that straighforward skimming, ie trying to access a passport with a fake
terminal by trying all possible combinations of MRZ data is still impossible
because the chip in the passport is slow to respond; even if you could try one
MRZ access code every millisecond (totally unrealistic), you'd be busy half a
year. This limits the usefulness of the attack a bit.

Also note that an encrypted key exchange like protocol for deriving the session
key from the MRZ access code would also have prevented this attack...

Jaap-Henk

On Thu, 2 Feb 2006 12:37:24 -0500 Adam Shostack <adam at homeport.org> writes:
> On Wed, Feb 01, 2006 at 02:03:10PM -0500, vin at TheWorld.com wrote:
> | Anne & Lynn Wheeler pointed out:
> | 
> | > Face and fingerprints swiped in Dutch biometric passport crack
> | > http://www.theregister.co.uk/2006/01/30/dutch_biometric_passport_crack/
> | 
> | Didn't the EU adopt the same design that the US uses?
>
> Passport standards are written by the International Air Travel
> Association (IATA).
>
> | Am I right to presume that the passport RFID chip used by the Dutch is the
> | same -- or functions the same -- as the one used in the new US digital
> | passports?
> | 
> | >From what I've read, it seems that the sequential numbering scheme the
> | Dutch use on their passports may have made this attack easier -- but it
> | was already feasible, and will be against the passports of other nations
> | which did not so helpfully minimize their obfuscation technique with
> | sequential numbering?
> | 
> | Anyone got more details than those offered in the Rinscure press release?
> | Thoughts?
>
> The papers explain the attack in fair detail.  I blogged every useful
> linksI could find a few days ago at
> http://www.emergentchaos.com/archives/002355.html, and there's more
> links in comments.
>
> Adam
>
> | _Vin
> | 
> | 
> | >
> | > The crack is attributed to Delft smartcard security specialist Riscure,
> | > which explains that an attack can be executed from around 10 metres and
> | > the security broken, revealing date of birth, facial image and
> | > fingerprint, in around two hours.
> | >
> | > .. snip ..
> | 
> | 
> | ---------------------------------------------------------------------
> | The Cryptography Mailing List
> | Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
>
>

-- 
Jaap-Henk Hoepman           |  I've got sunshine in my pockets
Dept. of Computer Science   |  Brought it back to spray the day
Radboud University Nijmegen |        Gry "Rocket"
(w) www.cs.ru.nl/~jhh       |  (m) jhh at cs.ru.nl
(t) +31 24 36 52710/53132   |  (f) +31 24 3653137

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com