e- passports Erik Poll Digital Security Group Radboud University Nijmegen

Transcription

1 e- passports Erik Poll Digital Security Group Radboud University Nijmegen

2 Overview e-passports functionality and security mechanisms problems, so far 2

3 e-passports e-passport contains RFID chip / contactless smartcard in Dutch passports, a Java Card chip stores digitally signed information: initially just facial images (photos) also fingerprints later maybe iris aka biometric passport or MRTD with ICC/chip introduction pushed by US in the wake of 9/11 to solve what problem?? e-passport logo 3

4 machine-readable passport e-passport NB possible confusion! MRTD = Machine-Readable Travel Document just has Machine Readable Zone, the MRZ, which is readable with OCR MRZ 4

5 Similar & related e-id initiatives Nederlandse Identiteitskaart (NIK) conforms to e-passport specs original plan was to also have digital signature functionality; eg Belgian & German e-id cards have such functionality New Dutch driving license conforms to the very similar ISO15018 spec for for electronic driving licenses German npa neuer PersonalAusweis adds privacy-friendly age verification by private keys shared on a batch of cards having 5

6 Very different e-id initiatives US Passport Cards and US Enhanced Drivers License (EDL) Contain simple RFID tag that simple broadcasts a fixed ID number readable at larger distances than ISO14443 passport tags 6

7 Apps & software for e-passports NFC apps to read out passport eclown app by Jeroen van Beek ReadID app by Innovalor Open source for terminal & JavaCard passport applet: 7

8 Protocols & standards ISO defines physical communication for RFIDs ISO 7816 defines standard APDU commands & responses ICAO standard for e-passports defines specific IS commands & responses for passports additional EU standards standardise optional parts of ICAO specs define some additional advanced security mechanisms on top of ICAO specs 8

9 European Electronic Passport Facial images: deadline 28 August 2006 Fingerprints: deadline 28 June 2009 protected by additional security mechanism, extended access control Participants: all members except UK, IRL, NOR 9

10 e-passports & authentication authentication of data authentication of the chip authentication of the terminal why? how? authentication of the passport holder how? passport data: age, height, gender,... facial image, fingerprint, iris signature 10

11 Biometrics of passport holder Facial image (DG2, ISO ) JPEG or JPEG2000 image Optional feature points (e.g. eyes) Fingerprint (DG3, ISO ) as WSQ, PNG, JPEG or JPEG2000 How to indicate the fingerprint cannot be enrolled? Iris image (DG4, ISO ) NB one would prefer not to store the raw biometrics, but some (hash of) derived info (aka template). Why? How? 11

12 Security mechanisms Passive Authentication (PA) digital signed data on passport chip Basic Authentication Control (BAC) access control to chip, to prevent unauthorised access & eavesdropping Active Authentication (AA) chip authentication, with challenge response, to prevent cloning Extended Access Control (EAC) chip and terminal authentication ICAO mandatory ICAO optional, EU mandatory ICAO optional EU only, mandatory for 'advanced' biometrics, ie. fingerprint & iris 12

13 Passive Authentication passport chip consists of 16 data groups (DGs) DG1 MRZ DG2 face DG3 finger DG4 iris... DG15 Active Authentication... and a security object SO, signed hash values of the data groups To check the signatures, terminal needs country signing certificates Passive Authentication mandatory on all e-passports 13

14 Basic Access Control (BAC) Contactless interface is both advantage and disadvantage BAC allows to read the data only after reader authentication: reader proves knowledge of the MRZ of the passport The authentication key is derived from document nr, date of birth, date of expiry BAC is ICAO optional (recommended) feature, in EU mandatory Interoperability issue How to find out the passport is BAC-protected? try & you find out 14

15 Basic Access Control (BAC) protects against unauthorised access and eavesdropping optically read MRZ Machine Readable Zone send MRZ receive additional info encrypted & MACed 15

16 Driving license chip uses similar trick, but with a QR code instead of MRZ 16

17 Alternative: Faraday Cage protects against unauthorised access, but not eavesdropping used in US passports, initially instead of BAC 17

18 Active Authentication (AA) protects against passport cloning (which BAC & PA don't) ie authentication of the passport chip public key, signed by government (DG15) send challenge prove knowledge of corresponding private key encrypted & MACed, using BAC channel 18

19 Possible drawback of AA: challenge semantics Passport chip that supports AA will sign any challenge Terminal could choose challenge c with some semantics eg. c = Sign(SK terminal, ID passport ++ date ++ location) card replies Sign(SK passport, c) Can be useful eg. unfakeable log of entry to the country but do we want it? Reason for German passport not to support AA NB AA should be protected by BAC, to mitigate this issue This can be prevented by not using a challenge signed by an asymmetric key, but using asymmetric crypto to establish a shared secret symmetric key that is used for MACs, as EAC uses 19

20 Different ways to do authentication 1. Fixed shared key (symmetric or assymmetric, possibly diversified) A -> B : Encrypt(K, random id A ) B -> A : Encrypt(K, random id B ) 2. Shared key echange via asymm. crypto A chooses random key K A -> B : Encrypt(PublicKey B, K) B -> A : MAC(K, id A id B ) 3. Signature-based authentication A -> B : challenge B -> A : Encrypt(SecretKey B, challenge id A id B ) Challenge semantics only possible with 3, because signature in 3 requires assym. SK B key that only B has 20

21 Extended Access Control (EAC) includes authentication of terminal by passport why would we want this? protect acces to privacy-sensitive information, esp. fingerprint, eg at hotel check-in how would we do this? some terminal certificate and a PKI ISO 7816 Card Verifiable (CV) certificates used rather than X.509 public key certificates. 21

22 Extended Access Control (EAC) Practical problems Certificate issuance is a hassle Each country has to issue certificates to every other country to let them read passports of its citizens Certificate expiry is tricky Passport does not know date to check certificate expiry Solution: passport uses the issuance date of trusted terminal certificates to approximate the current date Certificate revocation is essentially impossible How do you revoke a terminal certificate on all passports? Solution: short-lived certificates for terminals 22

23 Extended Access Control (EAC) Two phases Chip Authentication replaces AA; starts Secure Messaging (SM) with stronger keys using PACE protocol (Password Authenticated Connection Establishment) Terminal Authentication uses traditional challenge-response: terminal sends certificate chain to chip chip sends challenge terminal replies with signed challenge 23

24 Extended Access Control Chip Authentication chip -> terminal: PK passport terminal chooses ephemeral DH key pair (SK temp, PK temp ) terminal -> chip: PK temp chip and terminal compute shared symmetric key K K = KA(SK passport,pk temp ) = KA(SK temp,pk passport ) and derive session keys for encryption K enc and for MACing K mac 24

25 DG Content read/write mandatory / optional acccess control DG1 MRZ R m BAC DG2 Face R m BAC DG3 Finger R o BAC+EAC DG4 Iris R o BAC+EAC.. R DG14 SecurityInfo* R o BAC DG15 AA public key R o BAC DG16 SO Security Object R m BAC R *ANS.1 data structure indicating support for Chip and Terminal Authentication, and defining. Chip Authentication Public Key 25

26 problems with passports, so far...

27 Recall: passive vs active attacks on RFID passive attacks eavesdropping on communication between passport & reader possible from several meters active attacks unauthorised access to passport without owner's knowledge possible up to 50 cm activating RFID tag requires powerful field! 27

28 Possible problem: fixed UIDs Normal ISO14443 tags sent a fixed UID as part of the anticollision protocol. This would allow tracking of individual passports ISO14443 also allows random UIDs, which start with 0x08 Some countries still used fixed UIDs (eg Italy) First batch of Dutch passports did not have truly random UIDs, as 2 bits in the random UIDs are always the same... 28

29 Problem with BAC: low entropy in MRZ MRZ key based on passport number, expiry & birth dates Passport numbers typically issued in sequence, so low entropy, and strongly correlated with expiry date 3DES max 112bit, BAC max 56/74bit, in practice Hence: off-line brute force attack on eavesdropped traffic is possible [Marc Witteman & Harko Robroch, 2006] First discovered for Dutch passport, but other countries had the same problem Solutions: changing the key derivation procedure was rejected by ICAO for compatibility issues not handing out passport no's in sequence; note this introduces organisational & operational complications 29

30 Throttling BAC attempts Additional measure to beak BAC by brute-forcing MRZ: slowing the card down after incorrect BAC run waiting for 1 second after a wrong BAC session means a bute force attack takes years Flaw in test version of one country s passport: 29 seconds delay which is effectively a Denial-of-Service... Is brute-forcing the MRZ online a realistic attack scenario anyway? 30

31 Problems with first Belgian passports First generation of Belgian passports ( ) did not support BAC MRZ (DG1) skimmable in fraction of a second; all passport info in about 10 secs These passports also provide additional info not required by ICAO, incl. place of birth digital version of handwritten signature Also, same problem with low entropy of MRZ as Dutch passports 31

32 Problem with test version of Dutch passport Dutch passports contain a JavaCard JCOP chip, produced by NXP, which can provide MIFARE Classic emulation Chips used in test-batch of the passport did provide this MIFARE functionality, using the default factory keys! So ov-chipcard or RU access card can be cloned onto such chips In the real passport, MIFARE emulation was switched off 32

33 Implementation flaw in Italian passport BAC starts with the terminal requesting an 8 byte random number GET_CHALLENGE instruction with argument P1 equal to 8 What if the terminal requests fewer bytes of random data? Passport will supply shorter random N, and run protocol for N padded with all zeroes This allows a MitM attack... [Luigi Sportiello, Weakening epassports through Bad Implementations, RFIDSec 20123] Not a practical attack scenario, but it shows how easy implementation mistakes are! 33

34 Another problem: Spot the security flaw BAC protocol 1. terminal -> passport: GET_CHALLENGE 2. passort -> terminal : nonce 3. terminal -> passport: (m, MAC MRZ-key (m)) with m = encrypt MRZ-key (nonce) 4. passport checks MAC, decrypts m, checks nonce Possible implementation mutualauthenticate(apdu apdu) { } if (!checkmac(apdu, K)) N = decrypt(apdu, K); if (myn!= N)... // return OK ISOException.throwIt(SW_WRONG_MAC); ISOException.throwIt(SW_WRONG_CHALLENGE); 34

35 Information leak/timing attack mutualauthenticate(apdu apdu) { if (!checkmac(apdu, K)) ISOException.throwIt(SW_WRONG_MAC); N = decrypt(apdu, K); if (myn!= N) ISOException.throwIt(SW_WRONG_CHALLENGE);... Possible information leakage through different responses for wrong MAC and wrong nonce different response times for wrong MAC and wrong nonce After having eavesdropped one successful BAC session for a passport, attacker can replay it to detect that unique passport: because the MAC will be correct, but the nonce will be wrong, for that unique passport 35

36 Problems with terminals Lukas Greenwald reported some terminals crashing with a buffer overflow on malformed JPEG missing input validation, as usual... Jeroen van Beek (UvA) reported some terminals failing to check digital signatures correctly ICAO specs somewhat tricky eg will terminal spot a clone of a passport that says it does not support AA? 36

37 bla 37

38 Problem: determining passport origin Error messages of the card provide a fingerprint that is unique to the manufacture BSc thesis by Henning Richter in Nijmegen 38

39 Errors can leak information An Error Has Occurred. Error Message: System.Data.OleDb.OleDbException: Syntax error (missing operator) in query expression 'username ''' and password = 'g''. System.Data.OleDb.OleDbCommand.ExecuteCommandText ErrorHandling (Int32 hr) at System.Data.OleDb.OleDbCommand.ExecuteCommandText ForSingleResult (tagdbparams dbparams, Object& executeresult) at 39

40 Fingerprinting passports All e-passports react the same to correct protocol runs... But what about incorrect ones? Eg commands out of sequence eg B0 (READ BINARY) before completing BAC commands not in the ICAO specs at all eg 44 (REHABILITATE CHV) commands with silly parameters 40

41 Example commands & responses Commands sent to card include 1 instruction byte, eg A4 SELECT FILE B0 READ BINARY 84 GET CHALLENGE 82 EXTERNAL AUTHENTICATE... Responses from card include 2 bytes status word, eg 9000 No error 6D00 Instruction not supported 6986 Command Not Allowed 6700 Wrong Length... Defined in ISO7816, re-used in ICAO specs 41

42 Example responses to B0 instruction B0 means "read binary", and is only allowed after BAC response (status word) meaning Belgian 6986 not allowed Dutch 6982 security status not satisfied French 6F00 no precise diagnosis Italian 6D00 not supported German 6700 wrong length 255 other instructions to try, and we can try different parameters... 42

43 Fingerprinting passports Response to strange inputs provides unique fingerprint for ten nationalities originally tested Australian, Belgian, Dutch, French, German, Greek, Italian, Polish, Spanish, Swedish The fingerprints depends on implementation choices in the software 4 commands suffices to distinguish between these nationalities. The response to instruction byte 82 identifies Australian, Belgian, French, and Greek A4 identifies Dutch and Italian 88 identifies Polish and Swedish 82 with different parameter identifies German and Spanish Code to do this is very simple & very fast 43

44 The small print in the specs "A MRTD chip that supports Basic Access Control must respond to unauthenticated read attempts (including selection of (protected) field in the LDS) with Security Status not satisfied (6982) [PKI for machine readable travel documents offering ICC readonly access, version 1.1. Technical report, ICAO, Oct 2004.] but what constitutes a "read attempt"? 44

45 More fingerprinting possibilities passport application operating system smartcard hardware Our approach fingerprints the passport application so upgrading hardware or OS won't affect it Fingerprinting may be possible at other levels, eg OS hardware 45

46 More fingerprinting possibilities ATS (Answer To Select) sent by RFID on activation to indicate eg supported data rate, but also operating system version (in "historical bytes") New Zealand passport sends "JCOP41V22", so it's an NXP JCOP card, version 4.1, running Java Card 2.2 Other OS behaviour first Dutch passport recognisable as Java Card, as it supports Global Platform Physical characteristics power consumption, response times,... 46

47 Countermeasures to fingerprinting Better specs clearly prescribing standard error responses or, all countries could simply use a common open source implementation eg our Java Card implemententation [ but infeasible to do now, once specs & implementations exist Metal shielding in passport cover (Faraday cage) defence-in-depth 47

48 Abuse cases for fingerprinting? Passport bomb triggered by a specific nationality Selection of potential victims by passport thieves Fortunately, limited range for active attacks reduces any serious threat Also, there may be easier ways to detect nationality... 48

49 Technical things that go wrong: defects Some issued passports have defects so that fail to meet the standard, eg Wrongly calculated hashes Encoding of certificate fields: printable string UTF8 Wrong identifiers in certificates Printed MRZ data not matching the one stored in the chip Truncated photos Some countries have warned others about passport batches with known defects International discussions about standard format for defect lists to report such defective batches so that terminals can be configured to supress the false warnings for these passports 49

50 Organisational hassle How reliable is the issuance process? Someone obtained a Dutch ID card with a picture of himself as the Joker from Batman Fingerprints not checked when you pick up your passport, because of hassle with false negatives Few countries bother to read the chip on a regular basis? Exchanging certificates (bilaterely via diplomatic post!) is a big hassle Fewer countries use fingerprint data is quality of fingerprints info really good enough? yet more certificate hassle, as terminal have to be equipped with a short-lived terminal certificate, one for every country Do personnel trust the chip, and can they interpret errors? 50

51 Conclusions

52 Questions What are the problem solved or the security benefits of the e-passport? passports harder to fake colour hi-res JPG makes look-alike fraud harder than the small B/W passport passport photo Potential problem/opportunity: function creep? Esp. recording fingerprints Lots of political discussion in the Netherlands on a national fingerprint database with data from all citizens 52

53 Was it just security theatre? The real motivation? Was the real motivation Automated Border Control? 53

54 Unplanned use for authentication? Active Authentication can be used for authentication in other settings, eg login to computer access to a website Remote (and hence unsupervised) biometric authentication using the passport is of course not secure 54

55 Questions? Code for passport terminal and passport available at 55