Eric Moechel's comments on the Times article

Ross Anderson ukcrypto at chiark.greenend.org.uk
Fri, 08 Aug 2008 09:09:02 +0100 

Eric asked me to post this to the list; he trid and it bounced

Ross

From: q/marauder <marauder@quintessenz.at>
To: ukcrypto@chiark.greenend.org.uk

James Firth wrote:
> The Times: Cloned e-passports fiasco renews calls for £4.7bn ID card scheme
> to be axed
>
> http://www.timesonline.co.uk/tol/news/politics/article4474143.ece
>
> "After The Times disclosed that new passports could be cloned and
> manipulated in minutes and would then be accepted as genuine, MPs also gave
> warning of serious implications for the security of the Government's £4.7
> billion identity card scheme."

Both articles on the "cloning" of British passports show a decent amount
of flaws in reporting.

http://www.timesonline.co.uk/tol/news/politics/article4474143.ece
http://www.timesonline.co.uk/tol/news/politics/article4474143.ece

- - There was no passport cloning but "passport invalidating". And that
could only work because the British have the worst security
implementation in the passport RFID system EU-wide. That is because they
were AFAIK the earliest adapters in EU.

There is no active authentication in UK passports yet AFAIK  which is
crucial for preventing cloning the data to another RFID. Works with an
embedded secret key on a non readable zone on the chip. The first info
the reading machine gets is a public key that is used to encrypt traffic.

The secret key hidden in the RFIDs hardware is used to decrypt that. So
you may get access to the data, you can copy them and put them on
another chip. But that will be discovered immediately when controlled by
a passport reader. There can't be any communication between clone chip
and machine. The clone chip does not have the embedded secret key to
decrypt the initial data. "Active authentication" is mandatory here in AT.

 - similar in the "Osama" case. ICAOs "golden reader" is just a tool to
test chip _functionality_. They are introducing a wholly new standard,
so the problem is interoperability. The "golden reader" _does not_
perform security checks, it is not a passport reading machine that can
verify a signature.

If the young person with Bin Laden's image on the chip travelled to
Austria the passport would show up as compromised by the reading
machine. Bearing. an another signature than the so called "Country
Signer Certificate" from UK.

- - Here we are at the PKI/PKD question. Austrian federal printing agency
 officials told me yesterday that they have long exchanged keys with the
British. A PKI/PKD would be practical to have, but the whole thing works
as well bilaterally they said.

Public keys are exchanged on diplomat channels, via couriers. Germany
showed open reservation to a PKI/PKD, Austrian officials just said they
were currently not participating and would not comment on the future.

Such a global database - hosted in Singapore - is not such a good idea,
quite many in Europe should think. Imagine if somebody managed to upload
a certificate that looked like one of the [inevitable] follow-up
certificates of - say - the Federal Republic of Germany. But belonged to
the  Democrat Republic of Transnistria or somebody else?

Otherwise I am not happy at all with a technology that is based on
shortwave communication such as the passport chips. There is a very
simple, effective, cheap and dirty attack scenario possible on an
ancient analogue layer.  ;)

For those who read German here are more details

Äpfel, Birnen, Pässe und Bin Laden
http://futurezone.orf.at/hardcore/stories/298481/

cu

Erich M.