Lukas Grunwald's
demonstration at Black Hat that RFID passports are
clonable is getting
plenty
of
press.
Really, this isn't at all a surprising result; it was apparent as soon
as you understood how the system was constructed.
It's useful to start from first principles and ask what the
threat model for a system like this is. When you show up
at Immigration with your passport, the inspector wants to
know that:
- There's a person with some set of attributes (citizenship,
criminal record or lack thereof, etc.)
- That that's the person standing in front of them.
Now, in the case of physical passports, these security properties
are ensured via the following features (hopefully):
- Convincing passports are hard to manufacture.
- Passports are hard to alter without leaving evidence
- There's a backend database which you can look up from
the passport number.
- Passports contain biometric information (photographs for
current generation passports) which the inspector can match to
the person in front of them.
Features 1-3 correspond roughly to our first goal. They bind
the user's identity and attributes to the physical passport.
The biometric matches the second goal, binding the physical
person to the passport. Putting these together allows you
to bind the physical person to the back-end attributes, which
is what you want if you are trying to decide whether to let
someone into the country.
Now let's talk about electronic passports. The natural design,
and the one that seems to be being used here is to have the
passport be effectively a digital certificate: a biometric,
a record locator, some attributes, all signed by some national
CA (i.e., the US state department). The inspector scans
the passport, his terminal verifies the digital signature and
displays the biometric which somehow gets verified against
the user. If the biometric is a photograph, then this comparison
is typically done manually. If it's something else like a
fingerprint or an irisprint, then it's done automatically.
In an ideal world, this system works perfectly well. There's
no need to conceal the information on the passport because
the only person who can use it is the person with the right
physical characteristics--i.e., the passport
holder. So, even if you have a copy of the passport it's
no good to you if you're not the right person.1
Unfortunately, we don't live in an ideal world.
The first problem is that this absolutely depends on using
the signed biometric, not the one printed on the passport. Otherwise,
you're just using the physical document again. Thus, in order to get the
security of the electronic passport, you need to have a pretty
substantial scanner—one with a big enough video screen to
compare to people's faces. At some level, it would be better if
the passports were blank so you had to use the scanner.
(Consider what you do if you can't get the scanner to work...
We badly need a human factors stufy here.)
The second problem is that the biometric comparisons aren't very
good. People's ability to match faces to photographs is better
than computer's but it's still not very good, especially when
the photos are up to 10 years old and the verifier is in a
a rush, which they often are. In the case of physical passports,
the (alleged) difficulty in manufacturing a totally new passport provides
a kind of defense in depth: whoever is being admitted needs
to have a passport, even if it's not theirs. Obviously, however,
this situation doesn't obtain if the passport is all electronic and
the data is easily copied.
This brings us back to Grunwald's attack. The new RFID passports
contain a signed biometric stored in an RFID chip. When the chip
is read it just returns the stored value. Obviously, if
you can capture that signal then it's not particularly hard
to make a second device that generates the same signal (what's
called a replay attack).
The only question here is whether that device can be made from
commodity components or whether you'd have to custom-build it
Grunwald's work shows that you can build it from commodity components.
But the general feasibility of this attack has been well known for
a long time.
There are, of course, ways to prevent a replay attack. The standard
technique is to make the authenticator do something dynamic. For
instance, you could make the data stored in the passport chip include
a public key--i.e., be a certificate. The reader would provide
the passport with a challenge, which the passport signs. At
this point, capturing a single response doesn't do the attacker
any good because you can't sign a new challenge. Of course,
you can still clone a passport if you have physical possession
and extract the key (there are hardening techniques, but none
secure enough to stop a dedicated attacker and economical enough
to use on every passport). You can't do it merely from observing
its communications.
The major drawback of this scheme is that it requires doing some
processing on the passport, which the current scheme does not.
That may be a dealbreaker--my impression is that current RFID
tokens can't do any significant amount of processing, and probably
not enough to do a public key operation.2
As far as I know, however, there's no scheme which isn't sensitive
to replay attacks which doesn't involve doing some processing
on the token.
1. There's a direct analogy to public key certificates,
which also don't need to be kept secret.
2. It's possible you could use a symmetric key
printed on the passport and then use a MAC rather than a signature.
The drawback of this is that you can't remote read securely. On
the other hand, if you only want to do remote read for tracking
but local read for authentication...