UK Electronic Passport Cloned

The headline says it all: "'Fakeproof' e-passport is cloned in minutes."

Does this surprise anyone? This is what I wrote about electronic passports two years ago in The Washington Post:

The other security mechanisms are also vulnerable, and several security researchers have already discovered flaws. One found that he could identify individual chips via unique characteristics of the radio transmissions. Another successfully cloned a chip. The State Department called this a "meaningless stunt," pointing out that the researcher could not read or change the data. But the researcher spent only two weeks trying; the security of your passport has to be strong enough to last 10 years.

This is perhaps the greatest risk. The security mechanisms on your passport chip have to last the lifetime of your passport. It is as ridiculous to think that passport security will remain secure for that long as it would be to think that you won't see another security update for Microsoft Windows in that time. Improvements in antenna technology will certainly increase the distance at which they can be read and might even allow unauthorized readers to penetrate the shielding.

Posted on August 8, 2008 at 4:59 AM • 21 Comments

Comments

gregAugust 8, 2008 5:42 AM

Our current NZ passports, on of the first to have the chips, are only valid for 5 years.

But does it matter how long a real passport is valid for .If I can clone and crack them, can't I also set the issue and expiry dates?

Oh and just for the recored my passport chip has only been read once. The readers don't seem that prevalent...And i travel a bit.

salach shabatiAugust 8, 2008 6:31 AM

If you look into the details then you get a very different picture (no pun intended...):
The so-called "cloning" was meaningless for two reasons 1)The e-passport was designed to present a picture and some data without strong security, so transactions will be fast 2)the ability to change the data depends on the fact that the reader doesnt check the full certificate change.
there was som mumbo-jumbo on the ICAO PKD but the fact is that countries just publish their keys on the web so every reader can install them and do a full check.
the answer to cloning, although it is a small risk, is a mechanism called AA (Active Auth.) that is specified in the ICAO standard and was adopted by most of the countries. a clone will be usable only for a look alike anyway.

BobAugust 8, 2008 6:37 AM

Another disingenuous stab at the e-passport.

There IS an issue with relying on chip data over the paper copy BEFORE the digital signature verification is in place - it's easier to forge than the old-fashioned paper copy. The use of RF-ID instead of a contact-based reader is also a valid concern.

But the scheme itself (digitally signed passport data on a chip) once rolled out will be a great improvement over traditional paper-based anti-forgery and I wish people would stop knocking it.

gregAugust 8, 2008 7:06 AM

@salach shabati

I need a better trust path that just plain "published" public keys.. Don't I?

@Bob

The knocks are not at the idea but the implementation. We have a lot of security products that are peddled by security companies that are not secure in any useful way. See the Mifare card story.

Mk IIAugust 8, 2008 7:13 AM

@Bob

Point taken. The question is when will digital signing actually be adopted?

"only ten of the forty-five countries with e-passports have signed up to the Public Key Directory (PKD) code system, and only five are using it."

It's not clear from the article whether the other 35 countries have any intention of adopting this system at all. There was a good discussion about these passports in which "John Gray" explained the strengths of the digitally signed data here:

http://www.schneier.com/blog/archives/2006/11/uk_rfid_passpor.html

I'm sure that some countries like the UK and USA are keen for this system to be adopted but how many of the remaining 43 really care?

Henryk PlötzAugust 8, 2008 7:13 AM

Bruce: "The headline says it all". No. No, it doesn't. And by a long shot.

Cloning passports where the anti-cloning feature is not used is not only not surprising, nor new (this was demonstrated by Lukas Grunwald 2 years ago, and even then wasn't surprising or new), nor particularly useful since you can't alter the data while copying (it's digitally signed, that's called Passive Authentication).

There is a specific, RSA based challenge-response anti-cloning feature (called Active Authentication) specified in the ICAO documents, but most countries don't use it. (Because a) a clone would be of limited use to anybody but the intended passport holder, and b) there is an issue called "challenge semantics" which at least the Germans don't like.) There is even a second anti-cloning feature (Extended Access Control - Chip Authentication) which was designed to counter the challenge semantics problem and will likely be present in most upcoming passport releases.

Also, when you have a digital clone, you still have the problem that you need to get a convincingly forged paper document to embed the clone in, since you can't, or at least shouldn't be able to, write your clone into a real passport, or embed a new chip into a real passport. The conventional anti-forgery mechanisms already work here, so an electronic passport can not be more easily cloned than a conventional one.

However, its protection against modifications is much greater. All data is signed (indirectly) by the issuing country, so you can't change any bit of the data while copying, or invent completely new data. This, of course depends on the signature being checked at read time.

Now, without seeing the Black Hat talk that Jeroen van Beek gave --or his slides, or a recording of the talk-- it's hard to say what he really claimed. Reading the Times Online article and the Black Hat announcement I believe that he neither claimed to be able to write to the actual real passport chips, nor did he claim to have a method of breaking/forging the digital signature. Both of these would be rather surprising and extremely noteworthy.

Instead he seems to have claimed that there are certain, live, passport reading setups that don't fully check the signatures and therefore would be subject to forgeries. While that, if true, certainly is an issue, it is not an issue with the passports themselves but only an operational one, and can be fixed rather easily. (Note that "[...] only ten of the forty-five countries with e-passports have signed up to the Public Key Directory (PKD) code system [...]" is not enough evidence for this claim, since the ICAO specs state that the country signing CA certificates MUST be exchanged via bidirectional diplomatic channels (this is an RFC 2119 "MUST"). The PKD is rather intended for certain third-party applications, e.g. airline checkin points, hotels, etc.)

Clive RobinsonAugust 8, 2008 7:37 AM

The real problem with these E-Passports is that they actually decrease the real security of the person for whom they are issued considerably more than any theoretical increase in security at a boarder.

If you look back in this Blog I have pointed out that the whole RFiD idea is very bad in the past for several reasons.

The first thing is that the RFiD can be detected at close range simply because it takes power out of an RF field to energise it's self.

This is so fundemental to RFiDs that it cannot be prevented by any on chip security features no matter what they are (the only protection is good RF sheilding or a way to detach the chip from it's antenna and also stop the antenna being resonant which is difficult).

You might ask "so what, you can not read any of the data with such a simple system". The answer is it identifies you as a person who is probably carrying a passport. So from a "muggers" perspective you are likley to be carrying much more local money and other high value items than a local.

Secondly it has also been shown that the startup charecteristics of RFiDs manufactured by differnet organisations have different charecteristics. So it is possible that the likley country of origin can be detected as well, again without reading any of the data on the chip.

Further the changes also appear not just from manufacture to manufacture but for different revisions by the same manufacture, so you can probably also tell when the chip was issued and potentialy how long the passport has before it expires.

Further are they actually going to stop terrorists getting alternative identities I think not.

It was shown a year or so ago (for the Gaurdian Newspaper) that it was possible to copy the contents of one passport to another with little or no difficulty. So if you can get hold of the passport of a person who looks like you it is easily possible to copy the contents of their passport into yours, thereby giving you their "official" identity which electronicaly will pass all of the tests.

So as a terorist who needs a new ID they can send somebody out shopping for an ID with a high likley hood of success...

RandyAugust 8, 2008 10:23 AM

Can you eliminate these security threats by simply smashing or microwaving your passport?

I wonder what additional security screen you would endure?

Randy

John CampbellAugust 8, 2008 10:48 AM

So this kind of just backs up E. E. "Doc" Smith's comment that anything a human can synthesize, another human can analyze and reverse engineer. (I wonder how long it will take for someone to name one of the books that explains how to avoid this conundrum when it comes to counterfeit credentials...)

The only way credentials can really work is for pervasive access to a "trusted" data source that can be used to validate the token in front of you...

andyinsdcaAugust 8, 2008 11:00 AM

MC Frontalot said it best when he said:
"You can't hide secrets from the future with math."

SecureAppsAugust 8, 2008 11:08 AM

@Clive:
The radio frequency/output is just as useful as a mugger looking at a persons clothes/jewelry/or some other appearance. And that's cheaper. So, using that as an "issue" is a stretch.

I do agree with the "similar appearance issue". But doesn't that hold true for a paper passport as well?

I suppose you could store a biometric fingerprint in the RFID sequence and require a hand print by the reader as well.

y00bAugust 8, 2008 11:21 AM

@Greg
"...for the recored my passport chip has only been read once"

That you know of!

DaveAugust 8, 2008 12:34 PM

I've been amused by some of the comments here about how the cloning demo was meaningless because of all the magical silver bullets way, way off in the distance where you can barely see them, which would stop this kind of attack. It's all so Microsoft of ten years ago. You can invoke all the vaporware you want to defend e-passports but if the standard reader reference implementation can be fooled by a few minutes of effort then there's a real problem there no matter how you spin it.

Erik NAugust 8, 2008 1:32 PM

IIRC, chip based passports will only hand over sensitive data to trusted readers:

The first gen passports only contain the very same information as presented on the printed page. Hence, weak authentication is required to request data: Just the passport number as mentioned in many previous debates.

Future gen passports will include additional biometric information such as iris scan or fingerprint. But to read this data, the reader must be trusted by the passport. Trust is established by certificates.

The problem is that passports have no online access to validate certificates, and lack an internal clock. IIRC there are some mechanisms for incrementing/setting the clock: The terminal authenticates with it's certificate, if it is valid according to previous clock setting, then the terminal is authorized to increment time. Likewise, revocation lists can be updated.

IIRC these updates are restricted to terminals with certificates issued by the passport issuing country, which means that you should get your passport updated on the way out.

Ross SniderAugust 8, 2008 1:50 PM

I am not very learned in radio frequencies. I don't know how much power you can get out of a radio frequency field, but...

Haven't we already solved replay attacks? Obviously the problem with RFID is that it is passive. Let's work on the assumption it is not.

I see it this way. Your data should be encrypted on the chip. There should be a second layer of encryption that gets added right before data is transmitted. The reason for the first layer of encryption is so that nobody can modify the data on their passport (flash or whatever they use to store it) without getting caught. The second level of encryption (asymmetric - otherwise we'd be giving them our key) is needed because we'll add a timestamp. The timestamp is checked to be within a (half second?) of the correct time. A fraudster would have to replay your data within a very short period and also be able to play it before you. Of course the number of bits we use for the time has to be long - we don't want any integer overflows on our hands.

The time chip has a crystal rated to be accurate for as long as the passport is allowed to be valid. A watch battery should make that last 10 years at least and should be allowed on a plane.

In addition, there is a small button used to close the circuit. Only when that button is pressed with the passive (active now, too) chip going to respond.

Problems I see with this design:
* Synchronization of time. The reader would have to actually know the correct time. Time-zones are not a problem because the standard can agree on one time zone to use. I think it is reasonable to assume reader will be capable of maintaining the time. If an attacker can somehow change the time they can DoS the system. I'm assuming if they can change the system time of the reader they can do a lot more damage too - because they probably have physical access.

* Is an RF field enough to power a chip to do asymmetric encryption with a large enough key size to be realistically unbreakable? :-/

* The extra components (crystal, battery) are going to make the chip larger. Not much, though.

* If this system were used to auth with something like a laptop - things would not bode well if the laptop lost battery and therefore the time unless you have the ability and know-how to reset the mobo time without RFID auth (well it kind of okay - usually they allow a password or RFID).

One final word. Everything should be standardized so that you may not tell the nationality of the chip holder. It's likely looking at someone and hearing them talk should be enough to pinpoint their nationality - but we want to be certain.

Peer review? I don't know enough to say this is a solution.

Davi OttenheimerAugust 8, 2008 5:19 PM

"the security of your passport has to be strong enough to last 10 years."

uh-oh, the more you claim technology is broken, the more i fear you might br right, while being wrong. i see a cheney-esque solution to the "problem".

i mean what if you actually are predicting that citizens will l have to report to identity police and pay for "security patches" on a regular basis?

just imagine a monthly appointment with a halliburton subsiderary to keep your identity secure...

yikes!

Clive RobinsonAugust 11, 2008 9:58 AM

@ SecureApps,

Your two points (in reverse order) are,

"I do agree with the "similar appearance issue". But doesn't that hold true for a paper passport as well?"

"The radio frequency/output is just as useful as a mugger looking at a persons clothes/jewelry/or some other appearance. And that's cheaper. So, using that as an "issue" is a stretch."

The first point, is the real problem with e-ID documents (ie human weakness), the second is where ID dealing will become quite lucrative as a criminal activity.

First problem with e-ID doccuments and the credentials they are contained in is the "weaklink human". So much so that e-ID is probably going to actually weaken security.

Currently the person checking passports will look over the passport with an experianced eye and it takes a reasonable quality fake to get past them.

However with e-ID credentials the employer of the checker has no reason to ensure they can spot a fake paper document any longer. The checker becomes totaly reliant on the "reader" machine as the validator of the e-ID not their own eyes and experiance. Also there will be preasure from the employer to speed up checking as an "efficiency measure" so there will be less and less time for less and less experianced checkers to look for fakes.

Further also in the name of "efficiency" passports will have less and less printed security measures. This is simply because they are expensive to implement and as far as the powers that be are concerned a waste of resources as the e-ID is "mathmaticaly secure and unforgable"...

So within a few years even a quite shoddy fake passport that has a valid chip and cloned signed e-ID documents will get through, whereas in the past the person checking would actually have taken a serious look at the document in their hand and it would not have stood a chance.

So at the end of the day all the e-ID is going to do is actually make the current level of security of the credential less.

Which brings me onto your second point,

It depends on where the mugger is and also what they are after.

In an area where business is the main cause for visitors from abroad it can be quite difficult to tell visitors from locals as the dress style will often be similar (it helps deals go through if you look and act like a local).

Importantly if the mugger is "identity dealing" then the passport is the main object of interest, any money or other easily disposed of valubles are either "extras" or "window dressing" for the stealing of the ID.

The best thing for the ID dealer / thief of the future is that the passport gets returned to the owner with the minimum delay possible.

If the "target" can have their pocket picked, the ID page of the passport photographed and the signed e-ID documents required for cloning read out in a few seconds and the passport put back in the targets pocket without their being aware then so much the better as there is no (real) liklyhood that an alarm will be raised.

Although "Identity Dealing" sounds a little far fetched it is actually currently quite a lucrative business for the likes of "call center staff" in "out sourced" bank operations run in other countries where the 10USD price per solid ID represents a considerable fraction of the daily wage.

Getting copies of signed e-ID documents and a photograph of the ID page of the passport would easily be worth 50USD to an "ID Broker" and have a sell on walue of 500USD or higher.

Finaly "biometric" ID you have to ask yourself a serious question, will it ever actually be reliable or even take off?

Currently just about all proposed methods of biometric (finger print, DNA, eye scan) have significant problems. DNA is not practical due to the length of time to actually check it. Eye scans are seen by Jo Public as being way to physicaly intrusive and have issues to do with contact lenses infection etc.

This leaves fingerprints as the front runner unfortunatly as has been demonstrated on many occasions they can quite easily be forged providing you have a reasonable set of "original prints" to work from (think what you leave on a beer glass, knife and fork or any other ordinary every day object with a clean smooth surface such as a glossy mag, briefcase).

Getting a persons fingerprints without their knowledge is actually not that difficult and simply adds a minor extra hurdle to an "ID dealer / theif".

At the end of the day reliable ID that is efficient in use is a very very difficult if not impossible problem and E-Passports are not even close.

real worldAugust 14, 2008 5:56 PM

My girlfriend applied for and Australian visa on her Italian EU passport and was told by the Italians that it had been cloned!!!! She had to hand it in and has to wait about a year to get a renewal... I don't understand all the tec stuff but if passports are already being canceled because of this then it already is a big problem!!!!
Also you my recall just a few weeks ago they caught someone trying to steal thousand of blank UK e-passports... how many have already gone with out us being told???? eg Italian

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..