Comments

JJSeptember 9, 2010 7:32 AM

FYI, the following response was posted to the FIRST discussion mailing list about a week ago:

The article is a bit short, so here goes some relevant background info that is available on the German media already. I'd link to the press articles, but they are in German only up to now.

The BSI (Federal Office for Information Security) distinguishes between three classes of card readers. Only the two classes that have integrated PIN-pads are considered secure in conjunction with the ID card. Citizens are advised to only use these secure card-readers with PIN-pads. However, the "hacking" event in the TV show used a card reader without PIN-pad. Thus, it follows trivially: if the PC is trojanized and the PIN is entered on the PC, the trojan can collect the PIN. However, the information on the ID card cannot be read by a trojan on the PC, as the connection is encrypted end-to-end from the card-reader to the remote provider.

So the scenario comes down to this:
- IF a citizen dismisses the warning not to use a basic card reader without PIN-pad, AND
- the computer is trojanized with a keylogger, AND
- afterwards the attacker steals the physical ID card,
- THEN the ID information is endangered.

Regards
Timo Steffens

i.A. Dr. Timo Steffens

Wes PSeptember 9, 2010 8:03 AM

Yea, not entirely surprising. But the recommendation to use a specific card reader makes me pretty certain the designers of this card know about the potential security problems.

goomSeptember 9, 2010 8:05 AM

Take another deal. Firstly, this is new way to do cyber criminal schema. In cyber space nothing exists like nano-screeners, tracing witness or any old, well-recommended ways to got true. Imagine, that you are victim of manipulation with those IDs. How you protect yours innocense? How they aprove your to jail? How many money must be granted to cyber-police?

IronCancellerSeptember 9, 2010 8:27 AM

Actually, as indicated in the first comment, the *only* thing shown is that card readers without a keypad are insecure.
Nothing more, nothing less. And not really surprising, either.

While I'm fairly certain that the information on the card *can* be hacked, it's a question of how much effort is needed. And so far, it looks like hacking is infeasible in any realistic scenario.

RADARSeptember 9, 2010 8:29 AM

the chip is refered to as RIHD which I will google but it seems like a reference to rfid, which is a technology that has a lot of myth about it.
If you carry three or more rfid markers, and some day you will, when they are built into shoes and clothes for inventory tracking and other purposes, the combination of the identifications could be used to track you in a very difficult way, the tags have to be quite close to the reader, There are rfid tags that can be read at a greater distance and these are found on connex's (container for export) and rail road cars, trucks etc. but these are some what larger and not the sort of thing you would put in a wallet. The small ones like HID keys to doors etc have to be quite close to be read, and only carry simple data. One news article I read this morning about 4 al queda types that got out of a prison in iraq, supposedly in "american" custody, recieved the comment that the prisoners should have been injected with the type of tag that is put under the skin of some pets, with the commenter saying that they could then just track them, but no, it dosent work that way, you can only put a few traps up that will register when they pass some checkpoint.
its the 417 barcodes that carry a load of personal information, and these have to be scanned in a reader.

goomSeptember 9, 2010 8:48 AM

@IronCanceller

Take Bruce main page down, and you must see humble opiniion, that money always had more priority, than secuirty.

And, I agree with possibility of cloning everything. May be chip of some magnat will be protected better? And what's about fingerprint security? I'm not understand piece of security, but those must be present.

TordrSeptember 9, 2010 8:59 AM

@JJ Thank you for the additional information.

What worries me still is the following:
Any malicious hacker could set up card reading equipment and boost the card reading range. If that was done in some public place, where lost of cards passing by. Then the computer connected to the reader could just try random PINs on unsuspecting people.

Let us assume 33.333 people passed the reader before it was detected/removed and the reader could test 3 PINs. Then one of 2 things would happen:
-If the card locked after 3 wrong PIN attempts, then the hackers would just get the private details from 1 card, but would create 33332 locked cards (an effective DoS attack).
-If the cards do not lock after 3 wrong PIN attempts then they would still only get the details from 1 person, but the attack would be virtually undetectable.

goomSeptember 9, 2010 9:12 AM

And you will have money till transaction be rolled back. And you give 33.333 mistakes that could reach you.

ChrisSeptember 9, 2010 9:39 AM

Two facts:
1. The card reader without a keyboard has a limited capability and cannot be used for electronic signatures.

2. The data is not stored in an RFID chip but in a microprocessor which uses RFID technology just for communication. Unless you provide a valid certificate, the chip won't even talk back to you. So boosting the reading range will not make it easier to read any information off the chip.

http://www.ccepa.de

I am as skeptical as the next Schneier-reader but I'm going to get me one of those ID cards as soon as they are available! (Disclosure: I am not involved in the new ID card system in any way)

Marsh RaySeptember 9, 2010 9:48 AM

I realize the transactions are _intended_ to follow a different protocol, but what prevents bad guys from simply gluing a PIN pad onto their own insecure reader? So this advice "Citizens are advised to only use these secure card-readers with PIN-pads." doesn't seem very helpful, unless citizens are somehow providing their own readers. Unless the citizen is unable to perform a thorough (and possibly destructive) security evaluation of each reader he cannot determine the legitimacy of the PIN pad. So this advice seems basically useless.

Clive RobinsonSeptember 9, 2010 10:30 AM

There is to little information to say if the cards are vulnerable at the card-reader interface.

As has been pointed out above a crook can just add a keypad that talks back to a PC etc, so telling ordinary citizens "don't use a non keypad" reader is a very pointless excercise at best, and makes ordinary citizens fully vulnerable at worst.

As for saying the card "won't respond" without a proper chalenge, I deam that unlikly at the lowest stack levels (ie the physical layer). The question then becomes what information other than a card is present can be elicited.

At the next level up the stack there has to be a data chalenge from either the reader or the card. The normal way to do this would be for the card to anounce it is present and powered up in some way. At some point in the initial transaction either the reader or the card will have to issue some kind of unique identifier (hopefully just for the transaction) otherwise partial replay attacks become possible.

Now systems designers should know all this but we still see systems being put in the field where it becomes possible to get a unique identifer for the card, which is as good as having your social security number tattooed on your forehead.

Also is the little discussed "propriatary" test modes. When a chip is manufactured it's functionality has to be tested either these "secret modes" get left in or they have to be disabled some how once the chip is deamed sufficiently OK to go into service. The question then becomes are their fault injection techniques that can either partialy excercise a test mode or fully re enable it (if it ever actually gets disabled in the first place).

The prize for finding out such things can be "fame" for an honest person or potential a lot of money for a dishonest person. who knows how to capitalise on such knowledge.

It's why the design and implementation of ID cards like voting machines should be fully open right down to the chip mask level.

IronCancellerSeptember 9, 2010 11:17 AM

There seems to be a misconception floating around: The card readers will primarily be located in to places:
- citizens' homes, e.g., for home banking or submitting tax statements
- government offices, e.g., for standard identity verification

I can't even imagine why such a reader would be placed in a non-supervised environment.

IronCancellerSeptember 9, 2010 11:38 AM

@Jess: Citizens' homes are secure, or supervised, in the sense that an attacker cannot easily replace their card readers.
Why would they need to be security experts for that?

IronCancellerSeptember 9, 2010 11:43 AM

@goom: I don't see your point. Maybe you could clarify?
Also, how would you propose implementing a special solution in a standardised process like this? Not to mention of course that there are no "special" citizens in Germany - at least not with respect to the government - who might get special treatment...

BrianSeptember 9, 2010 12:48 PM

Its so pathetic. This can be done safely, but instead, someone sees a dollar figure and says 'well, I don't know how to hack it, and most people don't, so its safe'. Its not bloody safe.

RandonWalkSeptember 9, 2010 12:59 PM

The PIN is a secret. Any hardware that processes a secret in the clear must be trusted. If cards like this are used in commerce, sooner or later someone will produce a counterfeit reader that steals the secret. In my view, the only general solution is that the entire card and PIN entry device (i.e., the reader) must be provided by the card holder. Think of a smart card with keys on it for PIN entry, like a miniature calculator. Of course, to trust such a card + keypad device, the design must be fully open for verification, along with a chain of custody from the trusted manufacturer.

IronCancellerSeptember 9, 2010 1:03 PM

@Brian: Er, have you read any of the comments, or the original article?

Granted, the headline is very misleading (at best), so let me state it clearly:
The ID card has not been hacked!

Of course it's "hackable", that's almost a tautology, but so far there is no (realistic) hack.

Oh, by the way, I'm not in any way involved with the new ID cards, and I don't plan on getting one any time soon, not until it has been thouroughly "field-tested".
I just don't want to let the unjustified criticism stand, because it will get in the way if/when any justified criticism comes up.

ThomasSeptember 9, 2010 1:05 PM

Requiring just a card/RFID-reader without keypad + screen is just not state-of-the-art...

It is imho not responsible to propose such a solution because 'it-is-cheaper' nowadays, when the better alternative costs just a few bucks more!
German banks offer for electronic banking (HBCI) only card terminals with pads and own screens (class-2/3), which is in widely used -- so one could expect, that the users would be able to use an external token correctly.

Furthermore the upcoming German ID card is supposed to work as some kind of swiss army knife for all kinds of 'electronic things', e.g. identification for customers & traders, age identification for web pages etc. -- all kind of commercial things beyond the scope of a 'pristine' ID card.

Oh well, initial costs vs. probable damage costs...

Nick PSeptember 9, 2010 1:29 PM

NSA's combination of trustworthy devices, CAC card, crypto ignition key, and EKMS system are a very good way to handle identity and secure connections. Secure external devices, connected with non-DMA hardware, with card reader, PIN pad, and a decent screen to show what one is signing is a decent approach. However, the technology outlined in this article may suffer from a number of flaws.

For one, people keep saying the attack only works on the weakest model and hence is invalid. That argument is invalid because many people will do the minimum or be lay people who see "approved device" on the label and figure its safe. Their trust model essentially relies on the weakest link to support the integrity and authenticity of their data. That's a laughable approach. If the government was serious, it would mandate the secure readers.

The next attack is when this technology ends up outside of the home and government offices, which is likely. Many tech's designed for government ID end up in the commercial sector, esp. retail and identity management. In any of these environments, there is a risk that the reader could be replaced with a counterfeit one that logs the PIN and alters the data to be signed. This is already happening with European smartcards: why would this one be any different?

And to those that think a home device is "supervised" or "safe": quit being stupid. If you don't matter to crooks, then sure you're safe. Burglarizing a home, even undetectably, is pretty straightforward and many crooks would find replacing a wealthy person's reader with a counterfeit to be a worthwhile exercise. Combined with a trojan, their bank accounts could be slowly siphoned off without them realizing it. There are other potential targets, but I'd rather not give crooks more ideas. Sophisticated attackers are already doing real-time transaction mods on people with two factor authentication. My version is merely an extension of the attack and it's still just two factor. ;)

The final weaknesses would be on the card itself. This attack will require some sophistication to pull off. So far, most "secure" smart cards and chips have been easily hacked by the likes of Ross Anderson's *undergraduates* using affordable lab equipment. Can this card prove its the first that isn't vulnerable? (hint: lol) Scenario: authorization manager at major bank looses his wallet; its returned a few hours later by good samaritan; during those hours, an undergrad extracted the secrets and put it on a reprogrammable counterfeit; his PIN is observed on a small video camera; the bank proceeds to authorize millions of dollars of transactions going to an investment in Nigeria. Can it be done? Technologically, yes. Anyone doubting that kind of money-moving can be initiated by one man should look at the Brazilian bank that lost several hundred million in a Nigerian scam.

http://www.assetrecovery.org/kc/node/...

Bruce BSeptember 9, 2010 1:51 PM

Other attacks are a hacked cardreader that captures the PIN, and a camera that captures the PIN as the user enters it

Still, the card is two-factor authentication. You need the card and the PIN. So what's the big deal? It's like any other smartcard.
And it's much more secure than any credit card in the US.

The one I played with (MUSCLEcard) still kept the private key encrypted inside the card, and it used this to authenticate itself to a remote machine. To improve this, you could use biometrics performed inside the card instead of a PIN to authenticate the owner. I've seen one example of this. But this can be hacked as well. Matching the PIN on the card is obviously much easier.

The other problem is that tools to work on smartcards are becoming proprietary and closed. The JCOP plug-in for Eclipse is no longer available or supported, for example.

JessSeptember 9, 2010 2:13 PM

@IC: See Nick P's comprehensive comments, but if I understand correctly, the home no-keyboard readers would be hooked up to the user's computer in order to use its keyboard? (If they don't use keyboards at all at home, that would imply either that the protocol doesn't require PIN knowledge, in which case WTF?, or that the home reader is somehow linked to the card, which would be an admin nightmare.) When you hook to a computer and its particular ecosystem of viruses and malware, all "supervision" goes right out the window.

JJ said there is an end-to-end secure connection between reader and the remote host. That seems to imply certs of some sort. Did they make the same error that other hardware people have, and make one key for each model of reader? What provision is there for key repudiation? How many days until the bad guys have obtained every model of reader and extracted all the keys they need? At that point, when a reader receives info from the remote host, an attacker can eavesdrop. (I'm not sure if eavesdropping can occur in the other direction; that depends on details that aren't provided.) Does the overall security of the system depend on the secure channel between reader and remote host? If an attacker has one side of the conversation, can he replay it? Would this allow him to attack a reader he owns in isolation with chosen plaintext? How long would such attacks have to continue before he has enough key knowledge to spy on the other half of the conversation? (I think at that point he doesn't need physical possession of a card anymore, just malware on the client computer?)

Assuming that security devices will never fall into the wrong hands or be used in the wrong environments is folly.

goomSeptember 9, 2010 3:14 PM

>>>I don't see your point. Maybe you could clarify?

Just few thinks. Theres lack of information: ex. about limitations of using. The standard european IDs have chips too, but it used only by reader devices in hands of official person, and possibly, with some additional couple of things like web cam and personal senior official responsibility. May be those devices must be used only like regular arrangements for standard online banking? And I have not sence to do important deals without seeing eyes of opponents, like mentioning with school teacher. May be the goal is reducing burocracy? At least be bright possibility to change PIN or password, and other ways to stronger human authentication.

RobertSeptember 9, 2010 3:26 PM

Your best pattern and verification readers are going to be humans. Technology just makes it easier to steal and for governmental clandestine operations that is exactly the goal.

goomSeptember 9, 2010 3:43 PM

@Robert
>>>governmental clandestine operations that is exactly the goal

Please explain. Does you know something, that I can't or wan't?

RobertSeptember 10, 2010 1:42 AM

@Clive
"It's why the design and implementation of ID cards like voting machines should be fully open right down to the chip mask level."

WOW sorry but I have to disagree!
Fancy crypto algorithms are great BUT IMHO the real system safety comes from the undocumented "features" especially when it comes to defeating experienced hardware hackers.

The problem is really one of creating an unknown "Cost" for the attacker. The attacker needs to be frustrated by trap after trap and be asking themselves, If I get over this hurdle then what's next?

Fully documented systems (right down to the chip level) cant implement tricks to keep critical components of the system secure. You also cant implement "hardware honeypots" to divert an attackers focus away from the really valuable contents.

Sure given infinite time and infinite budget the attacker will learn to avoid all the built-in pitfalls. The sad truth is that, a longer unhacked time is all that we can ever hope for with respect to smartcards.

Clive RobinsonSeptember 10, 2010 6:33 AM

@ Robert,

"Fancy crypto algorithms are great BUT IMHO the real system safety comes from the undocumented "features" especially when it comes to defeating experienced hardware hackers"

Ahh you and I are working under a different set of assumptions ie Online -v- Offline operating.

Your hardware tricks are for systems designed to work off line, where as I'm looking at online usage only.

The reason is that a human usable pin has nowhere near enough entropy to protect encrypted data on the card. Thus to even have a chance of being secure the key has to be stored compleatly seperatly from the card.

Also data can be stored under a large number of non related keys. So for instance medical information can be stored under one key, basic ID info under another, more invasive ID under another.

Thus you can view the card reader as a data viewing client to the card as a secure data server with "ticket" access granted through an authentication and key server.

If you think about it it is possibly the only reasonable model that alows sufficient scope outside of a central database that will alow the full strength of the encryption and data seperation it can give to be brought to bear on the data when not held centraly (where the user has no control over it).

Appart from the data all the functioning should be transparent otherwise the system integrity with respect to the data will come under question.

As for voting systems by definition they have to be fully transparent to be trusted as must a whole host of other applications.

As for "offline" systems by definition they cannot be made secure because the attacker has physical access to both the data and the key it is held under, thus they will never be appropriate for holding any kind of PII that needs (or the user requires) to be controled by the user.

ThomasSeptember 10, 2010 7:01 AM

The only thing that suprised me was the fact, that the eID card was shipped out with a cardreader without a keypad. It was obvious that this could be hacked... and it should have been obvious to the BSI

hwKeitelSeptember 10, 2010 7:28 AM

The problem in Germany is, that the politicians think chip-card technology will solve the problems of the country. A health card, ID card, latest idea: "bonus card" for poor people, so they don't have to pay for the childrens sports club etc.

but this technology doesn't solve the problem. In the latest example it's just a pittance card.
The security (card) industry has some good friends in Berlin.

hwKeitelSeptember 10, 2010 7:47 AM

but people in Germany should be more upset about the ePostbrief and De-Mail. that are systems for "secure" correspondence on the internet.
Deutsche Post says: the letter goes online. but the fact that an old-school letter is under the "Briefgeheimnis" (privacy of correspondence and posts) and an email under a telecommunication law (secrecy of telecommunications).
the later law gives much more power to police etc. (and the Deutsche Post? like google reading you mail) and the fact that an email is digitally analysable and easy / cheap to store. so a handwritten letter is a bigger barrier.

pixelSeptember 10, 2010 9:38 AM

quote from a recent tv program,

digital data is easier to forge than a written paper.

I can see that this is actually true especially for the technologically adept.

Marsh RaySeptember 10, 2010 5:20 PM

It's reasonable to expect that most parts of the system can and will be compromised some of the time: web server, PC, and the reader terminal can be fake. So unless the card itself has a display on it to display the details of the transaction, there's no way the user really knows what he's agreeing to. If you stipulate that the reader terminal is trusted too, well, then folks will either have to carry their own terminal around with them or make a leap of faith whenever they plug in this card.

hwkSeptember 11, 2010 2:16 AM

@Marsh Ray

what about a virus/worm (what ever) that flashes the firmware of the card reader? as long as the card reader is conected to a comuter (and the internet) there will be a way to "hack" this systems at the users home without breaking in. especially as long as the most people in Germany use the same hardware.

Nick PSeptember 11, 2010 12:06 PM

@ pixel

Depends on the integrity mechanism. Data is easy to forge, but digitally signed data is harder to alter than paper equivalents. Any slight alteration dramatically changes the hash and resulting signature, whereas altering a paper copy does nothing to the signature or apparent validity. The problem isn't the nature of data: it's the poor methods we use to enforce information flow policies and the market forces that ensure better ones aren't adopted.

And recently, even pixels are protected thanks to the Aussies' Digital Video Guard. ;)

Jim ASeptember 13, 2010 8:05 AM

Just like an SSN, the system is only as trustworthy as the LEAST trustworthy person with access to a reader. Because hacking a reader with an attached keypad is a trivial exercise. At a fundamental level security is complementary to universality.

Earl KillianSeptember 14, 2010 5:11 PM

ID cards should store one million random 128-bit values, and only hand out the next value in response to a query (with a limit on the rate of queries). The user of the 128-bit token would have to consult a server to download information about the card's holder. The information that could be downloaded from the server would depend upon a need-to-know basis (e.g. some uses might allow a phone number to be accessed, others not).

It would take a pretty big hash table to look up all the random IDs, but it should be feasible.

Curt SampsonSeptember 14, 2010 10:13 PM

Does anybody have any further details on exactly what sort of system the ID cards are using? If they're using something like Sony's Felica, for example, where the "chip" is really a small CPU that does its own PK processing to validate requests and sign responses, many of the attacks being discussed here aren't relevant. For example, getting hold of a reader does you no good because the reader neither contains keys nor is able to decrypt the data passing through it. (The communication is encrypted between the card and the server to which the card is talking which is why, for example, I can safely [for some reasonable definition of "safely"] recharge my Japanese train company's application in the Felica chip in my phone via an Internet connection.)

Readers of course can be compromised, and when the reader is supplying the PIN to the card this can be fairly easily sniffed when part of the "reader" is actually Windows software, as is the case with a combination USB Felica communications device and a Windows program. The software in my (non-smart-) phone would be more difficult to compromise.

For one Felica security analysis, see: http://courses.ece.ubc.ca/412/previous_years/...

StephanieOctober 13, 2010 7:33 AM

Security system should really be strengthened if we are decided to pursue national ID and we want it to be successful in the implementation. Hackable identification cards are a big problem and treat.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..