Category:Passport

From LentzWiki

Tracking information about the new biometric passport

Contents 1 Intro 2 Attack Vectors 3 References 4 Related

Intro

This new passport is being introduced in many countries around the world. It contains a wireless RFID chip (see ISO 14443 standard). There appear to be a number of technical and policy issues with these new documents.

Attack Vectors

There are a number of possible attack vectors on the RFid chips used in e-passports including

• RF active attack, Just powering on the device returns a globally unique id as we currently understand it these id's are assigned in blocks to different countries
• RF Passive scan attack Using a high gain passive antenna you could intercept the communication with an authorised reader
• RF Side band attacks using variance in the EMF field to determine what the data is on the device.
• Cryptographic attacks
  • SHA-1 is known to be broken.
  • The items used to generate the secret key for BAC decryption don't contain enough entropy and aren't secret

References

• Security and Privacy Issues in E-passports by Ari Juels, David Molnar, and David Wagner
• RFiD Kills an american site objecting to rfid passports
• Bart Jacobs Radboud University Nijmegen & Technical University Eindhoven, The Netherlands.
  • A Security Review of the Biometric Passport (together with Ronny Wichers Schreur)
  • Crossing Borders: Security and Privacy Issues of the European e-Passport (Jaap-Henk Hoepman, Engelbert Hubbers, Bart Jacobs, Martijn Oostdijk, Ronny Wichers Schreur)
• How to clone the copy-friendly biometric passport (The Register)
• Security expert cracks RFID in UK passport (IDG News Service)
• Elektor RFID Reader (Elektor construction project, UK)
• RFID / Biometric Passports talk (Harald Welte, Oct 2005)

Related

• Australian national ID Card - (proposal, 2006)

This category currently contains no pages or media.