E-Passport: The Global Traceability

or How to Feel Like an UPS Package

Dario Carluccio, Kerstin Lemke-Rust,

Christof Paar, and Ahmad-Reza Sadeghi

Horst-Görtz Institute for IT Security

July, 14th 2006 Workshop on RFID Security

 Electronic Passports

• Specification for Machine Readable Travel Document (MRTD)

• Claimed Goals
• Protection of individuals against identity theft and forgery by storing
biometric information in a chip included in passports
• Better traceability of terrorists and other criminals
• Increase national security

14.7.2006, Slide 2
 Current Situation

• Security and privacy problems have been pointed out by experts

• Successful attacks have been mounted on
• e.g., on Netherlands e-passport by Riscure
• Most security mechanisms are optional
• Trust Model and relations have changed
• new parties involved such as service providers, CAs
• No complete security analysis including trust relations available publicly
• Future plans require update of chip data (visa information) but not analyzed
thoroughly and publicly
Our goal
• Revisit privacy problems (Germany as use case)
• Present feasible devices to exploit vulnerabilities of current
implementation of Basic Access Control
•enables large scale tracing of e-passport holders
• To draw public and authorities’ attention to existing problems and to
care when employing a new technology for citizens in security critical
areas
14.7.2006, Slide 3
 What is going on in Germany?

• E-Passports issued since November 2005

– Validity of 10 years
– If chip defect, passport remains valid
• Storage of fingerprint enforced from 2007
• Electronic identity card planned from 2008
• Personalization done by privately-owned
company (Bundesdruckerei)
• Debates on
– central storage of biometric data (June 2006)
– new business models for funding biometric ID Cards,
e.g., selling biometric data to service providers (June 2006)

14.7.2006, Slide 4
 Overview of E-Passport
• RFID Communication between secure chip and reader
• Distance passport – reader < 30cm
• Stored data on chip
– Name
– Passport No
– Date of birth
– Date of expiry
– Biometrical data (facial Image, fingerprint, …)
• Main cryptographic components
– Passive Authentication (mandatory)
uses digital signature by issuer (data signed)
– Active Authentication (optional)
deployed against anti-cloning
– Basic Access Control (BAC) (optional)
establish secure RFID communication
– Extended Access Control (ratified recently)
chip and terminal authentication

14.7.2006, Slide 5
 Basic Access Control (BAC)
• Prevent unauthorized read access
• Key derived from data printed on the passport
(note: only a part of Machine Readable Zone MRZ)
– Passport No
– Date of birth
– Date of expiry
• Only an optional feature (specification)

MRZ K_Seed || '00000001' K_Seed || '00000002'

SHA-1 SHA-1 SHA-1

160 160 160

32 32 32
128 128 128
Triple DES Keys for Basic Access
K_Seed K_ENC K_MAC Control

14.7.2006, Slide 6
 BAC: Protocol Overview
Reader (IFD) MRTD (ICC)
RNDICC RNDICC ∈R {0,1}64

RNDIFD ∈R{0,1}64, KIFD∈R {0,1}128

SIFD:= RNDIFD || RNDICC || KIFD
EIFD:= EK_ENC (SIFD)
MIFD:= MACK_MAC (SIFD)
A:= EIFD || MIFD Decrypt and Verify EIFD || MIFD
KICC ∈R{0,1}128
SICC:= RNDICC || RNDIFD || KICC
EICC:= EK_ENC (SICC)
MICC:= MACK_MAC (SICC)
B:= EICC || MICC KSSeed:= KIFD ⊕ KICC

Decrypt and Verify EICC || MICC

KSSeed := KIFD ⊕ KICC
14.7.2006, Slide 7
 Key Entropy

• Part of MRZ used for BAC (Germany):

x1x2x3x4 y1y2y3y4y5 p<< jjmmtt p<< jjmmtt p<<
– x1x2x3x4 Behördenkennzahl BKZ (local agency number)
– y1y2y3y4y5 Serial number of passport
– jjmmtt Date-of-birth
– jjmmtt Date-of-expiry (10 years)

• Entropy model for BAC

• Date of Expiry depends on Serial Number of each BKZ
• However, for BKZ assumptions should be made
⇒ Reducing entropy
• Further entropy reduction possible
– Age can be guessed
www.pruefziffernberechnung.de
– City of residence can be guessed (at airport)

• Use cases for this work

• Netherlands: 35 bit entropy
• Germany: 40 bit - 51bit entropy (conservative estimation)
• Further breakdowns possible depending on assumptions
14.7.2006, Slide 8
 Tracking System
• Threat
• Ability to trace individuals by eavesdropping, recording and breaking the Basic
Access control
• Collecting information stored on chip in a database accessible over Internet
• Who is interested in tracking and such databases
• Criminal organizations and terrorists
• Detectives
• Commercial data mining agencies
• Technical requirements
• Eavesdropper device
– Can record communication between reader and e-passport from several
meters
– Installation at places with high e-passport density (e.g., at airports) may
need collaborators, e.g., insiders, maintenance and cleaning personal
• MRTD Cracker
– Performs key searching remotely

14.7.2006, Slide 9
 Basic Idea of Tracking System
RFID Database MRTD Cracker
eavesdropper

encrypted
MRTD Data

Date, Time,
Location,
encrypted
MRTD Data

Plain MRTD Data

(name, date-of-birth, facial image)
and Encryption key
Eavesdropping
communication
(basic access control)
14.7.2006, Slide 10
 RFID Eavesdropper

13,56+0,847

13,56-0,847
13,56

power
power
power

freq. [MHz] freq. [MHz] freq. [MHz]

Amplifier Mixer

Antenna
13,56 Mhz PLL 847 kHz
Detector 13,56MHz Detector

Reader to e-passport e-passport to Reader

PLL = Phase Locked Loop (used as 13,65 MHz signal generator)

Range of eavesdropper: a few meters depart from inspection system

14.7.2006, Slide 11
 MRTD Cracker

• With precompution
– Compute possible K_ENC
eavesdropped Data
– Memory needed to store K_ENC
RNDICC, EICC
– Cracker computes 3DES
PC Cracker
MRZ computes Key computes
SHA-1 Database 3DES

• Without precompution
– Cracker computes SHA-1 and 3DES eavesdropped Data
RNDICC, EICC

Cracker
computes
MRZ
SHA-1 and 3 DES

14.7.2006, Slide 12
 Implementations of Cracker

• Software based
– Low engineering cost
– Distributed computing
(computing nodes must be trusted)

• Hardware based
– ASIC
- cheap for large scale
- high non recovering engineering costs
– FPGA
- flexible architecture
- reasonable costs
- adaptation of Cost Optimized Parallel Code Breaker (COPACOBANA)

14.7.2006, Slide 13
 Hardware based mrtd craker

• Specialized cost efficient Hardware to compute

EICC := EK_ENC (RNDICC ) without pre-computation

stop
Counter Clock stop
Counter Clock stop
Counter Counter Clock stop
start value Counter Clock
(MRTD Data)
Crypto Engine
Crypto Engine A = B ? yes
Crypto Engine A = B ? yes
A´
A:= RNDICC SHA1 and 3 DES A = B ? yes
Engine A´ = B ? yes

B:= EK_ENC(A)

14.7.2006, Slide 14
 COPACOBANA: Overview

• Currently optimized for DES

• 480 pipelined DES engines (120 FPGAs, 4 DES each)
• Operating at 100 MHz
• Estimated capability
• 233 Triple DES keys per second
– a key space of 235 is completely searched in 4 seconds
– a key space of 240 in 2 minutes

14.7.2006, Slide 15
 COPACOBANA: Architecture
FPGA Module 20
FPGA Module 1
FPGA
FPGA
FPGA FPGA
Controller Card FPGA
FPGA
to FPGA FPGA
FPGA
PC FPGA
USB FPGA FPGA
FPGA
FPGA
FPGA FPGA
yesFPGA
yesFPGA
yesFPGA yesFPGA
FPGA FPGA
FPGA
Controller FPGA FPGA

14.7.2006, Slide 16
 Conclusion
• Global tracking of e-passport holders is a real threat
• We introduced a system architecture consisting of RF eavesdropper and MRTD
cracker
• Security and privacy of citizens must be protected when carrying and
using e-passports
• RFID technology in this context must realize privacy laws
– All basic principles of data protection law have to be observed when designing, implementing and
using RFID technology (see Marc Langheinrich‘s talk)
• Further technical discussion need regarding security evaluation (protocols), maintenance (PKI
issues, trust relations/models) and future changes

• Many issues are still unclear or confusing

• Some protection measures are optional
• Issuing states still did not increase entropy of Basic Access Control Keys
• Passport still valid even if chip is defect
• New players, their role and security of their work flows are not thoroughly analyzed
• Public debate on this important issue has come too short

• What is the choice for citizens to protect their privacy?

14.7.2006, Slide 17
 Further Work

• Extending operation range of RFID eavesdropper

• Performance analysis of implementation choices for MRTD Cracker
• e.g., optimizing COPACOBANA to be an efficient MRTD cracker
• Encourage more joint work with security experts, researchers and
governmental organisations
• Thorough and public security analysis of cryptographic components and
work flows

14.7.2006, Slide 18