This presentation is based on the article and the IEEE paper from today’s reader. It’s intended to highlight the security and privacy risks associated with radio-frequency identification systems.
RF-ID works with a reader and a tag attached to an object. The reader sends a message in the form radio waves to the tag. Similarly the tag returns an answer in the form of radio waves.
There are two types of tags. The passive tag is non-powered. When the reader talks to it, the signal from the reader provides it the required charge to talk back. Active tag has an on-board battery, memory and clock. Active tags are writable and more secure but also more expensive.
Currently most emerging uses of RF-ID are happening in the shopping stores, auto-industry to tag auto-parts, toll-gates to avoid standing in the line, various security applications (Viagra) and ID systems.
Before I go into more details of the security aspects, I’d like to present two generalized scenarios that capture the most basic security concerns. In scenario 1, the question arises in regards to device authentication. Does the Reader trust the Tag or vice versa. Without trust, how secure is for two devices to talk to each other?
In scenario 2, assume the tag and the reader trust each other but their communication channel is unprotected. Therefore, someone in the proper range with radio-wave capturing device can listen to the messages in transit. The picture here depicts passive eavesdropping, but if the eavesdropper were to intercept the messages and alter them, then it becomes a man-in-the-middle attack, which is obviously more harmful.
There are other more sophisticated attacks such as …
This a short intro about E-passport. It is what it implies. A passport that can be used electronically for some purpose. It fuses RF-ID and biometrics technology to identify individuals. It follows standards International Civil Aviation organization. The above is a sample list of countries that use E-passports.
ICAO standards provide a list of mandatory and optional operations to be supported by E-passports. If one implements only the mandatory operations, one has to deal with several security flaws. The data in the chip can be read by anyone nearby with a reader. Uninformed wireless transmission means the passport holder doesn’t know when and which reader is reading data from the passport. . Data in transit is unprotected as we saw before.
Here’s an example of an E-passport. I got it from a website. As you can see the chip on the passport contains your identification data and biometric data. It communicates in 13.56 frequency. A hacker in proper range can pose security and privacy concerns.
Now I am going to go over the details of various potential attacks that can jeopardize your privacy. Here we assume, one implements only the mandatory features of ICAO standards. Clandestine scanning happens when a malicious party just reads the data off the chip.
Clandestine tracking happens due to static chip ID stored in the chip. As you move from one location to another, readers in these locations can identify you based on the unique ID. This creates a trail of your movement.
Skimming and Clone happens when because the data in the chip is unprotected, someone can steal it and put it in their own passport. If there’s not a human oversight in the reader location, the fake passport will be accepted as valid. Biometric data is forged by wearing a mask or gummy finger.
We saw eavesdropping before. But here’s an more grave situation that can happen. Currently E-passports are envisioned to be used in airports, but with more popularity it might see use in e-commerce, access to high security labs, which might cause unforeseen security risks. Labs might require a different set of identifiers to be stored in the chip than airport customs. This effect can help an eavesdropper collect a vast amount of data about you.
Biometric data leakage. To use biometric identifiers, one needs to go through a biometric enrollment process where high quality pictures of the face or iris or whatever it is taken and they are run through an extraction algorithm to create a template. The template in turn is stored in the chip. Now going back to clandestine scanning/eavesdropping, the hacker can get hold the biometric template.
This slide shows what happens when the bio template falls in the hands of the hacker. He can use it at other places to forge his identity.
Next problem is perpetual access. ICAO prescribes an optional operation for basic access control. But the access control keys remain the same until a new passport is obtained. Which means a reader that gets hold the key, can store it and has access to it forever.
In summary, the attacks can be grouped in two categories. The first one is you lose your identity. The second is tracking or hotlisting which means a history of your movement can be built and a malicious party can identify you based simply on the unique ID of the chip without any other identifiers such as photograph or name.
ICAO prescribes some optional security features. Access control is of them. It allows the tag to make sure the receiver is authentic. This is the crypto process that does the access control. In the first step, the tag sends a 64 bit nonce to receiver. The receiver than creates two nonce, one secret and one public. It concats these nonce and the one received from the tag. It then encrypts that with the key KENC. CR is then mac-ed with KMAC. Thing to remember is KENC and KMAC are symmetric keys, so both parties have access to it.
Active authentication is another optional procedure. It allows the receiver to authenticate the tag. The process allows the tag to prove to the receiver that it has the correct combination of public private key pair.
This is the only mandatory crypto operation in ICAO standards. Passport issuing country digitally sign the identifiers and biometric data in the chip. But this process only assures that data in the chip has not be tampered with, but makes no guarantee about the person carrying the passport.
We need to revisit access control crypto process to show a weakness in there.
ICAO standards specifies a max number of bits used in access control keys to be 52 bits. This creates a low entropy for the keys. Entropy is the uncertainty involved in tracking a scrambled number back to its original.