MRTD design
The new electronic passport, which is actually called MRTD (machine readable travel document) includes, next to the classical passport security measures, a smart card controller, that communicates over an RFID interface that meets the ISO-14443 standard. Alternatively the smart card data can also be stored in a matrix bar code instead of a RFID controller.
The architecture holds certain weak points, that are however only obvious to those with a detailed knowledge of the passport's underlying concepts and technologies. After an introduction to these basics, we will present potential risks from the perspective of an IT-security expert.
First of all, the RFID chip's design: It uses a smart card controller of a type that is produced e.g. by Philips or Infinion. In most cases these are dual interface controllers, which means that they have a PIN interface (using the ISO 7816-XX standards) as well as an RFID interface. However, since travel documents are exposed to a lot of stress and have to last up to ten years the electronic passport's contact interface has been dropped in favour of the RFID ISO-14443 interface. The RFID reader has to be able to read the tag – as the RFID chip is often called – from a distance of less than 10 cm (about four inch).
Faster encryption with crypto hardware
After the card has been activated the operating system is loaded and programs can be executed. These programs are written in Assembler, C or Java and run directly on the smart card after being translated into the processor's machine code. The RFID chips that are used for electronic passports additionally include acceleration hardware for cryptographic functions.
The up to 72 kByte of data stored on the Chip inside the passport can be divided into two groups: in meta information (EF.SOD and EF.COM) and the files DG1 to DG4 (data group). EF.COM is a kind of index that includes information on which data groups exist on the tag. EF.SOD (security object data) includes the signed hash value, which is needed to verify its authenticity.
The individual data groups include the following information: DG1 stores an electronic version of the machine readable zone (MRZ), the machine readable line that is printed on the passport's first page. This data group holds information such as the document number, its issuer, its duration of validity as well as the owner's name and birth date. This file is mandatory.
DG2 holds the owner's picture, which should also be printed on the document itself. It is stored in CBEFF (Common Biometric Encoding File Format, ISO 19785). This format, which has been pushed by the industry lobby, creates a – superfluous – meta level, which includes the definition of the biometric format used in the document. The last two data groups, DG3 and DG4 are optional files, used for other biometric data such as iris scans and finger prints.