MRTD risks
The reinvention of the wheel
The description language for data structures ASN.1 follows the same idea as XML: If offers a language description (Lex) that defines the document format. This allows creating a parser and an automated data generator by providing a processor with the language description. As a consequence it should be possible to easily create complex protocol parsers with already existing and tested libraries and quickly verify data correctness. However, this only works if the ASN.1 standard is observed – which the MRTD does not.
Those responsible for the planned travel documents created new tags with the ICAO standard – and reinventing the wheel. Because of that, instead of the automatically generated one a handwritten parser is necessary. At least the data are encoded according to the X.690 standard.
The X.690 standard describes data encoding in TLV (type-length-value). The basic encoding rules (BER) laid down in this standard describe how certain syntax notations in ASN.1 are mapped to the TLV structure. Those responsible for the new electronic passport chose a different way though: Instead of describing the passport's data structures in ASN.1 they just kept the TLV format that is actually fully defined by the BER. Thus they defined tags that, according to the BER could never exist. Because of that, there is no way to describe the passport's data using ASN.1, since a BER compatible ASN.1 encoder would create a different TLV-encoding. As a consequence also in this case a parser has to be built by hand or exceptions have to be be inserted into standard libraries. This yields the result, that future passport checks require purpose-built readers and cannot use standardised ones.
Basic cryptographic security
When performing the so called basic access control (BAC) cryptography first comes into play. However, one can't help but think that this concept offers only little security. In order to prevent passer-bys from reading the electronic passport, an – only optional – protection of the transmission line, the radio interface, is intended. The data in DG1 and DG2 however are stored in plain text.
In order to allow a tap-proof connection, this connection has to be encrypted. The key used for the initiation of this connection is generated from the MRZ. How this works in detail can be seen in the ICAO standard. The reader has to (optically) read the page with the picture and the printed MRZ. The software then uses these data to generate the key that is used to set up an encrypted connection between the reader and the RFID controller. This way the reader signs on to the passport. If the key is incorrect, the passport cannot be read. The BAC encryption is optional, it is left to the passport issuer. If a passport supports it, it cannot be read in plain text.
So, in order to read a passport, the owner's name (spelled correctly), the birthday and the document number are required. However, these data, which are printed in the second line of the MRZ, are by no means secret. Not only the passport's owner but also every hotel or bank that occasionally stores passport numbers for reasons of security, e.g. when withdrawing money, know these data. All other necessary information can be found in standing data. Thus also unauthorised people can generate a key.
Next problem: Since according to the ISO 14443 standard every day has to have a unique chip ID, it would be possible to track the movements of a passport's owner, without a BAC procedure. In order to prevent this, the ICAO standard intends to use random data for the ISO 14443 ID, that is regenerated every time the chip is initialised. Due to the low entropy in this case it needs to be investigated, in how this procedure can provide truly random data, because if the random number's range is too small, it is possible to draw conclusions as to the common origin.
Extended access control
The so called extended access control is supposed to restrict access to
the data groups DG3 and DG4 (DG3 and DG4 are not used in the already
provided electronic passports of the Federal Republic of Germany). This
shall be achieved by encrypting the data object. For decryption a public
key infrastructure (PKI) has to be established on a global basis, for all
participating countries. With only temporary valid certificates it shall be
possible to read data from DG3 and DG4, either online or using a reader. It
is however still unclear, how the Certificate Revocation List (CRL)
, that
includes invalid certificates or their serial numbers will be handled and
where it will be stored. But as long as a lost root certificate cannot be
recalled, it can be used by computer criminals to electronically forger
data groups.
In order to prevent the manipulation of DG data, a hash value is computed over every data group. A kind of master hash value is then computed over the sum of all hash values and signed with the country certificate of the issuing country. The reader holds a list of the public keys of all participating countries. Using these it can validate the included data after reading the electronic passport's structure and computing the according hash values. This signed hash value will be stored on the chip in the EF.SOD sector.
Vulnerabilities in the concept
In order to successfully check the hash data, the signature has to be read after intensive format parsing. To do this, the inspection system first reads unchecked data, that are then parsed by the newly created ICAO formats. The whole system's complexity and the lack of possibilities to reuse existing, already audited libraries make programming errors more than likely. The inability to program syntactically correct parsers and to properly handle formats has in recent years been the most common reason for software vulnerabilities, not the actual cryptographic procedures.
ICAO's complex muddle of formats causes several weak spots:
- Many Formats, that are hard to implement; Data are first read unsecured and have to be picked apart by a jumble of standards and proprietary procedures in order to be validated.
- The key used for basic access control is in no way connected with the MRZ, which is stored in DG1. It is thus possible to plant data into the system by using an other MRZ. The inspection system has to compare the printed MRZ with the one provided by DG1; but only after parsing the data. This again provides opportunities to attack the systems.
- If the data for BAC are known it is possible to read the passport data at any time and store them on another dual-interface card, that also observes the ICAO standard. From the perspective of an ISO 14443 reader or an automatic inspection system, that does not validate the other (optical) security features, those plain tags look just like a regular electronic passport. This vulnerability has been demonstrated by the Lukas Grunwald at this year's blackhat conference. A manual/optical check by a customs official will (hopefully) still lead to a refusal of the passport.
- It a country's private key is lost or (very unlikely) cracked, there is no way of recalling it. Instead the passports of all citizens would have to be collected and replaced, which would hardly be possible in reality.