Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

British "Secure" Passports Cracked

Journal written by hard-to-get-a-nickna (965978) and posted by CowboyNeal on Fri Nov 17, 2006 07:31 AM
from the trust-us dept.
Encryption Security Privacy
hard-to-get-a-nickna writes "The Guardian has cracked the so-trumpeted secure British passports after 48 hours of work: 'Three million Britons have been issued with the new hi-tech passport, designed to frustrate terrorists and fraudsters. So why did Steve Boggan and a friendly computer expert find it so easy to break the security codes?'"
+ -
story

Related Stories

[+] Your Rights Online: E-Passport Cloned In Five Minutes 259 comments
Last month a panel of EU experts warned that the e-Passport's security is "poorly conceived", and in fact a week later a British newspaper demonstrated a crack. Now another researcher has shown how to clone a European e-Passport in under 5 minutes. A UK Home Office spokesman dismissed it all, saying "It is hard to see why anyone would want to access the information on the chip."
[+] Your Rights Online: Disabling the RFID in the New U.S. Passports? 294 comments
slashchuck writes "Along with the usual Jargonwatch and Wired/Tired articles, the January issue of Wired offers a drastic method for taking care of that RFID chip in your passport. They say it's legal ... if a bit blunt. From the article: 'The best approach? Hammer time. Hitting the chip with a blunt, hard object should disable it. A nonworking RFID doesn't invalidate the passport, so you can still use it.' While this seems a bit extreme, all indications seem to be these chips aren't very secure. How far will you go to protect or disable the RFID chip in your passport? Do you think such a step is necessary? Does anyone have an argument in favor of the technology's implementation here? "
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

British "Secure" Passports Cracked 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • News at 11 (Score:3, Insightful)

    by giorgiofr (887762) on Friday November 17 2006, @07:38AM (#16881966)
    Governments fail. Shocking!
    Remember, kids: government intervention is good.

  • Easy to clone (Score:5, Interesting)

    by SomethingOrOther (521702) on Friday November 17 2006, @07:44AM (#16881986) Homepage
    Home Office spokesman.
    "If you were a criminal, you might as well just steal a passport."

     Missing the point dude.
    If my passport gets stolen, I report it. It gets cloned, I've no idea somebody is impersonating me, screwing up my life (and others).
    Please people, support NO2ID [no2id.net] and tell Blair where to shove his flawed ID cards and CCTV cameras.

    • But no, this is great news (Score:5, Insightful)

      by Colin Smith (2679) on Friday November 17 2006, @07:56AM (#16882048)
      It means you can get away with all sorts of stuff and then claim "It wasn't me mate", someone must have cloned my passport.

      We do have some complete fuckwits in charge. Of course, we do have some complete fuckwits voting for them, so it kind of balances out. Someone care to suggest an improvement on democracy?

       

      • The UK is not a democracy (Score:5, Informative)

        by Anonymous Brave Guy (457657) on Friday November 17 2006, @08:05AM (#16882086)

        We don't have a democracy, in either the pure form (which is an unworkable ideal anyway) or the popular interpretation (which is much more sensible approach in practice).

        Blair has an absolute majority of MPs in Parliament, which effectively means he can force through almost anything. That doesn't mean an absolute majority of the electorate support him. Remember, Labour lost the popular vote in England at the last general election, and even with the support of MPs from our neighbour countries to prop them up, they still only received around 1/3 of the overall popular vote.

        Blair and co have gone about forcing laws through and creating legacies, but the simple fact is that they have no mandate to bring in the kinds of sweeping change they are championing, unless at the very least they also have support from the other main parties who brought in other people's votes. Clearly in many of these so-called anti-terrorism matters, they do not.

      • Re:Easy to clone (Score:5, Informative)

        by Richard W.M. Jones (591125) <rich@nOSPAM.annexia.org> on Friday November 17 2006, @08:28AM (#16882234) Homepage

        But that's exactly the point of this 'cracked' encryption: you *can't* clone the passport just by reading the RFID in someone's coat pocket.

        Well this is so, but if you read the FA then you'll see a more plausible attack involving someone who knows your name and address (the postman in that case). Nevertheless it seems the fundamental problem here is that the key on the chip can be brute-forced. A simple change ought to fix that - either have the chip shut down after three incorrect keys have been tried, or (better) have it implement an exponential back-off for each failed attempt.

        Rich.

        • Re:Easy to clone (Score:5, Insightful)

          by Calinous (985536) on Friday November 17 2006, @10:28AM (#16883362)
          Even better: read a passport's chip, follow the man until he reaches his car. Make a small accident (your guilt), and let repairs be solved the official way - you will know his name (full name), address, and maybe other info from the exchange of insurance info

  • How indeed ... (Score:3, Informative)

    by spellraiser (764337) on Friday November 17 2006, @07:47AM (#16881996) Journal

    I just finished reading the article.

    In short, the weakness lies in the fact that although DES3 is used to encrypt the communication between the passport chip and the reader, the key is based upon data that's available on the passport:

    By last month, Booth, Laurie and I each had access to a new biometric chipped passport and were ready to begin testing them. Laurie's first port of call was the ICAO's [International Civil Aviation Organisation] website, where the organisation had published specifications for the new travel documents. This is where he learned that the key to opening up the secure chip was contained in the passports themselves - passport number, date of birth and expiry date.
    ...
    The Home Office has adopted a very high encryption technology called 3DES - that is, to a military-level data-encryption standard times three. So they are using strong cryptography to prevent conversations between the passport and the reader being eavesdropped, but they are then breaking one of the fundamental principles of encryption by using non-secret information actually published in the passport to create a 'secret key'. That is the equivalent of installing a solid steel front door to your house and then putting the key under the mat.

    • Re:How indeed ... (Score:5, Insightful)

      by pe1chl (90186) on Friday November 17 2006, @07:55AM (#16882044)
      This is because the encryption is not supposed to make the content inaccessible.
      The reader at the cutoms employee's desk has to be able to read the passport data. It has to know the key.
      Instead of installing a super-secret key in all readers around the world (and having to pray that it does not somehow leak out), the designers opted to use a separate key for each passport and have it printed on the passport itself, so that it can be used by the reader.
      This is only intended to protect against the "reading in the metro" scenario. Not to protect against reading your own passsport using an RFID reader.

      Also, many scenarios written after such discoveries assume that the readability of the data implies it can be modified to commit fraud. This is not true. The data is signed using public-key encryption, and modifications are easily detected by the reader.

      • Re:How indeed ... (Score:5, Informative)

        by xoyoyo (949672) on Friday November 17 2006, @08:12AM (#16882126)
        If you read the TFA you'll find that it doesn't make any claims about being able to modify the data. It does however go on to list the ways an attacker might retrieve the data and make use of it.

        To be fair to the system designers it does make the whole system a little more secure in that the data on the chip has to be matched with the paper information. But only a little: if I found someone who looked sufficiently like me AND I could gain access to their passport the system is just a compromised. Arguably moreso as the claimed extra security will lead to an unjustifiable rise in trust.

        Considering the following scenario: a crooked hotel clerk (in Europe you usually have to show your passport when checking in) takes your passport "to be photocopied". Using the key information on the passport they clone every passport that comes their way. This way they can build up a stock of passports matching all conceivable faces to be resold. This actually becomes more useful the longer the system is in operation as the ten years of a usual passport's lifespan can make your face change dramatically.

        The end result is a system only marginally more secure than before.

          • Re:How indeed ... (Score:5, Informative)

            by xoyoyo (949672) on Friday November 17 2006, @08:29AM (#16882244)
            No, the 24 hours the article gives is if you can't see the password but you know some information about the target. If you have access to the actual passport access is instantaneous. Effectively a cloner just does exactly the same as an immigration control officer.

  • Governments and computers don't mix (Score:4, Insightful)

    by geoff lane (93738) on Friday November 17 2006, @07:51AM (#16882018)
    The dumb thing is that the personal information is SUPPOSED to be unencrypted - it's part of the spec. Thus, the 3DES (Ha Ha) encryption of the "hello" connection is irrelevant; though if the key really is based on public information it looks like someone really has lost the plot.

    In any case, isn't 3DES being phased out because the cost of cracking it has fallen dramatically recently?

  • Nothing to see here... (Score:5, Insightful)

    by ericlondaits (32714) on Friday November 17 2006, @07:51AM (#16882022) Homepage
    The author of the piece (yeah, TFA) gets his panties in a bunch because the encryption key of the passport (which has the data encrypted with 3DES) is passport number, date of birth and expiration date. Then he says:
    So they are using strong cryptography to prevent conversations between the passport and the reader being eavesdropped, but they are then breaking one of the fundamental principles of encryption by using non-secret information actually published in the passport to create a 'secret key'
    What fundamental principle of encryption are they breaking? If anything, a fundamental principle of encryption is that there can't be such a thing as a "secret key" if you're either putting it in the passport or if you're deploying it to everybody that needs to scan passports (remember DVD encryption?).

    What's important is to have the data in the passport (along with the picture) digitally signed, in order to avoid tampering. The article claims that these passports are indeed signed and they didn't break the signature. Big surprise, since all they did was get a RFID reader and decrypt 3DES with the key right in front of them.
    "If you can read the chip, then you can clone it," he says. "You could use this to clone a passport that would exploit the system to illegally enter another country."
    Don't see how you can... but anyway an exploit would be a problem with the reading software, not with the passports. And it could be more easily patched after deployment.

    The article then presents some more valid points... but these have nothing to do with the basic encryption being broken. FUD mostly, surprise, surprise.

    • Re:Nothing to see here... (Score:5, Interesting)

      by archeopterix (594938) on Friday November 17 2006, @08:25AM (#16882218) Journal
      "If you can read the chip, then you can clone it," he says.
      Don't see how you can... but anyway an exploit would be a problem with the reading software, not with the passports.
      The "read -> clone" implication might be a bit of an overstatement, but if the chip identifies itself (and the passport) to the reader by revealing _all_ of its contents, then the only barrier to cloning is the availability of programmable RFID chips. Cryptographically speaking (*), they could have done better. There exists something called zero knowledge protocols [wikipedia.org] which makes it possible to identify a party without revealing the secret information used for identification, i.e. without helping the potential cloner.


      (*)I don't know whether RFID chips are capable of implementing zero knowledge protocols (they require some computing power), but if they can handle 3DES, then the answer is probably yes.

  • fake passports in 911? (Score:5, Insightful)

    by testadicazzo (567430) on Friday November 17 2006, @07:55AM (#16882042) Homepage
    from the article:
    irst it is necessary to explain why the new passports were introduced, and how they work.After the 9/11 attack on the World Trade Centre, in which fake passports were used, the US decided it wanted foreign citizens who presented themselves

    Is this true? I had the impression that the 911 terrorists had valid ID, but I haven't read the 911 commssion report...

    Can somone point me to some information confirming or disproving this assertion?

  • The article is missing one word. (Score:5, Insightful)

    by Big Nothing (229456) <big.nothing@bigger.com> on Friday November 17 2006, @08:01AM (#16882068)
    FTA: "Remember, information - such as a new picture - cannot be added to a cloned chip."

    I believe the missing word is "yet".

  • "This doesn't matter" spin (Score:5, Insightful)

    by dpbsmith (263124) on Friday November 17 2006, @08:20AM (#16882174) Homepage
    Oh, how I hate this kind of spin: "This doesn't matter," says a Home Office spokesman. "By the time you have accessed the information on the chip, you have already seen it on the passport."

    It matters a great deal because what they said couldn't be done can be done.

    It transpired a couple of years ago that some models of the expensive Kryptonite bicycle lock could be opened with a BIC pen. The Kryptonite company could have spun this by saying "This doesn't matter, because the security expert who demonstrated this didn't really steal the bicycle, and bicycle owners actually keep their valuables in their safe deposit boxes."

    What the Kryptonite company really did was acknowledge that this was a serious problem and recalled all the locks.

    Would that the UK government addressed the security problem instead of the PR problem.

  • People, people, people (Score:5, Informative)

    by ajs318 (655362) <sd_resp2@earthshod.[ ]uk ['co.' in gap]> on Friday November 17 2006, @08:42AM (#16882342)
    Have we learned nothing?

    The article states that if you can see the human-readable part of the passport, or even just take a good guess at the details, you can extract the rest of the data from the RFID chip -- and clone it. Encryption is used to ensure that nobody can eavesdrop on a transaction once initiated, but that doesn't help the fact that every transaction is presumed legitimate -- and the very nature of RFID means that you aren't always able to know that a transaction is taking place. If there isn't a human being checking passports, just a machine -- and one day, that is exactly how it will be -- one of those cloned RFID chips will be enough to get you past it.

    Attempting to automate people out of the loop is asking for trouble, because we can always know what tests a machine is performing and falsify the results. Criminals are not stupid -- and smart people can often be bought. If the anticipated returns are high enough, you can be sure that someone will put up the stake. Security through obscurity is worse than no security, because it leads people to believe that their details are safe when they are not.

    By the way, if you want to see how easy it is to commit identity theft, start here [google.co.uk].

    • Re:No surprise there then (Score:5, Funny)

      by baadger (764884) on Friday November 17 2006, @08:03AM (#16882078)
      Computer security on such a large scale is very, very difficult to get right.

      They should have called in the experts, Microsoft!

      "Sorry sir you can't travel this evening as you haven't run your RFID chip through Passport.NET Live Update recently. We recommend you do this every second Tuesday of the 6 months proceeding travel or you may lose your right to enter your home upon return."

      "Sir, do you have the 25 digit customs key for your new passport? It should have been printed on the back of the envelope it came in."

      Passenger: "Excuse me, I'm having some problems with Genuine Passport Activation. I paid £66 [ukpa.gov.uk] for this a month ago but when I tried to board the International Express 737 this morning I was told that wasn't genuine."

    • Re:Another DRM? (Score:4, Informative)

      by Decaff (42676) on Friday November 17 2006, @08:06AM (#16882088)
      The security algorithm was good. The problem was they did not keep the keys secure.

    • Re:Another DRM? (Score:5, Insightful)

      by Anonymous Coward on Friday November 17 2006, @08:38AM (#16882306)
      The basic problem isn't the algorithm they choose. It's that their goal is incompatible with security.

      They wish to establish a world where all people can be instantly identified, correlated with commercial profiles, and tracked wherever they travel.

      How can this be done "securely"? It cannot.

      Let's assume you get these politicians to understand some basics of encryption and physical security (and good luck with that). So, you now have a system where all people can be instantly identified and tracked by the government. Secure from... what, exactly? Secure from being tracked by unauthorized people?

      Who is unauthorized, and why? I certainly have no say in who gets authorized to track me. Thousands or hundreds of thousands of random workers have access to the "authorized" level. This doesn't sound very "secure" to me.

      It's like an electrocution collar you get to wear around town, "secure" in the knowledge that its encryption protocol is flawless. The only people who can activate it are from the police department, or friends of police officers, or people who sneak into the police building and use a computer there when nobody's looking. It is secure, and cannot be triggered except from the police station. Yet, in the broader sense of security, the mere fact of the collar's existence around my neck is the absolute opposite of security.

      It doesn't really matter how secure they make the algorithms. A system whose purpose is to authoritatively track and identify all individual humans "from above" is insecure, by definition.

      • Re:Another DRM? (Score:5, Insightful)

        by Alioth (221270) <dyls@alioth.net> on Friday November 17 2006, @09:48AM (#16882880) Homepage Journal
        That's a big part of the problem. Whose retarded idea was it to use RFID? Wouldn't, say, a smart card chip like the chip & pin card in credit cards have been MUCH better because then you actually need to physically have the passport in your hand to read it - instead of being able to read it through envelopes, clothing and the like with no evidence that it's been read?

        • Re:Another DRM? (Score:4, Informative)

          by Ken D (100098) on Friday November 17 2006, @01:52PM (#16886954)
          There was a specific requirement for a contact-less solution as they were concerned that any contact would potentially wear out after 10 years of frequent travel.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.