As mentioned by Bruce Schneier, FIDIS, a network of excellence on identification systems, has published the Budapest Declaration that lists security issues with the current electronic passport schemes. This is a very interesting read, as it outlines many potential issues.
One of them is related to the “victim identification” threat that interests me. Since the key used in the chip can be read from the passport, it can be read by anybody who has access to your passport. This opens the way to victim identification targeted toward a single person. The attack simply consists in listening to the authentication protocol and verifying that the victim’s MRZ data is actually used. If it does, you have then identified the victim.
The requirement to read the data seems difficult. However, there are many situations in which one may need to show a passport, including the following examples:
- In Europe, it is common to ask for a passport in hotels.
- In the US, some identification is often required when paying with a credit card, or when ordering a beer (if you happen to be young enough). When you are a foreigner, most clerks will look at your foreign ID’s with great suspicion, and in some cases, your passport may be your only “Photo ID.” As a conclusion, you end up showing your passport ten times a day.
- Many companies and administrations require you to show some identification to enter their premises. As a foreigner, you foten are required to show a passport. And no, I don’t believe that security guards should be trusted more than bartenders.
And of course, an attacker may have other ways to access your passport, for instance by infiltrating an insider.
As a final note, this attack is a difficult issue, since it is quite difficult to avoid without a shared secret, and shared secrets are not a realistic option for electronic passports.
No Comments