Doorway to the Panopticon
Part IV

By Scarmig
scarmig at fastmail.fm

Part III covered the physical design and security of the e-Passport. In Part IV, I cover the RFID chip, the logical data system, and the digital security features. More technical read-outs. No wamp-rats.

ISO 14443 Contact-less Integrated Chip

The International Standards Organization has specification 14443 for contact-less chip design for identification. The detailed technical specs of this design are available on their site for a fee, if anyone is interested. ICAO took this specification and narrowed it down to make the passport specifications universally applicable across all the member nations.

It is a radio-frequency ID chip, that’s the contact-less part. Mandatory minimum data size is 32k, although 64k is recommended, and some countries are implementing even larger storage capacities for their own purposes.

ICAO has specified the LDS, or Logical Data System so that all countries will implement data on the chip the same way. The LDS consists of 16 data groups. And here they are:

    MRZ – the same data that is in the Machine Readable Zone visible on the passport. Mandatory.
  1. Facial image sample – this is the mandatory digital photograph sample to be used for facial recognition. Usually about 20k in size. Conforms to ISO image standard SC37.
  2. Fingerprint image sample – Optional storage for fingerprint biometrics, should the issuing country choose to include it. Also ISO SC37 standard.
  3. Iris image sample – Optional storage for iris biometrics, should the issuing country choose to include it. Also ISO SC37 standard.
  4. Secondary facial image storage – Optional storage of a second image. This is for profile images, angled images much like the multiple angles taken for mug shots. Not SC37 standard as this will be country-specific (think National ID images).
  5. Reserved.
  6. Signature image storage – Optional image of the bearer’s signature.
  7. Substrate security features – Optional. This tells a chip reader what security measures to look for in the paper.
  8. Data structure security features – Optional. This tells a chip reader what security measures to look for in the data structure.
  9. Data security features – Optional. This tells a chip reader what security measures to look for in the data itself.
  10. Additional personal details – Optional name, alias, address, or document numbers. This is stored in national characters (whereas the rest of the document is stored in the Latin alphabet). This means that Arabic language names or Kanji could be reproduced accurately in the native alphabet and length here.
  11. Additional details about the document – Issuing agency, issue date, image of the document, observations, and amendments. Also in national alphabet instead of Latin.
  12. Optional data field – Anything the country wants to put here.
  13. Reserved.
  14. Active Authentication Public Key (in the future, this will be used to verify an authorize reader is attempting to access the chip).
  15. Emergency contact information – People to contact in case of emergency and their contact information.

In addition, there are six Secure Object Data fields that are stored in the protected memory of the chip. This is where the hash values and private keys for the encryption are stored.

So as you can see, there’s quite a bit of potential in these chips. Lots of room for governments to add what they want, and many of them are taking advantage of it. Germany is using the fingerprint field and the optional fields to tie their e-Passport to their National ID. Other governments will use them to tie into social service accounts and records. We can probably expect that someone will tie it into medical records.

But how is this chip authenticated and secured? So glad you asked.

Hashes, Encryption and Keys, Oh My!

The data on a passport includes a hash value of the data in the MRZ (Machine Readable Zone). What is a hash value? Pretty simple concept. A hash takes a string of characters and performs a calculation on them to get the hash value. For example, if we say each letter of the alphabet’s numeric value is its position, A = 1, B = 2, C = 3, and we have a hash formula of +4, then the hash value of “ABD” = 568, because A (1) + 4 = 5, and B (2) + 4 = 6. Usually hash formulas are far more complicated than that, but that’s the idea.

So the passport contains the data, plus the hash value of the data. If you want to verify that the data hasn’t been changed, you take the data, perform the hash calculation on it, and check and see if it is the same as the hash value stored on the passport. So in our example, if the hash value presented is 568, but the data on the passport is ABC, when we apply +4 to ABC we get 567 as a result, which is different than 568, and we know the data has been changed. Of course, the key to this, is keeping the hash formula a secret. If the formula gets out, a counterfeiter could alter the data, apply the formula, and then alter the hash value to match the forged data.

So the next step is to secure the hash value. This is done by encrypting the hash value with a 2048 bit encryption scheme. If you’re familiar with PGP, this stuff is the same. The hash is encrypted with a 2048 bit private key, which can only be unlocked using the appropriate public key. So when a government issues a passport, it calculates the hash value, and then encrypts it with its ultra-secure private key. That private key is recorded in the inaccessible-to-all-but-itself private memory of the chip (any hackers feel their spidey-sense tingling?).

When a reader wants to validate a passport, it looks at the data on the passport and applies the hash calculation. Then it takes the country’s public key and uses it to try and open the encrypted hash value stored in the passport. The chip matches the public key presented by the reader to the private key stored in secured memory and if they match, decrypts the hash value. The reader then compares the two hash values to see if they match.

So who secures the public keys? I am utterly ecstatic that you asked.

The public keys are shared among the issuing countries and to ICAO in what is called the Public Key Directory (PKD). This is a wide open directory of keys and anyone can download all the keys. Anyone. You, me, Joe Blow. This is because the keys are used to authenticate the data on the passport, not provide privacy protection.

Did you get that?

The idea is that anyone who needs to validate your passport can download these keys and use them to check that the passport was authentically issued and that the visible and machine readable data matches the data stored on the chip.

What’s to keep someone from using the public keys to reverse engineer the private keys and make their stolen passports authenticate? Fantastic question. My giblets quiver with joy. The ICAO PKD also keeps the Country Certificate Authority, which validates that the public keys are still valid. The recommendation is that each key be used for 90 days or a couple hundred thousand passports. When using a public key to decrypt a passport, the software should validate the key is still usable with ICAO. If the key is compromised, the validation fails and the software notifies the operator that the passport may be compromised as well. Yes, this means that if someone hacks a public key, several hundred thousand people will get pulled aside when they try to use their passports for extra special questioning.

So who secures the Country Certificates? Lots of men with lots of guns, knives, and sharp, pointy sticks. You knew it would come to that. It always does.

So what about privacy, now that I’ve brought it up?

Privacy was one of the biggest complaints about RFID enabled passports brought to bear by critics. And while the solution is not perfect, it does appear to satisfy at least some of the complaints.

ICAO recommends (recommends, not mandates), that e-Passports be designed with Basic Access Control (BAC) in mind. Basic Access Control is designed to prevent skimming of the passport. Skimming is what they call it when someone with a chip reader in their pocket waves it over you hoping to trigger the RFID chip and capture its data surreptitiously. BAC consists of two protections. One is that the front and back cover of the passport be lined with aluminum to shield the chip; an honest-to-goodness, official, tinfoil hat. This means that the book must be opened in order to transmit energy to the chip. The other part is the implementation of a read key consisting of the MRZ. The idea is that not only does the book have to be opened, but the Machine Readable Zone must be scanned and transmitted to the chip accurately before the chip will respond to requests. So even if your passport is open in your pocket, a skimmer wouldn’t be able to send the right sequence of characters to open the chip except if they were able to accurately predict the data in your passport right down to the check digits in the MRZ. Most countries are including BAC in their passport design. Some are not.

The other threat to privacy that ICAO acknowledges is the threat of eavesdropping, this being where, while a legitimate authority (boy do I hate that phrase) is reading your passport’s chip, someone with a hidden reader nearby is also receiving the transmission. Unfortunately, the recommendation to protect against this threat is a little weaker and consists of, “Make sure you buy passport readers that are shielded from eavesdropping”, thus putting you and me at the mercy of government competence and forethought. You can sense my confidence all the way over there, can’t you.

Unfortunately, ICAO, being a governmental agency, seems to have a rather convenient blind spot regarding privacy. Yes, they’ve selected standards and recommended guidelines that help protect my passport data from you, and you from me, but nothing, absolutely nothing, addresses the fact that a few million government agents at entry-level grunt-work border and security jobs will have access to our data through one of the most potentially abusive data networks in the world. They simply assume that each and every one of us can trust each and every one of them with our absolute holistic transnational identities. And considering the security levels in place, how hard to you think it will be prove “them” wrong if someone on the inside abuses the system?

Yeah, that’s my thought too.

COPYRIGHTę 2006 Clairewolfe.com AND SCARMIG
This article may be freely reprinted and distributed, provided that no changes whatsoever are made to any part of the text or titles and that the reprint carries this copyright line in full.