Part III covered the physical design and security of the e-Passport. In Part IV, I cover the RFID chip, the logical data system, and the digital security features. More technical read-outs. No wamp-rats.
The International Standards Organization has specification 14443 for contact-less chip design for identification. The detailed technical specs of this design are available on their site for a fee, if anyone is interested. ICAO took this specification and narrowed it down to make the passport specifications universally applicable across all the member nations.
It is a radio-frequency ID chip, that’s the contact-less part. Mandatory minimum data size is 32k, although 64k is recommended, and some countries are implementing even larger storage capacities for their own purposes.
ICAO has specified the LDS, or Logical Data System so that all countries will implement data on the chip the same way. The LDS consists of 16 data groups. And here they are:
In addition, there are six Secure Object Data fields that are stored in the protected memory of the chip. This is where the hash values and private keys for the encryption are stored.
So as you can see, there’s quite a bit of potential in these chips. Lots of room for governments to add what they want, and many of them are taking advantage of it. Germany is using the fingerprint field and the optional fields to tie their e-Passport to their National ID. Other governments will use them to tie into social service accounts and records. We can probably expect that someone will tie it into medical records.
But how is this chip authenticated and secured? So glad you asked.
The data on a passport includes a hash value of the data in the MRZ (Machine Readable Zone). What is a hash value? Pretty simple concept. A hash takes a string of characters and performs a calculation on them to get the hash value. For example, if we say each letter of the alphabet’s numeric value is its position, A = 1, B = 2, C = 3, and we have a hash formula of +4, then the hash value of “ABD” = 568, because A (1) + 4 = 5, and B (2) + 4 = 6. Usually hash formulas are far more complicated than that, but that’s the idea.
So the passport contains the data, plus the hash value of the data. If you want to verify that the data hasn’t been changed, you take the data, perform the hash calculation on it, and check and see if it is the same as the hash value stored on the passport. So in our example, if the hash value presented is 568, but the data on the passport is ABC, when we apply +4 to ABC we get 567 as a result, which is different than 568, and we know the data has been changed. Of course, the key to this, is keeping the hash formula a secret. If the formula gets out, a counterfeiter could alter the data, apply the formula, and then alter the hash value to match the forged data.
So the next step is to secure the hash value. This is done by encrypting the hash value with a 2048 bit encryption scheme. If you’re familiar with PGP, this stuff is the same. The hash is encrypted with a 2048 bit private key, which can only be unlocked using the appropriate public key. So when a government issues a passport, it calculates the hash value, and then encrypts it with its ultra-secure private key. That private key is recorded in the inaccessible-to-all-but-itself private memory of the chip (any hackers feel their spidey-sense tingling?).
When a reader wants to validate a passport, it looks at the data on the passport and applies the hash calculation. Then it takes the country’s public key and uses it to try and open the encrypted hash value stored in the passport. The chip matches the public key presented by the reader to the private key stored in secured memory and if they match, decrypts the hash value. The reader then compares the two hash values to see if they match.
So who secures the public keys? I am utterly ecstatic that you asked.
The public keys are shared among the issuing countries and to ICAO in what is called the Public Key Directory (PKD). This is a wide open directory of keys and anyone can download all the keys. Anyone. You, me, Joe Blow. This is because the keys are used to authenticate the data on the passport, not provide privacy protection.
Did you get that?
The idea is that anyone who needs to validate your passport can download these keys and use them to check that the passport was authentically issued and that the visible and machine readable data matches the data stored on the chip.
What’s to keep someone from using the public keys to reverse engineer the private keys and make their stolen passports authenticate? Fantastic question. My giblets quiver with joy. The ICAO PKD also keeps the Country Certificate Authority, which validates that the public keys are still valid. The recommendation is that each key be used for 90 days or a couple hundred thousand passports. When using a public key to decrypt a passport, the software should validate the key is still usable with ICAO. If the key is compromised, the validation fails and the software notifies the operator that the passport may be compromised as well. Yes, this means that if someone hacks a public key, several hundred thousand people will get pulled aside when they try to use their passports for extra special questioning.
So who secures the Country Certificates? Lots of men with lots of guns, knives, and sharp, pointy sticks. You knew it would come to that. It always does.
So what about privacy, now that I’ve brought it up?
Privacy was one of the biggest complaints about RFID enabled passports brought to bear by critics. And while the solution is not perfect, it does appear to satisfy at least some of the complaints.
ICAO recommends (recommends, not mandates), that e-Passports be designed with Basic Access Control (BAC) in mind. Basic Access Control is designed to prevent skimming of the passport. Skimming is what they call it when someone with a chip reader in their pocket waves it over you hoping to trigger the RFID chip and capture its data surreptitiously. BAC consists of two protections. One is that the front and back cover of the passport be lined with aluminum to shield the chip; an honest-to-goodness, official, tinfoil hat. This means that the book must be opened in order to transmit energy to the chip. The other part is the implementation of a read key consisting of the MRZ. The idea is that not only does the book have to be opened, but the Machine Readable Zone must be scanned and transmitted to the chip accurately before the chip will respond to requests. So even if your passport is open in your pocket, a skimmer wouldn’t be able to send the right sequence of characters to open the chip except if they were able to accurately predict the data in your passport right down to the check digits in the MRZ. Most countries are including BAC in their passport design. Some are not.
The other threat to privacy that ICAO acknowledges is the threat of eavesdropping, this being where, while a legitimate authority (boy do I hate that phrase) is reading your passport’s chip, someone with a hidden reader nearby is also receiving the transmission. Unfortunately, the recommendation to protect against this threat is a little weaker and consists of, “Make sure you buy passport readers that are shielded from eavesdropping”, thus putting you and me at the mercy of government competence and forethought. You can sense my confidence all the way over there, can’t you.
Unfortunately, ICAO, being a governmental agency, seems to have a rather convenient blind spot regarding privacy. Yes, they’ve selected standards and recommended guidelines that help protect my passport data from you, and you from me, but nothing, absolutely nothing, addresses the fact that a few million government agents at entry-level grunt-work border and security jobs will have access to our data through one of the most potentially abusive data networks in the world. They simply assume that each and every one of us can trust each and every one of them with our absolute holistic transnational identities. And considering the security levels in place, how hard to you think it will be prove “them” wrong if someone on the inside abuses the system?
Yeah, that’s my thought too.