[Dave Birch] One of the most visible digital identity documents, the passport, has been much in the news recently.  Unfortunately, most of the coverage has been about the limitations of Basic Access Control (BAC).  Not that electronic passport control is operational yet because of the problems getting readers installed and configured, which in turn means getting the public key directory working.  This directory is being set up by Netrust, a Singaporean company that last year was selected by ICAO.  Germany, citing security worries, says it is not taking part in the directory, even though the USA and UK are (currently).  Readers won't have the German keys in them (unless they get them directly from the Germans), so they won't be able to validate the digital signatures on German e-passports.  As we've discussed before here, there some genuine problems here that need to be fixed for the e-passport to be effective.

Technorati Tags: identity, passport, security

Mind you, I'm sure that's the least of e-passport worries, especially with the rash of newspaper stories about passports being "cloned" in transit.  They're not actually being cloned, of course.  But the idea is this: you can brute force the key to read the data in the chip (but not the secret key in the chip, which is why you can't clone) and therefore obtain the data that is printed inside the passport without having to open the envelope.  Identity thieves use a device to copy the new e-chip while the permit is on its way to its owner, without having to open the envelope.  To do this, they have to brute force the BAC key (because normally you have to read the printed data inside the passport in order to obtain the read key).  Unfortunately, it's easier to brute force than you might think, because you can deduce some of the data in the passport (eg, the validity, because it's ten years from the issue date).  Thus, in about four hours, it is claimed that you can read the chip contents without opening the envelope.

What all of this means is that to get better security, the "system" needs to move to Extended Access Control (EAC) so you can't get access to passport data that isn't on the passport: in particular, the "secondary bioemtrics" (ie, fingerprints).  That's that sorted then.  Remember that to implement EAC the passport readers (at the border control post in, say, Bostwana) would have to be issued with key pairs and certificates to prove to the passport that they are authorised.  If I remember correctly, the certificates will have short life -- say a month -- to reduce exposure should the readers be stolen.  That means, in turns, that gazillions of new key pairs will need to be generated all the time and gazillions of certificates will need to be distributed.  When the reader interrogates a passport, it must provide its public key inside a valid certificate, otherwise passport cannot be sure it is a proper reader.  This, in turn, means constantly sending out masses of data to passport readers.  This is a significant technical problem, so you can expect to read "e-passport cracked/cloned/useless" for some time to come.

My opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public.
[posted with ecto]