ePassport debacle: RFID chip security easily cracked

The new 'biometric' ePassport can be cloned and manipulated in minutes despite the Governments assurances to the contrary, according to a report in The Times. The clones accepted as genuine by the computer software recommended for use at international airports.

In addition to the existing passport photograph and hardcopy documentary identification, the new ePassports have a radio frequency identification (RFID) transceiver and memory chip bonded into their cover. This allows encrypted data stored on the passport to be read by a passport scanner. The combination of new features of the ePassport with the strong encryption of machine readable data is supposed to make it virtually impossible for forgers to create fake new passports or to doctor existing passports.

The ePassports are also referred to as 'biometric' because the International Civil Aviation Organisation (ICAO) which sets international standards for airport security, chose digitised measurements of physical features as the means of establishing an individuals identity. Facial recognition was chosen as the primary biometric, with iris and fingerprint recognition as a non compulsory backup. Digital copies of these metrics are stored on each passport and can in theory be compared, either with stored files associated with the legal passport holder, or with data captured directly from the person in possession of the passport. For comparison with the digital copy, each passport includes a biodata page that shows a hardcopy duplicate of the stored data. In theory the encryption used for the passport chip makes it impossible to simply replace the stored metrics with those for another person. The data is locked using Public Key Infrastructure (PKI). This method of encryption uses two keys, one public and one private, generated by the same algorithm. To decrypt the information on ePassport the public key, stored in the passport reader, must correctly combine with the private key, stored on the passport, to decrypt the biometric data.

In practice, as the Times reports, out of the 45 countries now issuing ePassports only 10 of them have signed up to the Public Key Directory (PKD) system, and only five are using it. In the UK the system will not be in use until 2009. One flaw of the system is that it is not fully effective until all countries issuing ePassports have joined PKD. Without keys and readers in place the electronic features of the passports cannot be used.

The Government claims that British ePassports cannot be mutated successfully because the encryption blocks access to the data so it cannot be modified. Therefore any clone would only hold an exact copy of the original data. The use of digital certification would in any case show if the data were changed and finally the stored data is an exact copy of the data printed on page 31 of the passport and any differences between this and the digital version would be noticed by officials.

Jeroen van Beek, a security researcher at the University of Amsterdam was asked by the Times to conduct some tests on ePassports to see how easily they could be subverted. As the Times report says, building on research from the UK, Germany and New Zealand, Mr van Beek has developed a method of reading, cloning and altering microchips so that they are accepted as genuine by Golden Reader, the standard software used by the International Civil Aviation Organisation to test ePassports. It is also the software recommended for use at airports for reading ePassports.

Using his own software, some publicly available RFID chip programming software, a £40 card reader and two £10 RFID chips, Mr van Beek took less than an hour to clone and manipulate two passport chips to a level at which they were ready to be planted inside fake or stolen paper passports.

While the tests commissioned by the Times do apparently show that the electronic portions of the ePassport are far less secure than the Government has claimed, it is still true that the combination of features in the new ePassport does make it considerably harder to fake than the traditional passport. All the skills of the ink and paper forger would be needed, in addition to electronic cryptography skills, in order to fake an ePassport. Certainly using one of the 3,000 blank passports stolen in July would make this task easier and since the PKD and card reader system is not yet in place, the Governments claim that the advanced electronic encryption used on these ePassports renders the blanks useless, would not seem to hold water.

(Terry Relph-Knight)

See also: