Another Setback for Biometric Passports 70
trydk writes "The Register has an article on the lack of security in biometric passports. This time, according to Dutch TV program Nieuwslicht (Newslight), the Dutch biometric passports have been cracked, potentially revealing all biometric information stored in them." From the article: "[...] an attack can be executed from around 10 meters and the security broken, revealing date of birth, facial image and fingerprint, in around two hours. Riscure notes that that the speed of the crack is aided by the Dutch passport numbering scheme being sequential."
Precision & Recall (Score:5, Insightful)
Before I ever buy into a biometric security device, I want to be able to sit down with the numbers and see what happens to the F-measure when I slide beta between zero and one.
Their sites should have a slider that goes between zero and one with the resulting number. That way, I would know how many times out of a hundred my guards are going to let Bin Laden Jr. through my security check points. But I also want to know how many times my guards are going to throw Grandma-down-the-street against the hood of a car and arrest her for being a dead hijacker from an infamous attack. Implementers of biometric security just don't seem to grasp the concept that a false positive can be a problem just like a true negative. Every white paper I've read on this issue makes certain that they include these figures at the end of their paper.
Because if you hit the production line, these numbers are all that matter to your consumer.
Re:Precision & Recall (Score:2, Insightful)
Because it's not their problem...
Re: Precision & Recall (Score:5, Funny)
What page of the Kama Sutra are you referring to? I can't find any of that stuff in the index.
Re:Precision & Recall (Score:1, Informative)
Iris scanning is slightly better than two fingerprints.
Facial scanning claims range from 90% to 99% accuracy. In the 80% range is more likely from what I've seen, but hard data isn't available. With fingerprints and iris scans, a failure is much more likely to be a false negative than a false positive, while facial scanning results in both types of fail
Re:Precision & Recall (Score:4, Informative)
False positive are supposed to happen much more often, because many more regular people are checked than really dangerous people. Lets calculate some wild guesses: If the identification is 99.99% correct, and you are checking 1 mio people, of which 10 people are really dangerous, you get 100 false positives and about all dangerous ones (the risk to let one of them slip is only at 1:1000). That means only every tenth person you are slamming on the hood of the police car is really a terrorist.
So biometric identification doesn't really need to be that good to perfectly identify one. It should be perfectionated the other way: To really dismiss the data of a not searched person.
Back to the example numbers: If the system was able to identify a person 99% for sure, but would be also able to not misidentify a person to 99.9999% (for a tradeoff we basically allow for only a 1:100 chance to identify a person, but make sure that it doesn't falsely identify one by 1:1mio), we would only have 1 person falsely slammed on the car hood, but still were 10:1 sure to not let a suspected terrorist slip.
Re:Precision & Recall (Score:1)
If the test is only wrong
Re:Precision & Recall (Score:1)
Who cares about accuracy? Disney uses fingerprint based identification for their weekend-hopper passes (and maybe others, but it's been a while) so you can come and go as you please.
Well, I was at SANS Orlando, and one of my classmates gave me his hopper, because he was leaving early.
He was military. Fortunatly, i had my summertime buzz-cut inst
Well... (Score:2)
Seems from your story that the biometrics did their portion of securing the ride, but since you weren't after industry secrets or trying to access an airplane, no one gave two good fucks about you getting ahead of a family of four.
Re:Precision & Recall (Score:4, Insightful)
Statistics mean nothing when they happen to YOU.
Actually, some of the hijackers are alive. (Score:1)
(How long will people continue to believe the official version of events?)
(Also: Where are the pentagon plane parts, the two 5-ton titaniam jet engines which cannot vaporize in a fire because burning jet fuel is what they are designed to do? Where'd they go? Why are there no pictures? Why did the FBI only release five frames of video, none of which show what actually hit? Why are no photographs available despite the press being on site? Why
I'm shocked, shocked - (Score:5, Interesting)
Haven't these people been watching the travails of the DRM industry? What kind of ignorance (or arrogance) leads someone to think they can build a portable data repository that won't get cracked?
Re:I'm shocked, shocked - (Score:2)
Haven't these people been watching the travails of the DRM industry? What kind of ignorance (or arrogance) leads someone to think they can build a portable data repository that won't get cracked?
In this case, they're right. The problem isn't the security of the repository, the problem is that they picked a horribly weak key.
The underlying technology, 3DES authentication to a smart card chip, is extremely well-proven. It's not arrogance to assume that something that has been solid for a long time will
It will never be safe. (Score:4, Insightful)
Eventually, folks will realize, that no matter how hard you try, you will never be completely safe: even if you become a shut-in. We just have to accept that life is terminal and it has inherit risks. Without those risks, life would be waaayy to fucking boring - for me anyway!
Re:It will never be safe. (Score:2)
Why they don't include a layer of this stuff in the cover of the passport is beyond me.
Re:It will never be safe. (Score:2)
What you want is a CONDUCTIVE bag, not just anti-static. They're the ones that typically have a grid of black lines, rather than the grey semi-transparent bags.
Re:It will never be safe. (Score:2)
Those grey bags *are* conductive. They're what you use to put a toll booth transponder in if you don't want the booth to read it, for example, and they work very well for that. Those things are much higher powered than passport RFIDs.
Re:It will never be safe. (Score:2)
However, the typical anti-static bag is only conducative to something like 10 megaohms per cm. Your SKIN is more conductive than that. Perfectly adequate for dissipating static charge, though.
To me, "conductive" means mere OHMS per cm.
Er.... (Score:4, Insightful)
The point is not that people who crack it can make fake cards (which they *can*, but anyways...), it is that people can read the info off my "secure" biometric ID card from a relativly long distance and use it to steal my identity, for any reason whatsoever.
I mean, 10m? Some guy could set up a listening post outside my office and read it all through the wall at 10m. The capacity for identity theft is very alarming.
Re:Er.... (Score:1)
The impression that I go
Re:It will never be safe. (Score:2, Insightful)
Yes, we take risks, but we have to decide where to draw the line between mitigating them and inconveniencing ourselves. I don't believe it's an issue of whether to draw that line but actually where to draw it.
Re:It will never be safe. (Score:2, Insightful)
The thing is that we're, as a society, so concerned with risks that are quite rare and completely oblivious to risks that are not so rare - heart disease, lung disease, etc.... The odds are we'll die or, worse from my perspective, become disabled from one of those diseases; which can be mitigated wit
Re:It will never be safe. (Score:1)
Let people suffer the consequences of thier actions, instead of trying to protect them. I'd think people would smarten up pretty quick if we took that route.
Re:It will never be safe. (Score:1)
Our security may not be 100 percent effective, but at least its almost impossible to get a bomb on a plane now. Can you imagine the consequences if someone did that 3 or 4 times? Air travel would grind to a halt, economies would crash, and our whole way of life would change.
I agree that we as a society go overboard in many areas (warning labels because my coffee is hot? Well, DUH, that's why I ordered it!), b
Re:It will never be safe. (Score:5, Informative)
These things will NEVER be completely secure. Someone will always figure a way to hack them.
That depends on what you mean by "completely secure". In this case, the security design is basically very good, but contains a rather obvious flaw. Fix that flaw (and there are a number of fixes) and the result will be "completely secure", against certain forms of attack, anyway.
The data on the chip is protected by a 3DES key. If you don't know that key, you cannot authenticate to the chip, and the chip will therefore refuse to talk to you. If you do know the key, then you're in. So, someone hit on the simple (and clever) idea of printing the key on the inside of the passport (since all of the data on the chip is also available in printed form on the inside of the passport anyway).
The problem is that they decided that rather than printing a new, random, 112-bit key, they'd just use some data that already existed in the passport, the MRZ. This value consists of your passport number, birthdate and expiration date. That's actually not a whole lot of entropy, especially since passport numbers are pretty predictable, and ages and passport expiration years are pretty easy to guess. The result: the MRZ can be brute-forced, the key guessed and the passport data retrieved.
There are a bunch of obvious solutions:
It's popular on slashdot to say "nothing is ever completely secure", and while that statement is literally true, in fact many things can be and are sufficiently secure within the defined operational parameters.
Re:It will never be safe. (Score:2, Insightful)
I propose a 2D datagram that uses 256 values of greyshades that stores biometric information such as the distance between your eyes, the shape of your head, etc.
I endeavor to make this datagram human readable.
I shall call it.. the photograph.
Re:It will never be safe. (Score:2)
I propose a 2D datagram that uses 256 values of greyshades that stores biometric information such as the distance between your eyes, the shape of your head, etc. I endeavor to make this datagram human readable. I shall call it.. the photograph.
:-)
The problem with photographs is that they're too easy to modify or replace. Modern passports (and other IDs) use all sorts of fancy tricks to make it hard to replace the photo, but someone with a few million dollars worth of high-end security printing techn
Re:It will never be safe. (Score:2)
It can't take that much longer to put the edge of the passport against the stop, and press the button, now, can it?
Besides, if it requires contact, it should be fairly obvious if someone is trying to steal your data...
Re:It will never be safe. (Score:3, Informative)
It can't take that much longer to put the edge of the passport against the stop, and press the button, now, can it?
Actually, it can. For two reasons which both basically boil down to a desire to be able to use cheap, off-the-shelf components.
First, positioning the contact plate correctly every time requires that the chip be placed in a fairly rigid medium. Common passports are too soft and when their edges fray or whatever the contact alignment will be off. I suppose this could be addressed either b
Re:It will never be safe. (Score:2)
I guess then, that the only problem (or at least, a large one) is in using an easy-to-guess encryption key.
Perhaps a barcode (about 112 bits?) that does not have anything else to do with the passport (other than being printed in it) as the encryption key? The passport will need to be in "about the right place" rather than exactly, and the machine can grab the barcode, and decrypt the signal still in about 2-3 seconds (I'm guessing, based on
Re:It will never be safe. (Score:2)
It only needs to be sufficiently difficult to get the information.
Exactly. If the security is good enough that the attacker is more likely to crack you over the head and steal your passport than to mount an electronic attack, then it's done its job. Even with the somewhat-guessable key, it's really not too bad.
The need to guess 112 bits worth of encryption key, or actually read the key - much more time (or much more obvious).
And it doesn't really need to be 112 bits, either. In my experience, you
Re:It will never be safe. (Score:1)
Wait a minute. Couldn't you use some form of visible watermarking on the photograph so a machine can tell if it was printed correctly? Say, how about something like this;
Develop a 'loose' checksum in that it can compensate for the natural variances you're going to get with colour optical scanners, or whatnot. Encode this checksum in a barcode, and include the appropriate cryptography in it. The computer can scan the picture and the barcode and compare them.Re:It will never be safe. (Score:2)
Wait a minute. Couldn't you use some form of visible watermarking on the photograph so a machine can tell if it was printed correctly?
Perhaps. The digital signature watermark would have to carry quite a bit of data, though -- on the order of 2KB, at a minimum. You could put that in a 2D barcode, but only barely.
That approach would also lose the flexibility of read/write data, and the ability to store other sorts of identification information if/when that becomes desirable.
I'd be a bit worried about
Re:It will never be safe. (Score:2)
Wait a sec...if you have to swipe a barcode or whatnot to decrypt, then why are they using rfid in the first place? You can put a lot of info in those fancy new 2-d barcodes....
No, you can't. You can put a few hundred bytes, maybe a couple of KB if you make it big. These chips store 60+KB. The standard "test" profile for the ICAO specification contains about 30KB of data.
I have a solution... (Score:2)
I have a solution... why don't we not try to track every human being on the planet. There's no possibility of the info being leaked
So now what will they propose us? to get chipped? (Score:3, Funny)
Since biometric passports failed, are they gonna request us to get chipped? after all, it is for our own good.
Re:So now what will they propose us? to get chippe (Score:2, Interesting)
but on the plus side depending on where they put the chips the tinfoil hats might work.
Re:So now what will they propose us? to get chippe (Score:2)
Re:So now what will they propose us? to get chippe (Score:2)
Re:So now what will they propose us? to get chippe (Score:2)
Maybe the chip could be stored in a crystal that glows with a different colour depending on your age. And when you reach 30 it could blink. Hey, mine's blinking now. Wait...who are you? Stop, don't shoot! It's a mistake! Really, I'm only 29!
Re:So now what will they propose us? to get chippe (Score:2)
What makes you think they're going to request it? :-/
Nothing to do with biometrics (Score:3, Informative)
FYI: *ALL* passports are biometric, unless yours for some reason doesn't have a photograph and a description.
Re:Nothing to do with biometrics (Score:2)
Re:Nothing to do with biometrics (Score:1)
Because of stupid designers (Score:4, Interesting)
In order to be able to read the card, the reader needs to know some information in the "Machine readable zone", the two lines of letters/numbers and signs below the first page of the passport
Because there is quite a bit of entropy in the information in the machine readable zone, it could be made reasonably secure -- but the disigners decided _only_ to use the holder's birthdate, passport expiry date and passport number. As the holder's birthdate can be guessed to some degree (to about 1000 days), and the passport number and expiry date are linked (I presume), that leaves rather few possibilities to be tested.
Stupid designers. They should have added a few (say 20) free chars in the Machine readable zone, to ensure guessing becomes impossible
(posting anonymously as I don't want my empolyer to become angry)
10 meters in 2 hours (Score:4, Interesting)
But is it that someone would have to be within 10 feet of you for 2 hours to break it, or is it 10 feet to get the data and 2 hours at any distance to break it at leisure?
In either case, you might want to shield your passport at the movie theater.
Re:10 meters in 2 hours (Score:2)
10 meters is about 33 feet, not 10 feet.
Even if it does take 2 hours within that range (vs scan now and crack later), somebody set up in, say, a hotel room could read data from adjacent rooms on either side, above and below.
Depending on how easy it is to get the equipment through airport security, one could set up in various waiting areas and scan away. (Depending on how discriminating the sensors are.)
Re:10 meters in 2 hours (Score:3, Funny)
I guess I'd better not get a job at NASA.
At least I got it right in the subject.
10 meters? 2 hours? (Score:3, Informative)
According to one of the followup articles [riscure.com], The attacker must first be within 10 meters of the passport while it is in active use. This means standing fairly close to the customs counter. The attacker intercepts the communications, then can take that information offline and brute force the key. YMMV on the distance estimate since it is
Re:10 meters in 2 hours (Score:1)
My card reeks data (Score:5, Insightful)
Everything gets cracked. In this day and age even "security" is "security through obscurity". RFID is a fantastic technology but it shouldn't be a transmission vector for information of value. That's like visiting a bank in China and yelling your PIN in German, hoping nobody will understand. RFID should only be used for asset tracking, broadcasting otherwise useless data like serial numbers.
Why do we need RFID for passports anyway? Is it so hard to swipe a card? I wager it's just to give citizens the illusion of privacy while they are scanned from afar. I hope the decision to incorporate RFID - for passports, clothing, or anything people carry - will be debated profusely by governments before being adopted. I think many countries' constitutions are in conflict with technologies of such invasive potential.
Re:My card reeks data (Score:1)
Because it's shiny. Shiny new technology. Why wouldn't you want to have the most technologically advanced passport possible? Don't you know that all thoroughly modern, untested tech is inherently more attractive to tech obsessed governments than older, more reliable stuff.
Re:My card reeks data (Score:4, Interesting)
You probably hit the nail on the head there. Many (most?) people seem to have a gut reaction of saying "hey, up yours!" when somebody proposes something that would, in essence, lead to a "papers please!" scenario (real or perceived), but they're too naive and/or stupid to realise that it's not being *asked* for papers that's the problem, but the fact that you're being identified, probably against your will, and with drawbacks/sanctions/repercussions if you do not agree to it.
In other words, people are complaining about the symptoms rather than the underlying problem, and RFID arguably makes the symptoms go away; nobody will ask you for your papers after all, but that's not because they don't want to identify you - it's because it's not necessary to ask anymore. Rather, your data will just be read from afar, without you even being aware of it.
Those politicians pushing for these things are probably drooling over the possibilities. It's even trivially possible to automate the entire process; you could scan entire crowds without them ever noticing, you could track people and build movement databases, and do just about everything that shouldn't be possible (or at least allowed) in a free society.
Considering that there is absolutely zero advantage in RFID passports for those who'll be required to carry them, it's hard for me to believe that these things are not the reason why there's a push for these.
Re:My card reeks data (Score:2)
Otherwise the biometrics and RFID scammers couldnt sell billions of dollars worth of useless equipment to governments who want to appear to be doing something.
It's simply a good way to separate the taxpayers from their money.
Re:My card reeks data (Score:1)
If government wants to read my passport details, they can ask first. If the UK government suggests RFID in passports, I'll be storing it in a foil lined passport holder. They can read it when I take it out.
Re:My card reeks data (Score:2)
http://www.rpi-polymath.com/ducttape/RFIDWallet.p
Fingerprint authentication is a bad idea (Score:2, Insightful)
Re:Fingerprint authentication is a bad idea (Score:5, Insightful)
Re:Fingerprint authentication is a bad idea (Score:1)
In fact, changing fingerprints, at least in a rudimentary way, is possible now, what with skin grafts and whatnot.
DNA as a key may present slightly more of a problem, without causing some major physiological changes
However, I do agree that biometrics presents something of a sticky wicket in that arena, s
Re:Fingerprint authentication is a bad idea (Score:2)
Re:Fingerprint authentication is a bad idea (Score:1)
I'd modify your assertion to say that a compromise of your raw biometric info is impossible to undo. I read an article recently in IEEE Spectrum about methods for hashing the stored information.
I don't have a citation handy, and I'm not even sure it's publicly available. As I recall, the particular method involved applying a programmable distortion to the image (e.g. fingerprint). Store the distorted pattern as the biometric, and then apply the same transform at the reader to check for a match.
Then, in th
Re:Fingerprint authentication is a bad idea (Score:4, Informative)
Essentially just take a photocopy of a fingerprint, make a mask for a printed circuit board from that, etch to give you a mould, and use gelatin or similar to make a cast. The advantage of gelatin over latex is that you can eat the evidence
The details can be found in this paper [cryptome.org].
They were getting aanywhere from 70% to 100% success rate on typical fingerprint scanners, depending on the scanner.
A google search for "fingerprint scanner mould gelatin" (no quotes) turns up a ton of other articles.
More info in English (Score:4, Informative)
https://events.ccc.de/congress/2005/wiki/RFID-Zap
When Blair goes... (Score:1)
Whether it's Labour or Conservatives who win the next election, these are going to get dropped. It's a really half-baked idea, and the evidence is mounting that they will be expensive, inaccurate and fail to deal with terrorism.
If Blair had any ability at getting things done, he would get it implemented and it would be his poll tax.
Re:When Blair goes... (Score:2)
It'll take more than just Blair (Score:2)
If only that were true. I suspect the National Identity Register will die a well-deserved death when Blair goes. However, the basic idea of biometric passports has been carefully woven into all sorts of international agreements. Now every government can just say "Well, you'll need biometrics or nowhere else will respect your passport" as a convenient excuse for not defending the ability of their citizens to move freely and legitimately across national borders without such measures.
If some combination of t
Only while being queried (Score:2)