Prague08

ePassports EAC Conformity & Interoperability Tests
Prague, September 7th - 12th 2008

When an e-Passport Talks While It Should Not

Recently, the electronic passports have been successfully deployed in many countries around the world. Besides classical “paper” properties, these travel documents are equipped with an electronic chip employing wireless communication interface, so-called RFID chip (Radio Frequency IDentification). In addition to the electronic copy of the data printed in the passport (name of the holder, birth date, photo, etc.), the chip may contain e.g. biometric measures of the holder and may employ sophisticated cryptographic techniques providing enhanced security compared to the classical passports. For instance, it should be much harder to copy an electronic passport compared the classical one.

The wireless communication interface allows the e-passport to be immune to outside factors such as humidity, dust, worn out contacts, etc. However, it turns out new attacks emerge exploiting the wireless nature of the communication. A classical one is the relay attack that allows—if not properly mitigated—the attacker to impersonate the victim without the victim’s or the frontier officer’s knowledge. We analyze a particular implementation of a real e-passport that (rather than protecting against) encourages this attack.

As an RFID chip has no conductive power contacts that would supply it with the energy, other means from the world of physics have to be borrowed. The power and the communication channels employ the near magnetic field around the reader. For instance, when the chip needs to send information to the reader, it alters this surrounding field which is detected by the reader. Of course, if this modification is not properly filtered, unwanted information about the behavior of the chip may propagate in the surrounding electromagnetic field, as well. This phenomenon is what cryptologists call a side channel.

We demonstrate measurements of the varying electromagnetic field close to an e-passport during the computation of a cryptographic operation used for so-called active authentication. There is strong evidence this operation is in fact propagated in the electromagnetic field. However, we lack a proof that such a signal is useful for cryptanalytic attack on the e-passport, yet. To confirm that the information is useful for an attack, we need to make some assumptions on its content and try to investigate how far it can be employed for a cryptanalysis at first. We did so and we were able to come up with a new kind of side channel attack on the RSA signature scheme used in the e-passport. It is a known plaintext attack which is the main difference from the existing chosen plaintext attacks. By our attack and using simulated e-passport signal content, we were able to obtain the whole 1024 bit RSA key using 150 measurements suitably selected from the total of 7000 measurements. Once the appropriate signal content was available, the key was reconstructed in 45 minutes on a standard PC.

What remains now is to perform extensive measurements of several e-passports implementing the particular signature scheme and to test whether our method will successfully discover the key from the real e-passport signal or not. This of course is a lot work to be done and it will require close cooperation with well skilled experts from a different area then cryptology (mainly the electronic engineering). We hope, however, that our cryptanalytic method itself together with its potential impacts is interesting enough to be well known in the e-passport related community. We also hope that our results will encourage other teams to cooperate on the physical measurements needed. Ultimately, it would mean that an e-passport observed could be duplicated by an attacker regardless the active authentication is used or not.