[17033] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: No Encryption for E-Passports

daemon@ATHENA.MIT.EDU (Thierry Moreau)
Mon Mar 7 13:34:45 2005

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 07 Mar 2005 12:59:17 -0500
From: Thierry Moreau <thierry.moreau@connotech.com>
To: "R.A. Hettinga" <rah@shipwright.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <p06110408be4381e900bb@[68.167.57.91]>

See the following comments submitted to the Department of State

 

- Thierry Moreau

CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada   H2M 2A1

Tel.: (514)385-5691
Fax:  (514)385-5900

web site: http://www.connotech.com
e-mail: thierry.moreau@connotech.com

=======================================================
                       Comments on the
   Department of State Public Notice 4993 (RIN 1400 AB93)
                            about
                     Electronic Passport
                              
                        March 7, 2005
                              
                              
                              
                      by Thierry Moreau
                              
                              
               CONNOTECH Experts-conseil inc.
                  9130 Place de Montgolfier
                Montr‚al, Qc, Canada H2M 2A1
                              
                    Tel.: +1-514-385-5691
                    Fax: +1-514-385-5900
                              
                 E-mail: info@connotech.com
             Internet: http://www.connotech.com



Introduction

     We appreciate the opportunity to submit comments on the
electronic passport (e-passport) global project and proposed
regulation changes ([1]). Some of these comments have a
broader scope than the regulation change (this seems to be
invited by the Department of State by the public notice
discussion of e-passport encryption debate, i.e. [1] page
8306, center column, 2nd to 4th paragraphs). Our comments are
centered on the information security aspects of the e-
passport global project, notably the ICAO Public Key
Infrastructure (PKI) framework, i.e. [2].

     The uniqueness of security requirements for the global
interoperability of e-passports has been recognized early in
the ICAO development process that brought the document [2] to
its current version. As a result, most of the traditional PKI
concepts has been omitted or simplified. We believe there are
merits in the scheme found in the document [2] for the e-
passport security, including the selection of un-encrypted e-
passport electronic chip data. The driving design criteria
has been operational hindsight rather than conservatism. We
are concerned that this hindsight is not always reflected in
the [1] public notice.

     Our comments below are itemized, and they do not have
equal importance, significance, or relevance to the specific
regulatory change.

Unencrypted e-passports is a valid direction

     We generally concur with the ICAO selection of
unencrypted e-passports. Encryption would mean a global key
management scheme to determine the circumstances in which an
e-passport would be unlocked by a reader. Such a key
management scheme would imply granting reading rights to some
organizations and denying such rights to others. Those
opposing the unencrypted e-passports would certainly be even
more suspicious of any workable key management scheme for
encrypted e-passports. We have yet to see any suggestion as a
key management scheme that might appear acceptable to a
security expert who claimed that unencrypted e-passport are
putting US citizens at risk. This explanation seems reflected
in the Department of State statement that "in order to be
globally interoperable, encryption would require a higher
level of technology and more complicated technical
coordination with other nations." ([1] page 8306, center
column, 2nd paragraph) although we would have liked the
Department of State to speak for itself (e.g. "Such technical
coordination includes notably the cryptographic key
management for electronic chip decryption keys.").

Doubtful representation of e-passport technology,
reader requirements and skimming threat

     According to the document [2], "Everyone who has the
appropriate equipment is able to read the chip contents of
the MRTD, but only the parties that are provided with the
appropriate public key certificates and certificate
revocation lists will be able to verify the authenticity and
integrity of the chip contents." (Document section 2.4.4) So
we find misleading the [1] public notice that eavesdropping
requires a reader "furnished with the proper public key" ([1]
page 8306, center column, 4th paragraph). In fact, reading of
electronic chips by international transportation operators
(e.g. airlines) is encouraged by the ICAO.

     The e-passport proponents should not minimize the
significance of unauthorized e-passport reading threats.
Anti-skimming features are important to US travelers wishing
to protect their anonymity and privacy. The Department of
State should provide reliable information about their
effectiveness and their prudent use, since the momentary
disabling of anti-skimming mechanisms (e.g. the removal of a
metallic shield surrounding the electronic chip antenna)
materializes the e-passport bearer authorization to read the
e-passport.

Doubtful representation of e-passport technology,
global skimming countermeasures

     We are puzzled by the Department of State statement that
it will "will work vigorously with other governments to
encourage them to eliminate the threat of eavesdropping by
requiring all chip readers to be electronically shielded to
prevent signals from being transmitted beyond the reader."
([1] page 8306, center column, 4th paragraph) The definition
of "signal" and "electronically shielded" should be more
precise. If this means that no signal whatsoever (except the
displayed data, as the context implies) will be emitted by
the reader, then
 a)  the e-passport reader equipment will not provide
     traveler identification data to other system components,
     e.g. an airline passenger list system, and
 b)  every readers at ports of entry will need to receive the
     complete list of invalidated passports.
The item a) above defeats the purpose of biometric
identification information (i.e. matching the traveler
digital facial image with a database of unwanted individuals
on a port of entry). This is certainly not the intent, and
will hardly be agreed by other governments.

     Due to  the well-known eavesdropping vulnerabilities of
computer networks, signals from an e-passport reader, e.g.
data transmission to government or airline computer systems,
should be encrypted to prevent disclosure of traveler
information to unauthorized parties. Paradoxically, the
computer network encryption technology is subject to export
control restrictions advocated by the US government as a
participant in the Wassenaar agreement. The Department of
State should disclose a clear position on the privacy
protection mechanisms that it finds suitable to e-passport
reader data transmission.

A missing provision in the proposed regulation

     The document [2] explains a potential source of
electronic chip failure for which the FR public notice is
silent. Specifically, we are referring to the compromise of a
document signer private key (the same applies to the
compromise of a country signing CA private key).

     As a consequence of a document signer key compromise, a
large group of e-passports would suddenly have "otherwise
nonfunctioning electronic chip" (proposed 22 CFR Part 51, 
51.6). This would be a difficult operational situation,
especially if any noticeable number of counterfeit e-
passports are created by illicit use of the document signer
private key. The document [2] this situation does not
invalidate e-passports: "In the event that the data from the
chip cannot be used, for instance as a result of a [reported
document signer private key compromise] or [...], it does not
necessarily invalidate the MRTD. In that case a receiving
State MAY rely on other document security features for
validation purposes."

     For this security breach to be prevented, an appropriate
combination of technological means and internal controls
needs to be deployed in national e-passport issuance systems
and processes. European quality standard documents ([3], [4])
exist for the required secure systems (there seems to be no
US equivalent of these standard documents).

     However small the perceived likelihood of such a
security breach, the consequence of its occurrence should be
addressed by an elaborate national regulatory system like the
US one. If properly addressed by the regulation, the
operational costs and burden of preventing such security
breach are deemed to be easier to secure in the government
budget, and the recovery processes are deemed to be better
planned. In practice, this might be a no cost replacement of
e-passports since the good faith document bearer are in no
way involved in the security incident.

Conclusion

     We attempted to promote a better understanding of the
information security technology behind the global e-passport
deployment initiative. Unless someone is against travel
document automation as a whole, the ICAO security scheme
should be acceptable.

     Our main concern lies with the security of a globally
deployed e-passport infrastructure, of which the computer
network security is an integral part. The level of security
deserved is analogous to a retail on-line payment network,
except that the threat model is physical security of
travelers safeguarded by privacy and anonymity protection.
Also, data encryption is needed where transaction
authentication is needed for a retail payment network.

     The public confidence in the e-passport technology rests
with a global compliance to adequate security standards. In
economic terms, this is a situation where the IT security
benefits accrue to a large participant community, while the
costs incurred by individual participants are remotely
connected to the benefits. In such cases, an overseeing
compliance enforcement authority seems appropriate (e.g. the
rules applicable to financial institutions participating in
an electronic payment scheme). Perhaps an international
security certification program would be needed with a
(legally protected) visual mark indicating a compliant e-
passport reader, data networks and computer applications. The
Department of State should not claim that it can force every
e-passport readers to comply with the required level of
privacy protection.

References

[1]  US Department of State, Electronic Passport, Federal
     Register, Vol. 70, No. 33, February 18, 2005, pp
     8305-8309 (Public Notice 4993, RIN 1400 AB93)

[2]  International Civil Aviation Organization, Tom A.F.
     Kinneging for ICAO-NTWG, PKI Task Force, PKI for Machine
     Readable Travel Documents offering ICC Read-Only Access,
     Version - 1.1, October 1, 2004

[3]  European Committee for Standardization (CEN),
     Cryptographic module for CSP signing operations with
     backup - Protection profile - CMCSOB PP, CWA
     14167-2:2004, May 2004

[4]  European Committee for Standardization (CEN),
     Cryptographic module for CSP signing operations -
     Protection profile - CMCSO PP, CWA 14167-4:2004, May
     2004




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post