Difference between revisions of "EPassport"
m |
|||
Line 1: | Line 1: | ||
⚫ | |||
− | ==RFID-enabled Passports== |
||
⚫ | |||
* [http://www.icao.int/mrtd/download/technical.cfm ICAO MRTD] |
* [http://www.icao.int/mrtd/download/technical.cfm ICAO MRTD] |
||
* [http://www.hasbrouck.org/documents/ICAO9303-pt1-vol1.pdf ICAO9303-pt1-vol1.pdf] |
* [http://www.hasbrouck.org/documents/ICAO9303-pt1-vol1.pdf ICAO9303-pt1-vol1.pdf] |
||
Line 12: | Line 11: | ||
* Others: |
* Others: |
||
** [http://www.bsi.bund.de/english/publications/techguidelines/tr03110/TR-03110_v200.pdf Advanced Security Mechanisms for Machine Readable Travel Documents] by BSI |
** [http://www.bsi.bund.de/english/publications/techguidelines/tr03110/TR-03110_v200.pdf Advanced Security Mechanisms for Machine Readable Travel Documents] by BSI |
||
− | + | ==Certificates== |
|
+ | ===Overview=== |
||
* CSCA certificate (Country Signing CA certificate) |
* CSCA certificate (Country Signing CA certificate) |
||
**is typically valid for their period of intended use + period of validity of the issued passports + 3 months (e.g. 5+10+0.25) and renewed after their period of intended use (e.g. 5 years). |
**is typically valid for their period of intended use + period of validity of the issued passports + 3 months (e.g. 5+10+0.25) and renewed after their period of intended use (e.g. 5 years). |
||
Line 54: | Line 54: | ||
done |
done |
||
</source> |
</source> |
||
− | + | ==Verifying a passport== |
|
− | + | ===Passive Authentication=== |
|
Example to verify a French passport: |
Example to verify a French passport: |
||
Line 115: | Line 115: | ||
Moreover to be perfect, we should also check CSCA and DS against CRLs supposedly available at ICAO PKD. |
Moreover to be perfect, we should also check CSCA and DS against CRLs supposedly available at ICAO PKD. |
||
− | + | ===Active Authentication=== |
|
from http://www.aph.gov.au/Senate/committee/legcon_ctte/estimates/add_0506/ag/qon_91att_2.pdf |
from http://www.aph.gov.au/Senate/committee/legcon_ctte/estimates/add_0506/ag/qon_91att_2.pdf |
||
<br>A4.2. Active Authentication Mechanism |
<br>A4.2. Active Authentication Mechanism |
||
Line 136: | Line 136: | ||
tail -c+4 EF_DG15.BIN |openssl rsa -pubin -inform der -text |
tail -c+4 EF_DG15.BIN |openssl rsa -pubin -inform der -text |
||
− | + | ==Security of the ePassport infrastructure== |
|
* [http://rowlandwatkins.com/past/2008/8/8/on_exploiting_epassport_vulnerabilities/ On Exploiting ePassport Vulnerabilities] (about PKI) |
* [http://rowlandwatkins.com/past/2008/8/8/on_exploiting_epassport_vulnerabilities/ On Exploiting ePassport Vulnerabilities] (about PKI) |
||
* [http://www.dexlab.nl/ So what’s the issue with ePassport security?] |
* [http://www.dexlab.nl/ So what’s the issue with ePassport security?] |
||
Line 142: | Line 142: | ||
* [https://www.os3.nl/2008-2009/epassport_eng E-passport security] |
* [https://www.os3.nl/2008-2009/epassport_eng E-passport security] |
||
* [http://www.cs.ru.nl/E.Poll/papers/nluug.pdf Fingerprinting passports] via their non-standard error codes |
* [http://www.cs.ru.nl/E.Poll/papers/nluug.pdf Fingerprinting passports] via their non-standard error codes |
||
− | + | ==US Passport Card== |
|
Don't mix US Passport Book (ICAO) with the [http://travel.state.gov/passport/ppt_card/ppt_card_3926.html US Passport Card] (see also [http://en.wikipedia.org/wiki/Passport_card wikipedia]), valid when entering the United States from Canada, Mexico, the Caribbean and Bermuda at land border crossings |
Don't mix US Passport Book (ICAO) with the [http://travel.state.gov/passport/ppt_card/ppt_card_3926.html US Passport Card] (see also [http://en.wikipedia.org/wiki/Passport_card wikipedia]), valid when entering the United States from Canada, Mexico, the Caribbean and Bermuda at land border crossings |
||
or sea ports-of-entry and [http://www.theregister.co.uk/2009/02/02/low_cost_rfid_cloner/ skimmed much more easily]. |
or sea ports-of-entry and [http://www.theregister.co.uk/2009/02/02/low_cost_rfid_cloner/ skimmed much more easily]. |
||
Line 148: | Line 148: | ||
<i>There will be no personal information written on the electronic chip itself. The chip will have only a unique number pointing to a stored record contained in secure government databases.[...] In addition, to mitigate any possibility that the card could be tracked, it will be issued with a protective sleeve that will prevent the card from being read when not in use.</i> |
<i>There will be no personal information written on the electronic chip itself. The chip will have only a unique number pointing to a stored record contained in secure government databases.[...] In addition, to mitigate any possibility that the card could be tracked, it will be issued with a protective sleeve that will prevent the card from being read when not in use.</i> |
||
− | + | ==Tools== |
|
− | + | ===[http://openmrtd.org/ OpenMRTD]=== |
|
library |
library |
||
− | + | ===[http://jmrtd.org/ JMRTD]=== |
|
Java host API & Javacard applet to build your own epassport infrastructure |
Java host API & Javacard applet to build your own epassport infrastructure |
||
− | + | ===RFIDIOt=== |
|
See [[RFID#RFIDIOt]] |
See [[RFID#RFIDIOt]] |
||
− | + | ===[http://www.dexlab.nl/ eCL0WN]=== |
|
Applet for Nokia NFC phone |
Applet for Nokia NFC phone |
||
− | + | ===[http://freeworld.thc.org/thc-epassport/ vonJeek emulator]=== |
|
⚫ | |||
⚫ | |||
==Misc== |
==Misc== |
||
* [http://www.smartcardfocus.com/shop/ilp/se~37/p/index.shtml Protective sleeves & wallets] shielding RFID stuff like ePassports |
* [http://www.smartcardfocus.com/shop/ilp/se~37/p/index.shtml Protective sleeves & wallets] shielding RFID stuff like ePassports |
||
− | |||
⚫ | |||
⚫ |
Revision as of 02:00, 4 February 2009
ICAO standards
- ICAO MRTD
- ICAO9303-pt1-vol1.pdf
- ICAO9303-pt1-vol2.pdf
- ICAO9303-pt3.pdf
- Supplement to ICAO Doc 9303 - Release_7
- LDS 1.7
- Others:
Certificates
Overview
- CSCA certificate (Country Signing CA certificate)
- is typically valid for their period of intended use + period of validity of the issued passports + 3 months (e.g. 5+10+0.25) and renewed after their period of intended use (e.g. 5 years).
- is used to verify the DS certificate
- DS certificate (Document Signer certificate)
- is typically valid for the period of validity of the passport itself + 3 months and renewed after their period of intended use (3 months). (e.g. 10+0.25)
- is used to verify the integrity of the EF_DG* files of the passport through their hashes signed in EF_SOD
- is optionally present in the EF_SOD file of the passport (mandated by US-VISIT & by EU I think)
- SOD (Document Security Object)
- RFC3369 CMS Signed Data Structure, signed by the Document Signer (DS).
- Carries the hashed LDS Data Groups.
- Stored in the MRTD’s chip.
- MAY carry the Document Signer Certificate
- AA (Active Authentication) keys
- private key stored in the chip
- public key available in EF_DG15, whom hash key is signed in SOD by DS
As per epassport2008 there are several certificates for the full EAC solution:
Element File name CSCA certificate - name NN_CSCA.der (.der, .cer) DS certificate NN_DS (.der, .cer) preferably included in the ePassport chip CVCA certificate NN_CVCA.cvcert (minimal validity at least 2 month) CVCA private key under PKCS#8 format NN_CVCA.pkcs8 DV certificate NN_DVCA.cvcert (effective date like CVCA certificate) IS certificate NN_IS.cvcert (effective date like CVCA certificate) IS private key under PKCS#8 format NN_IS.pkcs8
CSCA certificates
Stupid script to see what are the country certificates there (there are also CRLs):
#!/bin/bash
rm xx*
csplit pkd.000033.ldif '%userCertif%' '/^userCertif/' '{*}'
for i in xx*; do
cat $i |sed '1s/^.*:://;/:/,/qwerty/d' |openssl base64 -d|openssl x509 -inform der -out $i.pem -outform pem
cat $i |sed '1s/^.*:://;/:/,/qwerty/d' |openssl base64 -d|openssl x509 -inform der -text -noout > $i.txt
test $? -eq 0 && rm $i
done
Verifying a passport
Passive Authentication
Example to verify a French passport:
Get France CSCA certificate: hum you should get country certificates from a trusted source ;-)
$ wget -O - http://jmrtd.org/csca/fr.cer |openssl x509 -inform der -outform pem -out fr.PEM
EF_SOD certificate should have been extracted by RFIDIOt, if not:
$ tail -c+5 EF_SOD.BIN | openssl pkcs7 -inform DER -outform PEM -out EF_SOD.PEM
Verify DS certificate stored in the passport with country CSCA certificate:
$ openssl pkcs7 -in EF_SOD.PEM -print_certs -outform PEM |openssl verify -CAfile fr.PEM stdin: OK
Verify SOD is well signed by DS
$ openssl smime -verify -in EF_SOD.PEM -inform pem -noverify > EF_SOD.data Verification successful
Note that the 2 previous steps can be combined in one:
$ openssl smime -verify -in EF_SOD.PEM -inform pem -CAfile fr.PEM > EF_SOD.data Verification successful
Verify files hashes are those signed in SOD
EF_SOD.data is ASN1 you can parse to retrieve the SHA1 of the DG* files, e.g.:
$ openssl asn1parse -inform DER -in EF_SOD.data 0:d=0 hl=3 l= 150 cons: SEQUENCE 3:d=1 hl=2 l= 1 prim: INTEGER :00 6:d=1 hl=2 l= 7 cons: SEQUENCE 8:d=2 hl=2 l= 5 prim: OBJECT :sha1 15:d=1 hl=3 l= 135 cons: SEQUENCE 18:d=2 hl=2 l= 25 cons: SEQUENCE 20:d=3 hl=2 l= 1 prim: INTEGER :01 23:d=3 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:D560D2D999F12923D92DBB1E5EE55232B4A4C1B1 45:d=2 hl=2 l= 25 cons: SEQUENCE 47:d=3 hl=2 l= 1 prim: INTEGER :02 50:d=3 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:637018B2449BE126CE9D4B6CAE98D92198829B6D 72:d=2 hl=2 l= 25 cons: SEQUENCE 74:d=3 hl=2 l= 1 prim: INTEGER :0B 77:d=3 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:E9F3127A90D7A8C6237018DA294299C3EE61E03C 99:d=2 hl=2 l= 25 cons: SEQUENCE 101:d=3 hl=2 l= 1 prim: INTEGER :0C 104:d=3 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:9C878F2D2B1E22BD876E65F092FF76F2E5719D87 126:d=2 hl=2 l= 25 cons: SEQUENCE 128:d=3 hl=2 l= 1 prim: INTEGER :0D 131:d=3 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:43B89A69B60BEFE5B51752B896951C21F3601B60
and compare them with
$ sha1sum EF_DG1.BIN d560d2d999f12923d92dbb1e5ee55232b4a4c1b1 EF_DG1.BIN $ sha1sum EF_DG2.BIN 637018b2449be126ce9d4b6cae98d92198829b6d EF_DG2.BIN $ sha1sum EF_DG11.BIN e9f3127a90d7a8c6237018da294299c3ee61e03c EF_DG11.BIN $ sha1sum EF_DG12.BIN 9c878f2d2b1e22bd876e65f092ff76f2e5719d87 EF_DG12.BIN $ sha1sum EF_DG13.BIN 43b89a69b60befe5b51752b896951c21f3601b60 EF_DG13.BIN
Active authentication, verify the passport owns the private key of cert in DG15, how?
Note that for this specific French passport, AA doesn't seem to be possible, no DG15!
Moreover to be perfect, we should also check CSCA and DS against CRLs supposedly available at ICAO PKD.
Active Authentication
from http://www.aph.gov.au/Senate/committee/legcon_ctte/estimates/add_0506/ag/qon_91att_2.pdf
A4.2. Active Authentication Mechanism
Active Authentication is performed using the ISO7816 INTERAL AUTHENTICATE command. The input is a nonce (RND.IFD) that MUST be 8 bytes. The ICC computes a signature, when an integer factorization based mechanism is used, according to ISO9796-2 Digital Signature scheme 1 ([R17], ISO/IEC 9796-2, Information Technology – Security Techniques – Digital Signature Schemes giving message recovery – Part 2: Integer factorisation based mechanisms, 2002.).
M MUST consist of M1 and M2, where M1 MUST be a nonce of length c – 4 bits and M2 is RND.IFD.
The trailer option 1 MUST be used in case of SHA-1, if not SHA-1 then option 2 MUST be used.
The result of the signature computation MUST be signature 3 without the non-recoverable message part M2.
In more detail, IFD (inspection system) and ICC (MRTD’s chip) perform the following steps:
1) The IFD generates a nonce RND.IFD and sends it to the ICC using the INTERNAL AUTHENTICATE command.
2) The ICC performs the following operations:
a) Create the header.
b) Generate M1.
c) Calculate h(M)
d) Create the trailer
e) Calculate the message representative F.
f) Compute the signature 3 and send the response to the IFD.
3) The IFD verifies the response on the send INTERNAL AUTHENTICATE command and checks if the ICC returned the correct value.
Dumping the public key of the passport:
tail -c+4 EF_DG15.BIN |openssl rsa -pubin -inform der -text
Security of the ePassport infrastructure
- On Exploiting ePassport Vulnerabilities (about PKI)
- So what’s the issue with ePassport security?
- Hello, my name is ...
- E-passport security
- Fingerprinting passports via their non-standard error codes
US Passport Card
Don't mix US Passport Book (ICAO) with the US Passport Card (see also wikipedia), valid when entering the United States from Canada, Mexico, the Caribbean and Bermuda at land border crossings or sea ports-of-entry and skimmed much more easily. Won’t this chip violate Americans’ privacy? There will be no personal information written on the electronic chip itself. The chip will have only a unique number pointing to a stored record contained in secure government databases.[...] In addition, to mitigate any possibility that the card could be tracked, it will be issued with a protective sleeve that will prevent the card from being read when not in use.
Tools
OpenMRTD
library
JMRTD
Java host API & Javacard applet to build your own epassport infrastructure
RFIDIOt
See RFID#RFIDIOt
eCL0WN
Applet for Nokia NFC phone
vonJeek emulator
Specific countries
Misc
- Protective sleeves & wallets shielding RFID stuff like ePassports