Home Office riposte on ID Card hack

Those of you with any interest in cricket will know that today is the first day of the 4th Test Match between Australia and England for the Ashes. With the series standing at 1-0 to England (2 matches having ended in a draw), the 4th Test (out of 5) could be the clincher. Not that I’m a cricket buff in any way – but it’s a good excuse to get a couple of those bewildering sports analogies into the blog post. (See bottom of post for approximate baseball translations…)

The Home Office appeared to have been bowled a bit of a googly [1] yesterday, when it was reported that Adam Laurie had not only hacked the access controls on an ID Card chip, but had successfully copied the data onto another chip, modified an existing field and added new data in another. However, this piece on the Kable site reports that the Home Office played a straight bat [2], denying outright that there was any evidence of a successful or viable attack.

According to the spokesperson:

“This story is rubbish. We are satisfied the personal data on the chip cannot be changed or modified and there is no evidence this has happened,” said a spokesperson.

“The identity card includes a number of design and security features that are extremely difficult to replicate. Furthermore, the card readers we will deploy will undertake chip authentication checks that the card produced will not pass. We remain confident that the identity card is one of the most secure of its kind, fully meeting rigorous international standards.”

What’s not quite clear is whether the phrase “personal data on the chip” has again been carefully chosen to allow for the possibility that personal data, once off the chip, could be modified successfully.

As for the comments about authentication checks between the card, the chip and the reader: I remember studying a similar design exercise when I was working with the IBM 4753 device family in the early ’90s. The 4753 was a smart card reader with an encrypting PIN pad; it included the option to connect to a 4755 cryptographic adapter (PC card), and also to have a biometric pen attached to it to produce a ‘digitised signature’. The pen incorporated three sensors (one for pressure, and one each for the two dimensions of movement across the page), which it used to generate a digital ‘map’ of your signature and thence a cryptographic hash of the resulting data. The ratio of false accepts/rejects to correct accepts/rejects was pretty impressive, and seemed consistent whether you ‘enrolled’ with your signature or with some other pass-phrase. Unfortunately it was all a bit pricey.

The other feature of the system was that each of the devices in a setup (the card reader, the crypto adapter and the smart card) was able to establish a pairwise, DES-encrypted session with each of the others.

This meant that the session keys had to form part of a standard DES key hierarchy (session/data keys, key-exchange keys, and master keys). The role of the master key in this hierarchy is to encrypt/decrypt the key-exchange keys. Good practice says that your master key should be unique to each hardware device, and should never leave a protective hardware key-storage module, or KSM. (Bear with me… this is going somewhere relevant…)

In the PC adapter and the card reader, that KSM was about the size of a pack of cards, had a long-life battery back-up and several hardware protective mechanisms to prevent physical attempts to extract the keys. My favourite was the low-temperature sensor; it had been observed that, if you cool a memory chip sufficiently and then slice away at it with a microtome (thing used for preparing stuff you want to put under an electron microscope… makes very thin slices…), you could reveal the physical record of ones and zeroes and, in principle, recover the keys (a bit like reading the pattern of pits on the surface of a CD through a microscope). The low temperature sensor was there so that, if the KSM thought someone might be trying this, it would wipe the keys from memory.

The point is that in the corresponding smart card format, the size constraints meant that it was impractical to apply several of these physical security measures – such as the temperature sensors or the battery backup. Lack of the latter meant that instead of being stored in volatile RAM, the smart card keys were written to EEPROM so that they could persist in the card.

The adapter/reader KSMs also had a Faraday shield to prevent attempts to ‘eavesdrop’ on the module while it was at work. Obviously, that’s not very practical in the smart card implementation, though, if you want to use contactless communication between the card and a reader.

The bottom line is that, at least back then, the security of the key-store smart card depended to a great extent on the fact that it was very small, and was physically sandwiched between other parts of the chip. It was still more vulnerable to physical attack than its larger siblings, and such attacks were demonstrated by Ross Anderson and his students at the Cambridge University Computer Laboratory. (Incidentally, these physical attacks – and much more – are described in Prof Anderson’s 600-page book on Security Engineering, freely available online here, which is a belter of a read if you’re at all interested in this sort of thing).

The point is that whatever authentication protocols the smart card and reader undertake, the security of that communication is very likely to depend, ultimately, on the physical security of the smart card – and that imposes design constraints which can be extremely hard to overcome, especially if you want a card which is affordable at population scales of deployment.

Adam Laurie’s current attack may or may not be fatal in principle, and may or may not be viable in practice. It’s impossible to tell, from the level of information in the public domain – but by the same token, it is also impossible to conclude, from that information, whether or not these ID card chips genuinely increase the security and integrity of the bearer’s data.

All in all, a very sticky wicket [3].

[1] googly : a ball which appears to be heading in one direction, but instead breaks the other way. Rough translation – a pitch which starts out looking like a Sinker, but turns into a Cutter (remember that in cricket the ball can hit the ground before reaching the batsman… which gives an opportunity for an abrupt change of direction).

[2] play a straight bat : to maintain a resolute defence, often by playing a ‘blocking shot’ – though offensive strokes can also be played with a straight bat. ‘Keeping a straight bat’ is a general principle which relates to the wisdom of keeping your bat well aligned with the (vertical) stumps it is used to defend. No direct equivalent in baseball, because in cricket the batsman has the option of hitting the ball and not running… but technically, the closest equivalent might be a bunt.

[3] sticky wicket : an unpredictable or difficult playing surface – hence, unpredictable or difficult circumstances. Again, no direct equivalent, because it refers to the area the ball bounces off before reaching the batsman.

PS – at the time of writing, England are all out for a paltry 102 runs, while Australia have scored 79 for the loss of just one wicket. Not looking good for England.

Advertisements

4 thoughts on “Home Office riposte on ID Card hack

  1. Citizen Dave says:

    First of all, there was no "hack". What Adam did was prove that the card contactless interface performed precisely according to specification. Anyone can read this data, it's an international standard, it's not even remotely secret and you can buy it for $60 here:http://store1.icao.int/documentitemView.ch2?ID=7986For the technical, it's ICAO 9303.But the response is disingenous."personal data on the chip cannot be changed"But this is not what Adam claims. What he claimed was that he can read the data from the chip, which is true. But anyone can read the data, so it's not a very interesting story. And it's not even news, since Adam demonstrated that anyone can check that ICAO 9303 interfaces perform exactly as they are supposed to back in 2006. Just google "guardian laurie rfid passport".

  2. Robin Wilton says:

    So what do you make of the claims that (albeit on the cloned card) he was able to change an entitlements parameter from "yes" to "no" and to insert a message to "shoot the bearer on sight"?Were these simply unprotected fields which anyone could expect to modify? Without knowing whether the ICAO "Golden Reader" software does things like check digital signatures (which I don't) it's hard to tell, from the article at least.

  3. Anonymous says:

    Dave is right, there is no "hack".Bear in mind that, being a development tool, the Golder Reader displays the data on the card in any case, authentic or not. It checks the signature ("Data signed?") and verifies the certificate chain ("Who signed it?"). That is the trick: Laurie could, of course, sign whatever he put on the card using HIS OWN private and public key. But he did not explain why a UK gov ID card reader (which doesn't yet exist, or does it?) would accept him as a recognized certification authority.Have a look at this white paper on electronic passports:http://www2.icao.int/en/MRTD/Downloads/PKD%20Documents/A%20Primer%20on%20the%20Public%20Key%20Directory.pdfOn page 5, it says:"This validation requires three preconditions to be fulfilled:1. The […] system must know the country signing certificate.2. The […] system must know the document signer certificate.3. The […] system must know if these certificates are still valid or whether they have been revoked […]."Note that this would not require an online connection to a database where all the citizen data is stored. Just the root certificate has to be preloaded into the (even mobile) card reader and guaranteed to be authentic. Sure, if the card reader gets compromised there is no hope. But that hasn't been the discussion so far.I also tend to disagree on the blog author's interpretation of Ross Anderson's book. In chapter 16.6.4 "The State of the Art" of the original version (2nd ed.) the bottom line seems to be: "[In order to penetrate a smard card…] Either way, you can be looking at a year's delay, a budget of over a milliion dollars, and no certainty of success". Not really what you want to invest in order to hack a citizen's ID card…..

  4. shallu says:

    Here is a great chance to drive a large number of visitors to your blogs and websites for free. Submit your websites, blogs, videos to http://www.zillionsb.com and get 1000s of targeted visitors everyday for free. It also helps your websites/blogs gain valuable backlinks.Let the other bloggers cast their votes to push your posts up for a greater visibility. Enjoy a free, huge traffic to your sites.ThanksSara http://www.zillionsb.com

Comments are closed.