ePassports 'at risk' from cloning

The ePassport is one of the many measures pursued by the United States and governments internationally after the horror of 11 September.

It will, we are promised, keep the unwanted and dangerous outside our borders, while streamlining entry for those welcome to come and visit.

But as the implementation of the scheme gets underway it is becoming clear that there could be serious problems with it.

With the old passport, we knew where we stood. If you lost it you knew you had lost it, but with the new, machine readable passports the story is very different.

When you take a digital photo the image is, in effect, a code, which means that however many prints you make they are all exactly the same.

Five-minute replica

So when Lukas Grunwald and Christian Bottger realised they could clone the new ePassport they were pretty sure it would be identical to the original, and undetectable. So how did they do it?

The chip inside the ePassport is a Radio Frequency Identification (RFID) chip of the type poised to replace the barcode in supermarkets.

The good thing about RFID chips is that they emit radio signals that can be read at a short distance by an electronic reader.

But this is also the bad thing about them because, as Lukas demonstrated to me, he can easily download the data from his passport using an RFID reader he got for 200 Euros on eBay.

Lukas is less forthcoming about where he got what is called the Golden Reader Tool, it is the software used by border police and it allows him to read the chip on his ePassport, including the photo.

Now for the clever bit. Thanks to a software he himself has developed, called RFdump, he downloads the passport's data onto his computer and then onto a blank chip.

Using a standard off-the-shelf component you can just buy at a component store you can have a cloned ePassport in less than five minutes.

Security risks

When the cloned ePassport is read and compared to the original one it behaves exactly the same.

The UK Home Office however dismissed the ability to get hold of the information on the chip.

A spokesman said: "It is hard to see why anyone would want to access the information on the chip.

"Other than the photograph, which could be obtained easily by other means, they would gain no information that they did not already have - so the whole exercise would be pointless: the only information stored on the ePassport chip is the basic information you can see on the personal details page."

The spokesman said the chip was one part of the security features of the ePassport.

He said: "Being able to copy this does not mean that the passport can be forged or imitated for illegal or unauthorised use.

"British ePassports are designed in such a way as to make chip substitution virtually impossible and the security features of the passport render the forgery of the complete document impractical."

According to Lukas Grunwald of the consulting company DN-Systems an ePassport holder is more at risk from someone trying to steal their data.

"Nearly every country issuing this passport has a few security experts who are yelling at the top of their lungs and trying to shout out: 'This is not secure. This is not a good idea to use this technology'".

DN-Systems' Christian Böttger also believes the system was set up in a hurry.

"It is much too complicated. It is in places done the wrong way round - reading data first, parsing data, interpreting data, then verifying whether it is right.

"There are lots of technical flaws in it and there are things that have just been forgotten, so it is basically not doing what it is supposed to do. It is supposed to get a higher security level. It is not," he said.

Danger

A European Union funded network of IT security experts has also come out against the ePassport scheme.

Researchers working within the Future of Identity in the Information Society (FIDIS) network say European governments have forced a document on its citizens that dramatically decreases security and increases the risk of identity theft.

RFID chips can be read at a short distance and tracked without their owner's knowledge, while the key to unlocking the passport's chip consists of details actually printed on the passport itself.

It is almost like writing your pin number on the back of your cashpoint card.

"The basic access control mechanism works based on information like the number of the passport, the name of the passport holder, the date of birth and then other data which are simply readable by anyone who looks on the passport," said Professor Kai Rannenberg of Frankfurt University.

"If you have that information and put the respective software into the reader, the reader can overcome the basic access control of the passport."

The experts say it is not too late to roll back and rethink the ePassport.

If not, the danger is obvious - that a scheme, the declared aim of which is to increase our security, could well do the exact opposite.

Original Source: http://news.bbc.co.uk/2/hi/programmes/click_online/6182207.stm

nsa uses linux

As part of its Information Assurance mission, the National Security Agency has long been involved with the computer security research community in investigating a wide range of computer security topics including operating system security. Recognizing the critical role of operating system security mechanisms in supporting security at higher levels, researchers from NSA's Information Assurance Research Group have been investigating an architecture that can provide the necessary security functionality in a manner that can meet the security needs of a wide range of computing environments.

End systems must be able to enforce the separation of information based on confidentiality and integrity requirements to provide system security. Operating system security mechanisms are the foundation for ensuring such separation. Unfortunately, existing mainstream operating systems lack the critical security feature required for enforcing separation: mandatory access control. As a consequence, application security mechanisms are vulnerable to tampering and bypass, and malicious or flawed applications can easily cause failures in system security.

The results of several previous research projects in this area have been incorporated in a security-enhanced Linux system. This version of Linux has a strong, flexible mandatory access control architecture incorporated into the major subsystems of the kernel. The system provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements. This allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications.

Linux was chosen as the platform for this work because its growing success and open development environment provided an opportunity to demonstrate that this functionality can be successful in a mainstream operating system and, at the same time, contribute to the security of a widely used system. Additionally, the integration of these security research results into Linux may encourage additional operating system security research that may lead to additional improvement in system security.

This work is not intended as a complete security solution for Linux. Security-enhanced Linux is not an attempt to correct any flaws that may currently exist in Linux. Instead, it is simply an example of how mandatory access controls that can confine the actions of any process, including a superuser process, can be added into Linux. The focus of this work has not been on system assurance or other security features such as security auditing, although these elements are also important for a secure system.

The security mechanisms implemented in the system provide flexible support for a wide range of security policies. They make it possible to configure the system to meet a wide range of security requirements. The release includes a general-purpose security policy configuration designed to meet a number of security objectives as an example of how this may be done. The flexibility of the system allows the policy to be modified and extended to customize the security policy as required for any given installation.

There is still much work needed to develop a complete security solution. Nonetheless, we feel we have presented a good starting point to bring valuable security features to Linux. We are looking forward to building upon this work with the Linux community.

Security-enhanced Linux is being released under the same terms and conditions as the original sources. The release includes documentation and source code for both the system and some system utilities that were modified to make use of the new features. Participation with comments, constructive criticism, and/or improvements is welcome.

Source: http://www.nsa.gov/selinux/index.cfm