Implementation Based Security Analysis of the Electronic Passport

Size: px

Start display at page:

Download "Implementation Based Security Analysis of the Electronic Passport"

Emerald Price
6 years ago
Views:

1 Diploma Thesis Implementation Based Security Analysis of the Electronic Passport Liu, Yifei Ruhr-Universität Bochum Lehrstuhl für Kommunikationssicherheit Prof. Dr.-Ing. Christof Paar

2 2

3 Erklärung Hiermit versichere ich, dass ich meine Diplomarbeit selbst verfasst und keine anderen als die angegebenen Quellen und Hilfsmittel benutzt sowie Zitate kenntlich gemacht habe. I hereby certify that the work presented in this thesis is my own work and that to the best of my knowledge it is original except where indicated by reference to other authors. Ort, Datum Unterschrift i

4 ii

5 Acknowledgement I would like to express my gratitude to all those who gave me the possibility to complete this thesis. I want to thank the chair for communication security at the Ruhr Universität Bochum for giving me permission to commence the thesis. I have furthermore to thank Prof. Dr.-Ing. Christof Paar, Dipl.-Phys. Kerstin Lemke-Rust and Dipl.-Ing. Timo Kasper for doing a great job in supervising my work, for their suggestions and encouragement. I also want to thank Dipl.-Ing. Tim Erhan Güneysu and Ing. Martin Novotný for their helpful and detailed explanation of using the machine - COPACOBANA. My thanks goes also to three anonymous volunteers for offering their electronic passports for this investigation. Above all, I want to thank my parents and my wife for their love and support. iii

6 iv

7 Abstract The electronic passport has been already introduced in Germany on November 1, Just under 10 months later, on August 28, 2006, the new Dutch electronic passport also become available in the Netherlands. The goal of the adoption of the electronic passport is not only to expedite processing at border crossings, but also to increase security and to resist tampering. However, several months before the introduction of the Dutch electronic passport, it was already announced that the Basic Access Control protocol used to protect the flow of information between the electronic passport and a passport reader was cracked by a Dutch firm and that happened even in 3 hours on a standard PC. With this background, the thesis will also concentrate further on this topic. In this work, a theoretical and practical cryptanalysis against the Basic Access Control protocol will be performed. It is based both on the German and the Dutch electronic passport. Thereby, a communication between the electronic passport and passport reader will be established, in order to collect communication segments for analysis work. To search the access keys an optimum hardware approach will be implemented, that runs on an FPGA-based machine, COPACOBANA, which is optimized for running cryptanalytical algorithms and suitable for parallel computation problems. Parallel to the practical work, this thesis will also concentrate on the theoretical investigations. The complexity of this cryptanalysis will be estimated with the information entropy. Several concrete scenarios will be submitted, in order to simulate attacks against electronic passport system as real as possible. At the end of this thesis, two scenarios will be implemented and tested on COPA- COBANA. The implementations are based on both systems. v

8 vi

9 Contents 1 Introduction Background Introduction to an RFID System RFID Standards Motivation Thesis Outline Cryptographic Basics Introduction to the Secure Hash Algorithm (SHA-1) Padding for Input Message Mode of Operation Introduction to Data Encryption Standard (DES) Description of the Algorithm f-function The Triple DES Introduction to the Cipher Block Chaining Mode (CBC) Electronic Passport Machine Readable Zone (MRZ) Structure of MRZ Calculation of Check Digits Data Structure of the Electronic Passport Data Authenticity and Integrity Data Confidentiality Description of the Basic Access Control Protocol Key Generator Message Encryption General Aim and Framework of Analysis Complexity of Searching Access Key vii

10 Contents Case Studies Reduction of the Complexity Analysis Scenarios Basic Concept Hardware Design Environment The COPACOBANA Implementation Establishing Communication Relationship for Passport Hardware Design for Searching Access Key Global Design Description The Encryption Engine Implementations based on Particular Scenarios Results Operating Speed Result of Scenarios Result of Scenario Result of Scenario Theoretical Estimation For German Electronic Passport For Dutch Electronic Passport Conclusion and Future Work Conclusion Future Works A Population Age Distribution 69 B Operation Results of BAC protocol Implementation 73 C An Exemplary Collection of MRZ 81 D Bibliography 83 viii

11 List of Figures 1.1 German Electronic Passport An RFID System The Secure Hash Algorithm DES - Algorithm (left) and Key Schedule (right) The f-function The triple DES The Cipher Block Chaining Mode An example of MRZ Calculation of Check Digits Logical Data Structure File tree according to ISO/IEC The structure of LDS The BAC Protocol Access-Key Generator Session-Key Generator Message Encryption The population age distribution in Germany in the year Known dates of expiry reduce the search space Architecture of the complete system The machine - COPACOBANA COBACOBANA architecture Overview of the structure of the implementation Layout of a single FPGA BAC analyst state machine Stucture of the encryption engine Stucture of SHA Structure of triple DES ix

12 List of Figures 6.1 Console output from COPACOBANA SHA-1 with pipeline principle x

13 List of Tables 3.1 Key Length for Digital Signature Algorithms Device features of SPARTAN-3 XC3S xi

14 List of Tables xii

15 Chapter 1 Introduction The adoption of the electronic passport for human identification at border crossings is a worldwide operation, which can be primarily seen as a reaction to the changed security situation in the world since the attacks on September 11, Its goal is striving for enhanced surveillance concerning the movement of persons between different countries. The new travel document increases the physical bond between the travel document and its owner. In many countries, tests, projects and studies are carried out for examining the feasibility, reliability and security of the new travel document, while some other states have already implemented the new system for the electronic passport at border crossings. 1.1 Background Back in 1968, the ICAO (International Civil Aviation Organization), a subsidiary organization of the United Nations (UN) which concerns itself with all questions of international civilian aviation, began to work on the international guidelines for MRTDs (Machine-Readable Travel Documents), with the intention of accelerating the passport check procedure at the airport. Since 1997 the ICAO as well as the aircraft industry and the ISO (International Organization for Standardization), work together on specifications for machine-readable passports with biometric data, in order to construct a world-wide standardized system for the examination of the identity by biometric characteristics. After the attack in September 2001, the United States, at the leading edge of the war on terrorism, had taken the path towards a new border crossing system based on biometric identification technology, which were specified by the ICAO [5]. Because of 1

Chapter 1 Introduction the pressure of the USA, the EU (European Union) made a political decision about the Biometric Machine Readable Travel Document.

16 Chapter 1 Introduction the pressure of the USA, the EU (European Union) made a political decision about the Biometric Machine Readable Travel Document. On December 13, 2004 the European Commission decided to issue new electronic biometric passports with appropriate security functions in all member states. All EU member states have to store a portrait photo of the passport holder in the passport for face recognition by June 10, The fingerprint of passport holder is supplemented as an additional security function by December 10, According to the guidelines of the EU, Germany has issued electronic passports since November 1, Figure 1.1: German Electronic Passport 1.2 Introduction to an RFID System The ICAO was on the search for a data storage technology ensuring the integrity of the biometric data and protecting against falsification and destruction of the biometric characteristics. Besides that, the technology should also offer reliability, user friendliness and sufficient storage capacity as well as a long life period. After examining all alternatives, i.e. 2D-barcode, magnetic stripe, contact-based smart card and optical memory, the ICAO decided for the usage of the RFID technology. RFID stands for Radio Frequency IDentification. Roughly speaking, this term is about devices and technology that use radio signals to exchange identification data wirelessly. An RFID system is built of two components, a small chip, often called a tag, 2

17 1.2 Introduction to an RFID System and a reader. Typically, the tag stores a unique identifier and additional data are attached to objects or issued to people. When a tag or a group of tags is placed in the radio frequency field of a reader, the data contained in the tags memory can be accessed by the reader. An RFID system is illustrated in Figure 1.2. Figure 1.2: An RFID System RFID systems are usually classified by three parameters: operating frequency, range and coupling. The ICAO has defined the RFID system with small ranges of up to 10cm called remote coupling. Its operating frequency is MHz ± 7 KHz [8]. The member states of the ICAO have to integrate an RFID chip into the electronic passport, which is compatible with either ISO 14443A or ISO 14443B standard. The operating system embedded in the chip is compatible with the smartcard standard ISO RFID Standards The ISO standard describes function and parameters of RFID chip used in the electronic passport. The ISO consists of four parts. Part 1 of the standard describes the physical characteristics of the chips. The measurements are 85.72mm and 54.03mm which are compatible with the ISO Fur- 3

18 Chapter 1 Introduction thermore, Part 1 contains regulations for the testing of bending load, torsional load and the exposure to UV- and electromagnetic waves [16]. In Part 2 of the specification the radio frequency interface is defined. Power supply of the RFID chip is done via an alternating magnetic field emitted by the reader with a frequency of MHz. In the communication interface two different standards exist: type A and type B. RFID cards must support at least one of the two standards. An ISO conforming reader however has to support both types. This requires periodic switching between the two modes during idle state [17]. Part 3 covers the initialization and anti-collision mechanisms. If an RFID chip enters the field of a reader and a communication should be established, two points have to be considered. First there might be more than one chip in the field and secondly there might already be an established connection with another chip [18]. Part 4 of the ISO specification covers the transmission protocol [19]. The protocol is very similar to the ISO standard, which facilitates the construction of dual interface cards. It describes the transmission of APDU (APplication Data Units) which can contain any data such as commands and responses. Data transmission can be described by the OSI layer model [1]. Every layer carries out its tasks autonomously and is transparent to the upper layer. Layer 1 (physical layer) describes the transmission layer and the byte coding of data. The transport layer (layer 2) controls the transmission of data with correct addressing of data blocks (CID), sequential transmission of longer blocks, time behaviour as well as the handling of transmission errors. Layer 7 contains the application data as a command to the chip card or the response. Layer 7 is independent from the current operating mode, which can be contactbased or contactless. Layers 3 to 6 are only used in complex networks and are omitted in this standard. An illustration of this layer model is in Figure 5.1 in Section 5.1. After a chip has been activated it waits for the first command from the reader. Communication is strictly based on the master/slave principle. The reader sends a command to the card, which then executes it and sends a response. 1.3 Motivation The goal of the adoption of the electronic passport in Germany is to create a new version of the German passport that not only expedites processing at border crossings, but also increases security and resists tampering. Therefore, in order to ensure integrity, authenticity and confidentiality of the data stored in electronic passport 4

19 1.4 Thesis Outline some cryptographic preventive measures have been adopted. For example, digital signature is used for preventing falsification of the passport data and a cryptographic protocol named Basic Access Control is implemented for the protection against unauthorized readout of chip contents. However, despite these security measures several citizen right organizations have referred to the poorly conceived technology, high costs and increasing monitoring tendencies. A study of the BSI [2] shows still some residual risks and that unwanted side effects remain a problem of the new technology. Some published works point out the eavesdropping possibility and the weakness of the protocol Basic Access Control (see Chapter 4). In this thesis, the security of the German electronic passport will be primarily investigated to find out how fast it is possible to extract the access key for communication between passport and reader by exploiting the weakness in the Basic Access Control protocol. As reference instance, the Dutch electronic passport system will be simultaneously analyzed. Through the comparison and analysis of the both systems, the conclusion of the thesis will be more robust and reliable. For the work, the communication with the electronic passport is established by a commercial available RFID reader, so that the required communication segments for the security analysis can be collected. A high performance cryptanalysis system is implemented in hardware in order to obtain the access keys. 1.4 Thesis Outline In Chapter 2 two cryptographic algorithms, SHA-1 and triple DES will be introduced and the cryptographic notation in this thesis will be also described. Chapter 3 provides an introduction to the electronic passport and the cryptographic mechanisms used in it, not only the algorithm for protecting confidentiality but also the algorithm for realizing integrity and authenticity. Chapter 4 is an overview of the complete system that has been set up by our self and used in this study. The complexity of the key searching will also be presented and the hardware used for the analysis will be also introduced in this chapter. Then, in Chapter 5 the implementation of the Basic Access Control protocol and the cryptanalysis system will be described in detail. The Chapter 6 represents the results Bundesamt für Sicherheit in der Informationstechnik 5

20 Chapter 1 Introduction of the implementations. Finally, in Chapter 7 the conclusion of this study will be summarized and a view on future work will be given. 6

21 Chapter 2 Cryptographic Basics In this chapter, the focus is on two cryptographic algorithms which were adopted to protect the data security of the electronic passport. For this reason it is necessary to introduce two notions in cryptography, i.e. a block cipher and a hash function. A block cipher is a symmetric key cipher which operates on groups of bits with a fixed length, termed blocks. There are basically two paired algorithms for a block cipher, one for encryption, and another for decryption, which is in fact the inverse of the encryption. Both algorithms have two inputs and one output. The encryption can be denoted by and the decryption by C := Enc K (M) M := Dec K (C) where K is a key used for encryption as well as decryption, M and C both are a set of strings over some alphabet, but M is a plaintext message and C is a ciphertext message. The purpose of a hash function is to produce a hash value, also called fingerprint, of an original file, message, or other block of the data. Both, the original message and its hash value, will be sent to receiver. The receiver authenticates the message by recomputing the hash value. A hash value is generated by a Hash function of the form h := Hash(M) 7

22 Chapter 2 Cryptographic Basics where M is also a plaintext and h is the fixed-length hash value, which is normally much shorter than the plaintext. 2.1 Introduction to the Secure Hash Algorithm (SHA-1) The SHA (Secure Hash Algorithm) was developed by the NIST (National Institute of Standards and Technology) and published as FIPS (Federal Information Processing Standards) 180 in The SHA-1 is a technical revision of SHA and it was published as FIPS in 1995 [26]. When a message of any length of less than 2 64 bits is given as input, the SHA-1 produces a 160-bit hash value (also called message digest). Any change to a message in transit will result in a different message digest with very high probability. Now we look into the detail of the SHA Padding for Input Message The purpose of message padding is to make the total length of a padded message a multiple of 512. The SHA-1 sequentially processes blocks of 512 bits when computing the hash value of a message or data file that is provided as input. As a summary, a 1 followed by m 0 s followed by a 64-bit integer are appended to the end of the message to produce a padded message of length 512 n. The 64-bit integer is the length of the original message. The padded message is then processed by the SHA-1 as n 512-bit blocks. Example: Suppose l represents the length of the original message and the original message is the bit string This message has length I = 40 (28 in hexs). Then the 41st bit will be appended with 1, as shown below

23 2.1 Introduction to the Secure Hash Algorithm (SHA-1) Therefore, s should be appended and this gives (in hexs): The last two-word represent the length of the original message l = 28 (in hexs). This final padded message consisting of one block contains 16 words = = 512 bits for n = 1 in this case Mode of Operation Initialization Five 32-bit registers (A, B, C, D and E) are contained in the core module of SHA-1. Before processing any blocks, these registers are initialised to the following values (in hexadecimal): H 0 = H 1 = ef cd ab 89 H 2 = 98 ba bc fe H 3 = H 4 = c3 d2 e1 f0 Functions and Constants There are three primitive functions used in SHA-1. Each function f t, 0 t 79, has three 32-bit words B, C and D as input and one 32-bit word as output. The set of SHA-1 primitive functions f t (B, C, D) is defined as follows: f t (B, C, D) = (B C) + ( B D) (0 t 19) f t (B, C, D) = B C D (20 t 39) and 60 t 79) f t (B, C, D) = (B C) + (B D) + (C D) (40 t 59) 9

24 Chapter 2 Cryptographic Basics Where B C = bitwise logical and of B and C B = bitwise logical complement of B + = addition modulo 2 32 A sequence of constant words K(0), K(1),..., K(79) is used in the SHA-1. In hexadecimal notation these are given by K(t) = 5a (0 t 19) K(t) = 6ed9eba1 (20 t 39) K(t) = 8f1bbcdc (40 t 59) K(t) = ca62c1d6 (60 t 79) Computing the Message Digest To generate the message digest, the final padded message is used in such a way that the message block is transformed from bit words (M 0 to M 15 ) to bit words (W 0 to W 79 ). The processing of M i involves 80 steps using the following algorithm. Algorithm 1 Secure Hash Algorithm revised (SHA-1) Input: 16-word blocks M 0, M 1,...,M 15 Output: 160-bit hash value 1: Let A = H 0, B = H 1, C = H 2, D = H 3, E = H 4 2: for t = 0 to 79 do 3: if t 15 then 4: W t = M t 5: else 6: W t = S 1 (W t 16 W t 14 W t 8 W t 3 ) 7: end if 8: T EMP = S 5 (A) + F t (B, C, D) + E + W t + K t ; 9: E = D; 10: D = C; 11: C = S 30 (B); 12: B = A; 13: A = T EMP ; 14: end for 10

25 2.1 Introduction to the Secure Hash Algorithm (SHA-1) Where: A, B, C, D, E: Five words of the buffer t: Round number, 0 t 79 S i : Circular left shift by i bits W t : A 32-bit word derived from the current 512-bit input block K t : An additive constant +: Addition modulo 232 After all N 512-bit blocks have been processed, the output from the Nth stage is the 160-bit message digest, represented by the five words H 0, H 1, H 2, H 3 and H 4. The SHA-1 operation looking at the logic in each of 80 rounds of one 512-bit block is shown in Figure 2.1. Figure 2.1: The Secure Hash Algorithm-1 11

26 Chapter 2 Cryptographic Basics 2.2 Introduction to Data Encryption Standard (DES) Without doubt the first and the most significant modern symmetric encryption algorithm is that contained in the Data Encryption Standard (DES). In November 1976, the DES was adopted also by NIST as the government-standard encryption algorithm [25]. Since then, it has become a domestic and international encryption standard, and has been used in thousands of applications Description of the Algorithm The overall scheme for DES encryption is illustrated in Figure 2.2. As with any encryption scheme of block cipher, there are two inputs to the encryption function: the plaintext to be encrypted and the key. In this case, the input to the algorithm are a 64-bit block of plaintext M {0, 1} 64 and a 64-bit block of key K {0, 1} 64, the output from the algorithm is a 64-bit block of ciphertext C {0, 1} 64 after 16 rounds of identical operations. The operation of the DES can be described in the following algorithm. Algorithm 2 Data Encryption Standard (DES) Input: plaintext M {0, 1} 64 and key K {0, 1} 64 Output: ciphertext C {0, 1} 64 1: Key schedule. Compute 16 round keys K i {0, 1} 48 (i = 1, 2,..., 16) from K 2: IP (M) = (L 0, R 0 ). Transpose using the initial permutation IP 3: for i = 1 to 16 do 4: L i = R i 1 5: R i = L i 1 f(r i 1, K i ). f() is called f-function, see Section : end for 7: (L 16,R 16 ) = (R 16,L 16 ). an additional swap 8: IP 1 (R 16, L 16 ) = C. Transpose using the inverse of the initial permutation IP Both encryption and decryption use this algorithm except for processing the key schedule in the reverse order; More concretely, the round keys used by encryption are K 1, K 2,..., K 16, then those used by decryption should be K 16, K 15,..., K 1. This way of arranging round keys is showed in Figure 2.2 as key schedule. The key schedule has the task that it takes the key K {0, 1} 64 as input and then 12

27 2.2 Introduction to Data Encryption Standard (DES) Figure 2.2: DES - Algorithm (left) and Key Schedule (right) provides the subkey K i {0, 1} 48 as output. Initially, the Key K is passed though a permutation function called permuted choice 1. Then, the output of the permuted choice 1 is divided into two 28 bits halves and loaded into two working registers. For each of the rounds a subkey K i is subsequently produced by the combination of a circular shift and another permutation called permuted choice 2. The halves in registers are shifted left for encryption and right for decryption either one or two positions, depending on the round. 13

28 Chapter 2 Cryptographic Basics f-function The core unit of DES is the f-function (also known as the Feistel function) that takes the right block (register R, 32-bits) of the output of the previous round and the round key as input. The f-function consists mainly of expansion, permutation and substitution. The substitution is accomplished via look-up table in S-boxes and the Expansion expands the 32 bits inputblock to 48 bits block. The function of the permutation is to rearrange the 32 outputs from the eight Sboxes. Here is the structure of the f-function in Figure 2.3. Figure 2.3: The f-function The Triple DES Direct after the proposing of the DES as the encryption standard some debates were started on its security. A single main criticism is that the DES has a relatively short key 14

29 2.2 Introduction to Data Encryption Standard (DES) length. This is regarded as the only most serious weakness of the DES. One solution to overcome the short-key limitation is to run the DES algorithm several times using different key for each time. One such proposal is called triple DES scheme. The triple DES is a widely accepted approach which uses multiple encryptions with DES and multiple keys. It can be implemented either with three keys (K 1, K 2, K 3 ) or with two keys (K 1, K 2, K 1 ) and the key length of K i is 64 bits. The triple DES with two keys is popular and its encryption can be denoted by: C := Enc K1 {Dec K2 {Enc K1 {M}}}, and decryption by M := Dec K1 {Enc K2 {Dec K1 {M}}}. In Figure 2.4 a triple DES with three keys is illustrated. Figure 2.4: The triple DES 15

30 Chapter 2 Cryptographic Basics 2.3 Introduction to the Cipher Block Chaining Mode (CBC) A block cipher encrypts or decrypts messages as data blocks. Usually, the size of a message string M is larger than the size of the message block of a block cipher, the long message can be divided into a series of sequentially listed message blocks (M = M 1 M 2... M n ), and the cipher processes these blocks one at a time. Figure 2.5: The Cipher Block Chaining Mode One such algorithm is the cipher block chaining mode of operation (CBC), in which plaintext is processed 64 bits at a time and each block of plaintext is encrypted using the same key, see Figure 2.5. The output is a sequence of n-bit cipher blocks which are chained together so that each cipher block is dependent (C = C 1 C 2... C n ). The CBC requires an explicit IV (Initialization Vector) of 64 bits that is the same size as 16

31 2.3 Introduction to the Cipher Block Chaining Mode (CBC) the block size. The IV can be a random value which prevents the generation of identical ciphertext. The IV is XORed with the first plaintext block before it is encrypted. For successive blocks, the previous ciphertext block is XORed with the current plaintext before it is encrypted. From the encryption procedure it is known that the first ciphertext block C 1 is randomized by the IV ; and in the same way and in turn, a subsequent output ciphertext block is randomized by the immediate preceding ciphertext block. Hence, the CBC mode outputs randomized ciphertext blocks. 17

32 Chapter 2 Cryptographic Basics 18

33 Chapter 3 Electronic Passport In this chapter some characteristic features of the electronic passport will be discussed. Following an introduction to the Machine Readable Zone of passports the data structure for the storage medium of the electronic passport will be described. The focus is the security policy and cryptographic protocol for the electronic passport. 3.1 Machine Readable Zone (MRZ) The ICAO developed standards for MRTDs (Machine Readable Travel Documents), including passports and visas, with the intention of accelerating the passport check procedure at border crossings Structure of MRZ Every MRTD possesses a special MRZ (Machine Readable Zone), which is usually at the bottom of it. The MRZ consists of two lines and each line is 44 characters long. Following information is provided in the MRZ of a passport: name, sex, date of birth, nationality, passport number, date of expiry and check digits. Three fields of them are extremely important for the electronic passport and play an unsubstituted role for security of the passport date. They are passport number, date of birth and date of expiry. To simplify the formula expression below, we denote the passport number as P N, date of birth as DB and date of expiry as DE. Here in Figure 3.1 an example for MRZ can be seen. 19

Chapter 3 Electronic Passport Figure 3.1: An example of MRZ 3.1.2 Calculation of Check Digits The check digits 1, 2 and 3 (See Figure 3.1) are separately computed before calculating the check digit 4.

34 Chapter 3 Electronic Passport Figure 3.1: An example of MRZ Calculation of Check Digits The check digits 1, 2 and 3 (See Figure 3.1) are separately computed before calculating the check digit 4. Therefore the check digit 4 is used for checking that if the numbers which are in front of it are correct. We describe the procedure of calculation of all check digits in brief: each number is multiplied with the corresponding weight (See Figure 3.2). The first digit is multipled with 7, the next with 3, and the next with 1. The pattern then repeats 7, 3, 1, 7, 3, 1, 7, 3, 1, etc.. An example is shown in Figure 3.2. Figure 3.2: Calculation of Check Digits 20

3.2 Data Structure of the Electronic Passport 3.2 Data Structure of the Electronic Passport As already mentioned in Chapter 1 an RFID chip is embedded in each electronic passport.

35 3.2 Data Structure of the Electronic Passport 3.2 Data Structure of the Electronic Passport As already mentioned in Chapter 1 an RFID chip is embedded in each electronic passport. A file system for the chip is defined as LDS (Logical Data Structure) which is specified in a technical report [12]. In the current version of the report the LDS initially consists of 16 data groups. In the future three additional data groups will be also supported, in which data, e.g. visa of the destination country or travel record details, can be stored. Figure 3.3 shows the whole data structure and details of contents. Figure 3.3: Logical Data Structure 21

Chapter 3 Electronic Passport According to specifications of ICAO the LDS must be compatible with standard ISO 7816-4, which is specially defined for data structure of smart card file system.

36 Chapter 3 Electronic Passport According to specifications of ICAO the LDS must be compatible with standard ISO , which is specially defined for data structure of smart card file system. There are basically two categories of files [28]. The first category are directory files, which are called MF (master file) and DFs (dedicated files). The second category consists of normal data files, which are called EFs (elementary files), containing the actual user data. The MF is the root directory. It is implicitly selected after the smart card is reset. The MF contains all other directories and all files. It must be present in every smart card. A DF acts as a sort of folder in which other files (DFs and EFs) can be grouped together. Note a DF may contain other DFs. The user data needed for an application are located in EFs. EFs may be located directly below the MF or below a DF and their relationships are illustrated in Figure 3.4. Figure 3.4: File tree according to ISO/IEC The aforementioned 16 data groups are used for user data of passport; hence they are respectively called EF.DG 1, EF.DG 2,..., EF.DG 16. The 16 data groups, however, must not be completely implemented in the electronic passport. According to specifications of ICAO the data groups 1 and 2 are mandatory and all other data groups are optional. The data group 1 contains the data of the MRZ from the passport. A digital facial image of the passport holder is stored in data group 2 as the biometric identifier for face recognition. Further, an auxiliary elementary file called Security Data (EF.SOD) is also implemented in the LDS. As security measure the EF.SOD can guarantee authenticity and integrity of the all data groups which are implemented in a particular chip. Each data group will be hashed and these hash values are stored in EF.SOD. In addition, a DATA Group Presence Map (EF.COM) is also placed in the chip and it indicates which data groups are implemented. These EFs are located below a DF for the issuer state of the electronic passport. In the future, EF.DG 17, EF.DG 18 and EF.DG 19 will be stored below another DF for the countries into which the passport holder enters. The structure of LDS on the RFID chip is shown in Figure

37 3.3 Data Authenticity and Integrity Figure 3.5: The structure of LDS 3.3 Data Authenticity and Integrity The data security of electronic passport becomes focus of discussion since the electronic passport was adopted. It is well known that digital data can be arbitrarily and even lossless copied. Furthermore, the use of RF technology in electronic passports could make the illegal duplication of passport data even easier, as it may not be notified by the MRTD holder. In order to ensure authenticity and integrity of the digital data stored on the chip of passport, a digital signature system is adopted, so that each form of falsification and/or manipulation of data can be discovered. Concretely, it can be proved if the signed data were derived from an authorized entity and no more changed since the signature. For signing and verifying the digital data of electronic passports a PKI is introduced: Each member state sets up only one single Country Signing CA (Certification Authority) and at least one Document Signer. The Country Signing CA is the highest certificate authority of a country and it acts as the national trust point for all receiving states. Electronic passports will be issued by Document Signer, for example, Bundesdruckerei produces electronic passports. The public and private keys for digital signature are generated by the Country Signing CA. Their expiration dates are, however, different. According to the specification of ICAO the private key of the Country Signing CA is valid for three to five years and the public key must keep its validity between 13 and 15 years because the expiration 23

38 Chapter 3 Electronic Passport date of passport is specified for ten years in Germany. In more detail, the signature procedure is accomplished as follows: In the Logical Data Structure of the chip in the passport the Security Data EF.SOD contains hash value of the implemented data groups, for example, EF.DG1 and EF.DG2. The hash values are afresh signed with the key of the Document Signing CA by the issuer state (Figure 3.5). Each state possesses a certificate, which was signed by the Country Signing CA and stored in a public key register of the ICAO. The ICAO specifies algorithms and key lengths for the signature as well as hash algorithms to calculate the hash value stored in the Security Data EF.SOD. The algorithms RSA, DSA (digital Signature Algorithm) and ECDSA (Elliptic Curve digitally Signature Algorithm) are allowed as candidates for digital signature. For example, the ECDSA was chosen for the German electronic passport. The recommended key lengths for all three candidates are represented in the Table 3.1. Algorithm Country Signing CA [Bit] Document Signer [Bit] RSA/DSA ECDSA Table 3.1: Key Length for Digital Signature Algorithms In the case that a key of a Country Signing CA or of a Document Signing CA is compromised before expiration date, the concerned certificate must be revoked. Information about the revoked keys is distributed in a so-called revocation list. By revocation of a certificate for a Country Signing CA all Document Signing CA keys certified with this key are also invalid. Although the digital data signed with the revoked key is invalid, the validity of the passport is unaffected. By distributing as fast as possible the revocation list, the world-wide border sites can be informed of the compromise of the keys and execute an intensified control for the concerned passport. 3.4 Data Confidentiality Data confidentiality was defined by the ISO as ensuring that information is accessible only to those authorized to have access and that is also one of the design goals for electronic passport. In the technical report [14] the ICAO suggested an optional countermeasure called Basic Access Control and Secure Messaging to prevent that untrusted parties get reading access to the information stored in the electronic passport. 24

39 3.4 Data Confidentiality Description of the Basic Access Control Protocol Before any information can be read from an electronic passport via a passport reader, the reader must carry out the BAC (Basic Access Control) protocol. The BAC requires an initial interaction between electronic passport and passport reader to set up a se- Reader Passport (RF-chip) generating K ENC and K MAC r r R {0, 1} 64 R r R {0, 1} 128 M r := r r r p R r C r := Enc KENC (M r ) S r := Mac KMAC (C r ) decrypt and verify C p S p K seed := R r R p get challenge r p C r S r C p S p r p R {0, 1} 64 decrypt and verify C r S r R p R {0, 1} 128 M p := r p r r R p C p := Enc KENC (M p ) S p := Mac KMAC (C p ) K seed := R r R p Figure 3.6: The BAC Protocol cure communication channel for data exchange. Firstly, the reader procures the MRZ from the data page of the passport, generally via a connected OCR (Optical Character Recognition) scanner. The MRZ is used for computing access keys K ENC and K MAC for BAC. The K ENC and K MAC are both 128 bits long and used for the encryption and message authentication. The same keys are already stored in the passport chip as from issuing the passport. Only in such a way the passport can verify if the reader really has knowledge of the contents of the MRZ. While scanning the passport the reader initiates a challenge response protocol with the intention to generate 25

40 Chapter 3 Electronic Passport a key seed K seed, which is then used for computing the session key pair (K SENC and K SMAC ) (see Section 3.4.2). Each session needs a fresh session key pair so that the messages between passport and reader are also encrypted, that is the so-called secure messaging. If authentication is not successful, the session will be immediately stopped by the passport, in the reverse case, the passport releases its data contents. The protocol is illustrated in Figure Key Generator The above mentioned access keys K ENC and K MAC for the protocol BAC are derived from the MRZ which is printed on the passport (see Section 3.1). The procedure of the key derivation can be considered as a black box named access-key generator. This means that the input of the access-key generator is a 24 byte long character string, which comes from MRZ. The access-key generator mainly consists of two SHA-1s, which was already introduced in Chapter 2. The structure of the access-key generator is shown in Figure 3.7. Figure 3.7: Access-Key Generator The access-key generator is used for generating the keys K ENC as well as K MAC, which are obtained via concatenation of the outputs K a and K b. It can be denoted by 26

41 3.4 Data Confidentiality K ENC(MAC) = K a K b. Note the 2nd SHA-1 has a 20 byte input. For the BAC key derivation one produces two keys from the MRZ, i.e., K ENC and K MAC. For this one needs a 4 byte long string C (see Figure 3.7). Depending on whether a key is used for encryption or MAC computation the following values must be used: C = 1 for encryption. C = 2 for MAC computation. When the key seed K seed is computed via the BAC, the session key pair (K SENC and K SMAC ) are generated in second key generator called Session-Key generator. It is illustrated in Figure 3.8. The value C is chosen according to the same rules as before. Figure 3.8: Session-Key Generator Message Encryption According to the specification of ICAO the confidentiality of the messages between electronic passport and passport reader must be also guaranteed. To achieve this goal the symmetric encryption algorithm triple DES, whose key is 128 bits long (See Section 2.3), was adopted as cryptographic algorithm for the message encryption. Because a message is longer than 64 bits, the triple DES is run under the cipher 27

42 Chapter 3 Electronic Passport Figure 3.9: Message Encryption block chaining mode (see Section 2.4). The Figure 3.9 shows, how the message is encrypted. 28

43 Chapter 4 General Aim and Framework of Analysis According to the specification of ICAO an RFID system for electronic passport has a reliable range of up to 10 cm. This implies two points. Firstly, a communication between passport reader and passport should not be established, when the passport is outside of this range. And secondly, a third party may not receive the communication signal when he/it is outside of this range. However, many studies show other results regarding these points, e.g. the communication between passport and reader can be still eavesdropped at a longer distance, i.e. several meters, without large technical expenditure [9]. In addition, the cryptographic protocol Basic Access Control itself is weak, which can be used for attacking the whole passport system. In [22] the weakness of the BAC protocol was analysed. That work was based on Dutch electronic passport and showed how the access key was efficiently guessed without having the concerned MRZ. At the end of that work the authors gave a statement of their results that it will take 3 hours for searching the access key for a Dutch electronic passport on a standard PC. However, what about the German electronic passport in particular? 4.1 Complexity of Searching Access Key To obtain the access keys K ENC and K MAC for an electronic passport, the correct MRZ of this passport is absolutely essential. In Chapter 3 it is described that the MRZ consists of the concatenation of three fields, the passport number (PN), date of birth (BD) and date of expiry (ED), including their respective check digits. If the correct MRZ 29

44 Chapter 4 General Aim and Framework of Analysis can be guessed, the access keys K ENC and K MAC are easy to calculate. To evaluate the complexity of searching access keys the Shannon entropy [23] will be applied here to estimate the average minimum number of bits needed to encode a valid MRZ. Here the Shannon entropy (also called information entropy) of an ensemble X is defined to be the average Shannon information content of an outcome: H(X) := n P (x i ) log 2 P (x i ) i where X is a random variable which takes on a finite set of values x 1, x 2,..., x n ; P (x i ) is probability of x i. In addition, for estimating a complex system, e.g. an MRZ, which contains several parts, it is necessary to observe the joint entropy. The joint entropy of variables (X,Y ) is: H(X) := n P (x i, y i ) log 2 P (x i, y i ). For two stochastically independent variables (X,Y ) the joint entropy is i H(X, Y ) = H(X) + H(Y ) iff P (x, y) = P (x)p (y). But note that for two stochastically dependent variables (X,Y ) the joint entropy becomes H(X, Y ) H(X) + H(Y ). Yet because of the stochastically dependent variables (X,Y ), it is also necessary to introduce the conditional entropy H(X Y ) := n P (x i, y i ) log 2 P (x i y i ). Then, the joint entropy and conditional entropy are related by: i H(X, Y ) = H(X) + H(Y X) = H(Y ) + H(X Y ). 30

45 4.1 Complexity of Searching Access Key Case Studies In order to make the situation clear, another passport system, the Dutch electronic passport system as reference example, will be simultaneously investigated. A case study based on the both systems will be taken and the case study data is presented here to show quantitatively what the difference is between them. Note that it is firstly assumed for the case study that the probability distributions are discretely uniform and the fields P N, BD and ED are stochastically independent. There are also not any hints or tips for guessing the correct MRZ. Because of these assumptions, the values which are given in the case studies below are the upper bound estimates. Case study 1: The entropy of the Dutch electronic passport scheme Passport number: In the Netherlands, civil authorities issue passports with sequential passport number for the whole land. The passport number contains 9 characters which generally consist of a static letter N followed by another character and 7 digits, e.g., NF [22]. Therefore, its entropy is HP D N = ( ) log 2 ( ) = log 2 ( ) = i=1 Date of expiry: In the Netherlands, passports are valid for 5 years. With depending on the date of issuing, i.e., passports are only issued on working days, the entropy of the date of expiry for a valid passport is H D DE = log 2( /7) = Date of birth: Instead of denoting the year of birth with four digits, e.g. 1978, just the last two digits of it are used in the date of birth for passport, i.e. 78 in this example. Therefore, the entropy of this field is H D DB = log 2( ) = The whole MRZ: As a summary, the total entropy of the whole MRZ is HMRZ D = HD P N + HD DE + HD DB = = Case study 2: The entropy of the German electronic passport scheme D = Dutch; G = German 31

46 Chapter 4 General Aim and Framework of Analysis Passport number: In comparison with the Dutch electronic passport system, Germany has another recipe for the passport number. A local civil authority in Germany also issues passports with sequential passport number but only in the area where this authority is responsible for. Furthermore, each local civil authority possesses an identification code which consists of four digits. The total number is unchanged by nine digits, however, the actual passport number are five digits. This means that alphanumerical characters are not found in German passport number. Therefore, the passport number here would be subdivided into two separate individuals, the authority identification code denoted as AIC and actual passport number. Authority identification code: The entropy of the authority identification code is H G AIC = log 2(10 4 ) = passport number: An authority assigns the passport number continuously from 0 to The entropy of the actual passport number is H G P N = log 2(10 5 ) = Date of expiry: There is also a difference between both systems. Differing from the case in the Netherlands, German electronic passports are valid for 10 years. For a valid passport, the entropy of this field becomes basically H G DE = log 2( /7) = Date of birth: As same as the case in the Netherlands, the entropy of date of birth for German electronic passport system is also H G DB = log 2( ) = The whole MRZ: Based on the above analysis, the total entropy of authority identification code, passport number, date of birth and date of expiry becomes H G MRZ = HG AIC +HG P N +HG DE +HG DB = = 56.41, whose complexity is just approximately equal to the complexity of a single DES. 32

47 4.1 Complexity of Searching Access Key Reduction of the Complexity As it can be read from the section above, it is pointed out that the case studies based on several assumptions and used therefore a very crude approach. That all made the results in the case stadies not really useful. Actually, it will be possible to provide finer estimates, as it will be shown in the examples below. Entropy of Date of Expiry The assumption is provisionally unchanged from the previous case studies; however, it is noticeable that the entropy of date of expiry in both case studies is not accurate enough. Because the introduction of the electronic passport in Germany has been done since November 2005 and the introduction started in the Netherlands in August Consequently, there are in total 17 months in Germany and just 8 months in the Netherlands until now (April 2007). Then, the entropy of this field in both system decreases respectively to H D DE new,1 = log 2 (8 31 5/7) = 7.47 and H G DE new,1 = log 2 ( /7) = 8.56, without consideration of the different number of days per month. In this situation, the entropies of the whole MRZ are respectively H D MRZ new,1 = H D P N + HD DE new,1 + H D DB = = and H G MRZ new,1 = H G AIC + HG P N + HG DE new,1 + H G DB = =

Chapter 4 General Aim and Framework of Analysis Entropy of Date of Birth In case study 1 and 2 the entropy of date of birth has the same result 15.16, which is obviously not authentic.

48 Chapter 4 General Aim and Framework of Analysis Entropy of Date of Birth In case study 1 and 2 the entropy of date of birth has the same result 15.16, which is obviously not authentic. Though it is reasonable to take 100 as the upper bound of year of birth, when no details were given. If we have more information about this field, the entropy will without doubt be more precise. For example, in Figure 4.1 a diagram which represents the population age distribution on the year 2005 in Germany is created. Its source date, a listing about the population age distribution from the year 2001 until 2005, will be attached in Appendix A as additional material. According to this official statistics the entropy of Figure 4.1: The population age distribution in Germany in the year 2005 date of birth will become another finer value because of the probability distribution of year of birth. The calculation of the probability of year of birth is depicted in following P (x i ) = total number of people of one age-group total number of people of all target age-groups. 34

49 4.1 Complexity of Searching Access Key Generally, the minimum age to apply for a passport is 18 years, so it is reasonable to take age-groups between 18 and 80 years as our target groups, which might still be a conservative estimate. Then the entropy of the year of birth is H G year of birth := 80 i=18 P (x i ) log 2 P (x i ) = The entropy of date of birth thereby also gets a new value H G DB new,2 = log 2 (365.25) = Once more the entropy of the whole MRZ in the German electronic passport is decreased to H G MRZ new,2 = H G AIC + HG P N + HG DE new,1 + H G DB new,2 = = Unfortunately, the information about the Dutch population is unknown. If it is supposed that the Netherlands has a similar population age distribution as in Germany, the entropy of date of birth for the Dutch electronic passport would also be H D DB new,2 = log 2 (365.25) = Then, the entropy of the whole MRZ in the Dutch electronic passport is reduced to H D MRZ new,2 = H D P N + HD DE new,1 + H D DB new,2 = = Correlation between Passport Number and Date of Expiry In both countries civil authorities issue passports with sequential passport numbers; thus, there is a correlation between the date of issue (and therefore date of expiry) and the passport number. The feature can be exploited to reduce the complexity of the key space. For cryptanalysis of electronic passports, a database can be created, in which the date of expiry and the passport number are stored as a pair collected from each passport. For example, as it is depicted in Figure 4.2 that three such known combinations (x 1, y 1 ), (x 2, y 2 ) and (x 3, y 3 ) are saved in a database. This gives an asymptote in Figure 4.2. It is then easy to get an interval of the passport number from a given 35

50 Chapter 4 General Aim and Framework of Analysis Figure 4.2: Known dates of expiry reduce the search space expiry date or in other way around. Moreover, the interval reduces even further with every known combination of a passport number and the expiry date. This method is especially suitable to use for the analysis of Dutch electronic passports. For German electronic passport the situation is a little bit more complicated. It is necessary to build an own database for each particular civil authority which is allowed to issue passports. With this method, the entropy of the whole MRZ in both systems can be dramatically reduced. However, exact values of entropy cannot be yet given here, because it depends on how one implements it. In Chapter 5 two implementations will be developed with this method. Further Possibilities for Reductions There are actually a lot of possibilities to reduce the complexity of the key space, some of which are obvious and have been already described above. Besides, one can always get more information about unknown MRZ, through actively seeking and collecting concerned information. For example, it is informed that there are roughly 5300 civil authories in Germany. Therefore, the entropy of the authority identification code becomes HAIC G new = log 2 (5300) = 12.37, then the whole MRZ in the German electronic passport has the entropy HMRZ G new,2 = 51.72, without the considering of the abovementioned correlation. Another example, also based on the German electronic pass- port, each civil authority issues passports with sequential passport number within its 36

51 4.2 Analysis Scenarios responsible scope. If one knows the total number of valid passports for each authority identification code, the work to guess a particular MRZ would be easier. In oder to make the situation clear the subsequent section will deal with concrete analysis scenarios. 4.2 Analysis Scenarios In Section 4.1, the entropies of the MRZ fields were calculated under the assumption that nothing is known about them. But actually, it is almost always possible to find some information to make the guessing of the correct MRZ easier. Moreover, for a cryptanalysis work it is indispensable to build an analysis model intended for a clear stucture of the framework. In this section six available scenarios will be listed. In these scenarios the situation will be as real as possible simulated, so that the degree of simplicity of reconstructing from MRZ information may be measured or at least compared each other. Scenario 1: Assumption : Stochastic dependence of H P N and H DE not known Germany : AIC : It is known that the passport was issued, for example, in a particular city, where there are 10 civil authorities which are allowed to issue passports. HAIC G = log 2(10) = 3.32 PN : Unknown. HP G N = DB : One can see the passport holder and guess his age within a DE : margin of 10 years. Unknown. HDB G = log 2( ) = HDE G = HG DE new,1 = 8.56 Entropy : HMRZ G = HG AIC + HG P N + HG DB + HG DE = Netherlands : PN : Unknown. HP D N = DB : One can see the passport holder and guess his age within a DE : margin of 10 years. Unknown. HDB D = log 2( ) = HDE D = HD DE new,1 = 7.47 Entropy : HMRZ D = HD P N + HD DB + HD DE =

52 Chapter 4 General Aim and Framework of Analysis Scenario 2: Assumption : Stochastic dependence of H P N and H DE is known Germany : AIC : Equal as in Scenario 1. HAIC G = log 2(10) = 3.32 PN : Unknown, but through the collection of the valid passport number from each authority, it is informed that each authority issues about 60 passports a day. HP G N = log 2( ) = HMRZ HG AIC HG P N HG DB DB Entropy : : Equal as in Scenario 1. HDB G = log 2( ) = Netherlands : PN : Unknown, but it is informed that authorities issue about passports a day. HP D N = log 2( ) = DB : Equal as in Scenario 1. HDB D = log 2( ) = Entropy : HMRZ D = HD P N + HD DB = * See also the implementation results Scenario 3: Assumption : Stochastic dependence of H P N and H DE not known Germany : AIC : It is known that the passport was issued, for example, in a particular city where there are 2 civil authorities which are allowed to issue passports. HAIC G = log 2(2) = 1 PN : Unknown. HP G N = DB : One can see the passport holder and guess his age within a DE : margin of 5 years. Unknown. HDB G = log 2( ) = HDE G = HG DE new,1 = 8.56 Entropy : HMRZ G = HG AIC + HG P N + HG DB + HG DE = 37 Netherlands : PN : Unknown. HP D N = DB : One can see the passport holder and guess his age within a DE : margin of 5 years. Unknown. HDB D = log 2( ) = HDE D = HD DE new,1 = 7.47 Entropy : HMRZ D = HD P N + HD DB + HD DE = Scenario 4: 38

53 4.2 Analysis Scenarios Assumption : Stochastic dependence of H P N and H DE not known Germany : AIC : Equal as in Scenario 3. HAIC G = log 2(2) = 1 PN : Unknown. HP G N = DB : It is known that the passport holder was born, e.g. in HDB G = log 2(365.25) = 8.51 DE : It is only known that the passport was issued, e.g. in HDE G = log 2( ) = 8.03 Entropy : HMRZ G = HG AIC + HG P N + HG DB + HG DE = Netherlands : PN : Unknown. H D P N = DB : One can see the passport holder and guess his age within a margin of 10 years. H D DB = log 2( ) = DE : It is only known that the passport was issued, e.g. in H D DE = log 2( ) = 8.03 Entropy : H D MRZ = HD P N + HD DB + HD DE = Scenario 5: Assumption : Stochastic dependence of H P N and H DE not known Germany : AIC : Equal as in Scenario 3. HAIC G = log 2(2) = 1 PN : Unknown. HP G N = DB : The passport holder was born, e.g. on September 11. But it is not known in which year. HDB G = HG year of birth = 5.67 DE : Equal as in Scenario 4. HDE G = log 2( ) = 8.03 Entropy : HMRZ G = HG AIC + HG P N + HG DB + HG DE = Netherlands : PN : Unknown. H D P N = DB : The passport holder was born, e.g. on September 11. But it is not known in which year. H D DB = log 2(100) = 6.64 DE : Equal as in Scenario 4. H D DE = log 2( ) = 8.03 Entropy : H D MRZ = HD P N + HD DB + HD DE =

54 Chapter 4 General Aim and Framework of Analysis Scenario 6: Assumption : Stochastic dependence of H P N and H DE not known Germany : AIC : Known. PN : Unknown. DB : Known. HP G N = DE : Unknown. Entropy : HDE G = 8.56 HMRZ G = HG P N + HG DE = Netherlands : PN : Unknown. DB : Known. HP D N = DE : Unknown. Entropy : HDE D = 7.47 HMRZ D = HD P N + HD DE = Basic Concept With the complexity analysis for searching of the access key at hand, the actual target of this work can be achieved: An optimum hardware approach to extract the access keys. According to the specification, an unencrypted response message from passport will be sent to reader as answer to Get Challenge command. The same message will be received afresh by the passport during the protocol conversation phase, however, it is encrypted by reader with K ENC. Following the decryption and the successful verification, this message, as first block in plaintext, will be encrypted once again in CBC mode by passport. According to the specification of CBC mode, the plaintext block will be normally changed after XOR operation which is located before the triple DES encryption. However, as it can be seen in Figure 3.9, the first plaintext block will be unmodified because the IV = (in hex) defined in technical report [14]. Therefore, the response message and the first ciphertext block from passport can be seen as the plaintext and ciphertext pair, which is necessary for the analysis work. With intending to get access keys from plaintext and corresponding ciphertext (Known Plaintext Attack), a communication system based on RFID technology to receive the messages between passport reader and passport should be initially established. Further the obtained information will be analysed. Instead of communication eavesdropping, an RFID reader is used for a direct communication between this reader and the 40

4.4 Hardware Design Environment Figure 4.3: Architecture of the complete system electronic passport. In Figure 4.3 the architecture of the complete system is shown.

55 4.4 Hardware Design Environment Figure 4.3: Architecture of the complete system electronic passport. In Figure 4.3 the architecture of the complete system is shown. The reader used as passport reader is a commercially available RFID-reader called CM5121. The CM5121 is a dual interface USB 2 PC-linked reader that will read/write to both a MHz RFID contactless smart card and virtually any contact smart card. There is no high level RFID protocol implementation on the CM5121; the application is done on the host (PC) software. 4.4 Hardware Design Environment Before implementing the hardware system it is mandatory to discuss a suitable underlying system environment. Specially, the following aspects are to consider: 41

56 Chapter 4 General Aim and Framework of Analysis A multitude of parallel processors. Low cost processors. Flexibility in parameterization (e.g. bit sizes). Currently, available choices for hardware design are ASIC (Application Specific Integrated Circuits) or FPGA (Field Programmable Gate Arrays). Although ASICs are relatively cheaper than FPGAs, the great advantage of FPGAs compared to ASICs is being flexible in terms of logical modifications. Also consideration of the performance of reconfigurability, we will employ SRAM FPGA Xilinx Spartan-3 XC3S1000 for the hardware system. Table 4.1 shows a list the features of this FPGA. Feature XC3S1000 System Gates 1000K Slices 7,680 Logic Cells 17,280 Multipliers (18x18) 24 Block RAM Bits 432K Distributed RAM Bits 120K Max Single Ended I/O 391 RS2321 Yes USB 2.01 Yes VGA D-SUB1 Yes Table 4.1: Device features of SPARTAN-3 XC3S1000 The Xilinx Spartan-3 XC3S1000 contains 7680 slices, by which the functionality of being reprogrammable is realized. Each slice contains two 4-input LUTs (lookup tables), two configurable D-flip flops, multiplexers, dedicated carry logic, and gates used for creating slice based multipliers. Each LUT can implement an arbitrary 4- input boolean function The COPACOBANA COPACOBANA (Cost-Optimized Parallel Code Breaker) is an FPGA-based machine which is optimized for running cryptanalytical algorithms and by which the aspects mentioned in the previous section have been realized. The COPACOBANA is suitable for parallel computation problems which have low communication requirements. In 42

5: COBACOBANA architecture In order to give more information about its functionality, a summary of this machine will presented in short.

57 4.4 Hardware Design Environment Figure 4.4: The machine - COPACOBANA [21] the details about the COPACOBANA are described. In Figure 4.4 the COPA- COBANA machine is presented. Figure 4.5: COBACOBANA architecture In order to give more information about its functionality, a summary of this machine will presented in short. As a whole, 120 FPGAs of type Xilinx XC3S1000 can simultaneously contribute to a distributed task. However, the FPGAs are not soldered directly on a single backplane. Instead of that, six of them are grouped on single modules in standard DIMM format. There are 20 DIMM sockets on the backplane 43

58 Chapter 4 General Aim and Framework of Analysis which allow for a maximum extension of 20 FPGA modules. This design makes it easy to run the COPACOBANA in different stages of expansion, e.g. with 24, 66, or a maximum of 120 FPGAs. All modules are connected by a 64-bit data bus and a 16-bit address bus. A single DIMM module is shown as a schematic in Figure 4.5. As can be seen from the figure a controller card connect the data bus and address bus to a host- PC via USB interface. Every FPGA module is assigned a unique hardware address and the FPGAs are directly connected to a common 64-bit data bus on board of the FPGA module which is interfaced to the backplane data bus. Therefore, all FPGAs should have the same configuration and all FPGA modules should have the same layout. The controller card has to handle the adaptation of different clock rates: The USB interface works on a clock rate of 24 Mhz, the backplane is clocked with 33 Mhz and the controller card itself uses an internal clock of 133 Mhz. The internal clock is generated by an external clock synthesizer, the system clock is derived from a DCM (digital clock manager) implemented on the FPGA. 44

59 Chapter 5 Implementation In the past chapters, the necessary theories and technical fundamentals for this thesis were already introduced. Now, it is time to carry on the practical works. In this chapter, the whole implementation tasks for security analysis of electronic passport will be described in detail. Initially, to get several pairs of plaintext and ciphertext the Basic Access Control protocol for the communication between passport and passport reader will be established. As it was mentioned in Section 4.4, a hardware solution for protocol analysis will be implemented with hardware describe language VHDL (Very High Speed Integrated Circuit Hardware Description Language) [30]. 5.1 Establishing Communication Relationship for Passport In order to get several ciphertexts encrypted by a particular electronic passport, it is necessary not only to generate a correct BAC protocol, but also to establish a transmission protocol between the passport and passport reader. The transmission protocol is described in standard ISO and it is very similar to the protocol T = 1 which specified in standard ISO The protocol supports the transmission of APDU (APplication Data Unit), which can contain any data such as commands and responses, between a reader and RFID chips. The implementation is performed within the programming language C. It is based on a free software from a project named openmrtd [27]. Its goal is developing a software implementation of the ISO protocol stack. The developing environment runs under Linux. The RFID reader which is chosen for this work is a commercially available reader 45

60 Chapter 5 Implementation named CM5121. Its part for contactless application is a Philips CL RC632 reader. There is no high level RFID protocol implementation on the CM5121, therefore the application protocol is accomplished on the host PC. In order to achieve an implementation with clearly structure, the protocol is implemented completely according to the OSI layer model. However, instead of 7 layers as normal, it requires only 3 layers for RFID reader. There are the physical layer, transport layer and the application layer, i.e. layer 1, 2 and 7. An overview of the structure of the implementation is depicted in Figure 5.1. Figure 5.1: Overview of the structure of the implementation In technical report [14] the ICAO specified the BAC protocol for the communication between passport and passport reader. According to the standard ISO the whole communication procedure can be divided in two completely different procedures, i.e. Type A and Type B. For this implementation it is just necessary to implement the Type A procedure, because the German electronic passport is only compatible with the communication procedure Type A. As it can be seen in Figure 5.1 the BAC protocol runs completely on the application layer. Firstly, the message for electronic passport will be encrypted in BAC protocol and then transformed in APDU format according to ISO With support by USB driver functions the encrypted message will be sent to reader CM5121. Before the message is saved in registers of the reader, it will be formed by RC632 command set. On account of the known format the reader can read the message from its registers and submits the message to passport in an appropriate form. In Appendix B 46

61 5.2 Hardware Design for Searching Access Key there is an operation result of the BAC protocol. 5.2 Hardware Design for Searching Access Key With the collection of plain- and ciphertext pairs at hand, the next step, hardware approach for searching access key, can be run. The target for this hardware design is to provide a faster and individual hardware solution comparing with other corresponding software designs. As it was mentioned in Section 4.4, the approach runs on COPACOBANA, an FPGA-based machine which is suitable for parallel computation problems. The FPGAs work together as a whole system, but the single one of them concerns oneself with its own task. Therefore, the design emphasis shall concentrate on both the layout of single FPGA and the global functionality. The following sections describe the design structure with a top down approach, starting with the highest level entity and going down to the lower one Global Design Description The design works in the following way: every FPGA receives the same plain- and ciphertext pair and encrypts the plaintext into a new ciphertext. For each encryption, Algorithm 3 Access Key Searching with COPACOBANA Input: Plaintext M; Ciphertext C; Subkeyspace(Part of MRZ fixed for each FPGA) Output: MRZ 1: while overflow 1 do not all probabilities of MRZ are tested 2: Generate a new MRZ named MRZ T EMP ; 3: K ENC = SHA 1(SHA 1(MRZ T EMP )); 4: C NEW = Enc KENC (M); Encryption with TDES; 5: if C NEW = C then 6: return MRZ = MRZ T EMP ; Key is found! 7: end if 8: end while however, the key is not the same. Notice also that the keys do not come from the host PC for each encryption, because the USB interface uses a different clock rate in comparison with FPGAs (See Section 4.4). Instead of that, each FPGA possesses an own 47

62 Chapter 5 Implementation MRZ generator which produces a new MRZ per encryption. If the both ciphertexts are identical, that will mean that the concerned key (and therefore the MRZ information) is found. The whole procedure can be demonstrated in Algorithm 3. Figure 5.2: Layout of a single FPGA According to the design principle there are the following main components in each FPGA, a MRZ generator, an encryption engine, a register to store part MRZ information and a comparator to see if the both ciphertexts are identical. The FPGA Xilinx Spartan-3 XC3S1000 which is employed in COPACOBANA offers a relatively big amount of configurable logic. This feature will be used for attaining more efficient work for the implementation. Therefore, the parallel computation principle can be once more adopted inside a single FPGA. There are in total four engines implemented to accelerate the process fourfold. The whole layout of a single FPGA is illustrated in 48

63 5.2 Hardware Design for Searching Access Key Figure 5.2. The behaviour of the single FPGA implementation can be also shown in a finite state machine composed of five states. Figure 5.3: BAC analyst state machine RESET: at the beginning, each FPGA is set to the RESET state when the global reset signal is high. All internal registers are being set to default values and the state machine automatically goes to IDLE state, after the global reset signal is low. IDLE: in the IDLE state, the encryption engines are still inactive, but the MRZ generator prepares for receiving its fixed part (Subkeyspace) coming from the host PC. The registers for the plaintext, ciphertext and Subkeyspace are to write. After the Subkeyspace is written, the host PC issues the mrz-reset command, the state machine goes to the MRZ-RESET state. MRZ-RESET: in this state, the MRZ generator is being set to default value. Then, the host PC issues the start-engine command, the state machine goes to the RUN state. RUN: in this state, the MRZ generator produces new MRZ which is taken by the encryption engine. The comparator compares the new ciphertext against the original ciphertext for each encryption operation. 49

64 Chapter 5 Implementation SUCCESS: in case that the output of one of four comparators is high, the key is found. The MRZ generator is stopped and the concerned MRZ information is stored in a found key register. Then, the host PC issues two commands to read the MRZ information out of the found key register consecutively. The reason why two commands are necessary is because there is only a common 64-bit data bus connected to the controller card (and therefore to host PC). DONE: if the overflow signal is high, the all possible MRZs which can be produced by MRZ generator will be complete tested. For this fixed MRZ part (Subkeyspace) it is impossible to provide any correct MRZ information. The FPGA needs a new MRZ part and a new search is necessary The Encryption Engine In this section the encryption engine and its components will be described. An overview is shown in Figure 5.4. The engine consists of two components, an access-key generator and a triple DES. The access-key generator converts a valid MRZ into a 128-bit Figure 5.4: Stucture of the encryption engine long key with two SHA-1s, which are connected in series. In front of the two SHA-1s, there is another small but also important component, an ASCII expansion unit. Actually, the MRZ information contains 24 characters, which are equal to 192-bit code. The 50

65 5.2 Hardware Design for Searching Access Key ASCII expansion is therefore necessary, because the MRZ in Germany consists only of digits (0,1,..., 9) whose hexadecimal ASCII Code are (30, 31,...,39). This feature can be seen as an advantage using for our design of MRZ generator. It is only necessary to deal with low significant 4-bit of each character of the 24 characters string. This means that the actual bit number needed to produce a correct MRZ amount only to 96-bit, which also points to a smaller complexity and therefore a faster implementation. The ASCII expansion unit forms its input XX...X into output 3X3X...3X, where the X is a 4-bit digit. The SHA-1 Figure 5.5: Stucture of SHA-1 As critical component, the SHA-1 plays a decisive role in the whole design. It itself determines the main frequency with which the searching system works, because the 51

66 Chapter 5 Implementation SHA-1 works relatively slow in comparison with other components. It runs at an internal clock of 40 MHz. Otherwise, the SHA-1 takes 80 rounds to produces a hash value. The output period is consequently 80 25ns = 2.0µs long. As it can be seen in Figure 5.4, two SHA-1s are connected in series. With this structure the two SHA-1s work together using a pipeline principle. This means that they both can work simultaneously. The second SHA-1 handles the output value from the first SHA-1, while the first SHA-1 deals already with the next MRZ. Therefore, although two SHA-1s are required in access-key generator, the generator can deliver a hash value per 2.0µs. The Triple DES Figure 5.6: Structure of triple DES The triple DES works especially fast in hardware; however, we can not fully put this advantage to use for our design. The reason why not is that the efficiency of triple DES completely depends upon the speed of SHA-1 because of its position. Therefore, a general implementation, e.g. three single DES connect in series, i.e. a pipelining, is 52

67 5.2 Hardware Design for Searching Access Key not really meaningful. Since such a triple DES always falls into the idle situation anyway, we had rather implement the triple DES without pipelining. In such a way, we can save some slices at least, whose meaning is even important for parallel computation. With this thought, we separate a round encryption (also as decryption) and a round key schedule from the whole 16 rounds and let them respectively run cyclically. The structure is shown in Figure 5.6. With this architecture our triple DES here can deliver its result after 48 cycles. In this way, the triple DES just has to waste 32 rounds time to wait for the next input, yet the significant economization of the number of slices is obviously. That is also the reason why we can implement four engines into a single FPGA Implementations based on Particular Scenarios As a matter of attention, the important component, MRZ generator, is not introduced in the section above, because the structure of this component is not always the same. It depends on which assumption one takes as starting point for guessing the MRZ. In this section it will be described how the structure of MRZ generator is implemented conforming the particular situation. The implementations based on two scenarios, which were enumerated together with other fours in Chapter 4, will be shown in following sections. Before the concrete implementation, it is necessary to make design principle of subkeyspace comprehensible. The subkeyspace always obtains a fixed part of MRZ for each searching process, but the selection, which part is suitable as the content of subkeyspace, is very essential for the work efficiency of the searching access key. As introduced, the FPGAs work very fast and the reload of a new subkeyspace takes a relatively long time. Therefore, it has a great meaning to ensure that each searching process spans a long period of time. In other words, the reload times of new subkeyspaces should be reduced as least as possible. The concrete deals with the distribution of the subkeyspace is described in the following implementations. Implementation for Scenario 1 Suppose that the passport holder lives in a big city where there are a lot of civil authorities; however, 10 of them are allowed to issue passport. Their authority identification codes are, for example, between 5600 and It is unknown when and in 53

68 Chapter 5 Implementation which authority the passport was issued. Furthermore, it remains also unclear what is the passport number. With a little bit luck, it was informed that the concerned person is between years old. That means that the person was born between 1968 and With such information about the MRZ at hand, we can carry on with the implementation work. All components except for the MRZ generator are the same. It is necessary to implement a special MRZ generator to bring it into agreement with the condition in this scenario. According to the basic assumption of this scenario, it is difficult to find any correlation between passport number and expiry date. It is practically impossible to reduce the complexity of searching access key with the method which was described in Section In fact, the total number of the possible expiry date is only 516 until now. Therefore, in order to reduce the reload times of new subkey spaces, the date of expiry can be distributed among the FPGAs in COPACOBANA. Each FPGA obtains a particular expiry date which is stored in the part of MRZ register. For the remaining part of the MRZ five counters are required. They are respectively: authority code, Algorithm 4 MRZ Generation for Scenario 1 Input: DE Output: MRZ (for Germany) fixed for each FPGA 1: for AIC = (560)0 to (560)9 do 2: for PN = 0 to do 3: for DB.Y = 68 to 78 do 4: for DB.M = 1 to 12 do 5: for DB.D = 0 to 7 do 6: Compute the check digits for MRZ; 7: if Key is found then 8: return 0; 9: end if 10: end for 11: end for 12: end for 13: end for 14: end for 15: set overflow = 1 Key is not found for current subkey space! passport number, day, month and year counter. The day counter therein is a 3-bit 54

69 5.2 Hardware Design for Searching Access Key counter and it counts from 0 to 7 (in bit representation 000 to 111). Two bits, which are both used as identity code for engines and as additional bits for the day counter, are hardwired in each of the encryption engines and are different for each of them (00 to 11). Accordingly, the first engine handles the possible days from 0 to 7 (00000 to 00111), the second engine from 8 to 15 (01000 to 01111, the third from 16 to 23 (10000 to 10111)and the fourth from 24 to 31 (11000 to 11111). The operation of the MRZ generator can be described in the Algorithm 4. In order to further simplify the expression below, we denote the part of date of birthday, i.e. year, month and day respectively as DB.Y, DB.M and DB.D and the part of date of expiry respectively as DE.Y, DE.M and DE.D. Implementation for Scenario 2 For this implementation the same information about the MRZ as in the previous scenario is known; however, it is possible to manage to get some valid MRZs collected respectively from each authority (See Appendix C), so that it can be roughly evaluated how many passports would be issued during a day in every authority. In this situation the correlation between passport number and date of expiry can be analysed, thereby further reducing the complexity of searching access key. The operating mode of MRZ generator for this scenario can be described in Algorithm 5. Note that the possible first passport number which was issued by a particular authority during Algorithm 5 MRZ Generation for Scenario 2 Input: DB.Y, DB.M Output: MRZ (for Germany) fixed for each FPGA 1: for AIC = (560)0 to (560)9 do 2: for DB.D = 1 to 31 do 3: for DE.Y = 15 to 17 do 4: for DE.M = 1 to 12 do beginning on 01/11/15, ending on 31/03/17 5: P N = P N min,i ; i = AIC 6: for DE.D = 0 to 7 do 7: P N last = P N + P N sum,i 8: while P N P N last do 9: Compute the check digits for MRZ 10: 55

70 Chapter 5 Implementation Algorithm 5 Part 2 11: 12: if Key is found then 13: return 0; 14: end if 15: P N = P N + 1; 16: end while 17: end for 18: end for 19: end for 20: end for 21: end for 22: set overflow = 1 Key is not found! a day is denoted P N min,i and the possible last one is denoted P N last, where i is the authority identification code for this authority. The total number of passports which were issued in a particular authority during a day is denoted P N sum,i. Additionally, we will implement the Scenario 2 based not only on the German electronic passport, but also based on the Dutch electronic passport, in order to collect the important date for comparing the both systems, especially when the above mentioned correlation can be used. The Algorithm 6 describes the operation to generate the MRZ for the Dutch electronic passport. However, the notation is a bit different, because the passport number is differently specified in Dutch MRZ. The second character of the passport number is denoted P N 7 and the remaining part of the passport number is P N 6 0. P N i,min is denoted as the minimal passport number which is chosen for the searching work, where i is either 7 or 6 0. The P N sum is then the total number of passports which were issued in the netherlands during a day. Algorithm 6 MRZ Generation for Scenario 2 Input: DB.Y, DB.M Output: MRZ (for Netherlands) fixed for each FPGA 1: SET: P N 7 = P N 7,min and P N 6 0 = P N 6 0,min ; 2: for DB.D = 1 to 31 do 3: for DE.Y = 16 to 17 do 4: for DE.M = 1 to 12 do beginning on 01/08/16, ending on 31/03/17 5: 56

71 5.2 Hardware Design for Searching Access Key Algorithm 6 Part 2 6: 7: for DE.D = 0 to 7 do 8: for Counter = 1 to P N sum do 9: Compute the checksums for MRZ 10: if Key is found then 11: return 0; 12: else if P N then 13: P N 6 0 = P N ; 14: else 15: P N 7 = P N 7 + 1; 16: P N 6 0 = 0; 17: end if 18: end for 19: end for 20: end for 21: end for 22: end for 23: set overflow = 1 Key is not found! As a summary, the usage of the method based on the correlation between passport number and date of expiry can really accelerate the searching process, as it can be seen from the result provided in Section On the other hand, it has to be acknowledged that this method leads not always to a correct result. For example, a mistake produced through the estimate tolerance of the total number of passports issued during a day can bring to an unfortunate conclusion that the concerned MRZ, which is actually located in searching area, can be not found. 57

72 Chapter 5 Implementation 58

73 Chapter 6 Results So far the main components and the functionality of the implementation have been described. The remaining work to complete the thesis is to present the implementation results. In this chapter, the results of all implemented scenarios will be represented in details. 6.1 Operating Speed There are two different scenarios implemented for the cryptanalysis of the BAC protocol. For the second scenario therein an additional implementation based on Dutch electronic passport was also completed, in order to have a comparison between Dutch and German electronic passport. The implementations were programmed in hardware describe language VHDL and therefore, their simulation were accomplished with Xilinx Modelsim. Finally, to obtain the important results for the thesis, all implementations also run on the machine COPACOBANA. In Figure 6.1 a snapshot of the console output from COPACOBANA is given. As it was described in Chapter 5, the clock rate per FPGA in COPACOBANA is 40 MHz, however, this does not mean that the candidate keys would be also tested with this frequency. The reason why the key seaching does not work with this frequency is that the access-key generator needs 80 clocks to convert a valid MRZ into a 128- bit long triple DES key because of its critical component, SHA-1. Therefore, the time which is necessary to test a key is 80 25ns = 2.0µs. Its implicit meaning is that a single FPGA can check 4 keys per 2.0µs, i.e., 2,000,000 keys per second, because four encryption engines are implemented into it (See Section 5.2.1). If all 120 FPGAs participate in the searching work, the COPACOBANA will check = 480 keys every 2.0µs, 59

74 Chapter 6 Results 60 Figure 6.1: Console output from COPACOBANA

75 6.2 Result of Scenarios i.e., 240, 000, 000 keys per second. Using this data as a basis the subsequent sections will give the concrete results to the implementations. 6.2 Result of Scenarios Result of Scenario 1 According to the description in Section 5.2.3, each FPGA in COPACOBANA obtains one fixed expiry date assigned from the host-pc during the initial phase; hence, the amount of MRZ candidates for a fixed DE which denoted as SUM MRZ is SUM MRZ = #AIC #P N #DB.Y #DB.M #DB.D = 3, per FPGA, where # means the total number of the particular component in the formula. These keys can completely be checked in (3, /4) 2.0µs, i.e., 32 minutes by a single FPGA. From November 1, 2005 until Apri 31, 2007, there are 516 days, but the working days are only 369 days. Therefore, the complete amount of MRZ candidates is 3, = , which means an approximate complexity of 2 40 for the whole system based on Scenario 1. Thus, on average, COPACOBANA can find the correcte MRZ after (2 39 /480) 2.0µs which is approximately 38 minutes. The time required for loading the plaintext, ciphertext and date of expiry are neglectable Result of Scenario 2 There are two versions implemented for Scenario 2. Both implementations share a common design principle. The year and month of birthday are chosen as the fixed part stored in each FPGA. The reason of it is that there are exactly 120 months for 10 years, so that it required only one searching process. Respectively, the results of them will be summarized in follow. 61

76 Chapter 6 Results For German Electronic Passport Through an analysis of the exemplary collection of MRZs attached in Appendix C, it is possible to find out how many passports will be issued during a day per authority. According to the Algorithm 5, the amount of MRZ candidates is SUM MRZ = AIC 10 i=aic 1 #DB.D #DE.Y #DE.M #DE.D P N sumi = 9, per FPGA. Therefore, the complete amount of MRZ candidates is 9, = This means that the complexity is decreased from approximate 2 40 (See Scenario 1 and 2 in Section 4.2) to 2 30, just because of the usage of the method based on the correlation between passport number and date of expiry. Thus, the average time which the COPACOBANA needs to find the right MRZ is (2 29 /480) 2.0µs which is only approximately 2.24 seconds. For Dutch Electronic Passport It is known that the Dutch electronic passports are issued with sequential passport number for the whole Netherlands. Therefore, the same method can be also used for the implementation here to reduce the searching complexity of MRZ. The population of the Netherlands in 2005 was estimated by the CIA World Factbook at 16,407,491. In that year approximately 19% of the population under 15 years of age. This agegroup usually possess no passport. Through a very conservative calculation which is here carried out, P N sum = (1 19%) 16,407, , the total number of the passports which were issued during a day in the Netherlands is informed. Consequently, according to the Algorithm 6, the amount of MRZ candidates is SUM MRZ = #DB.D #DE.Y #DE.M #DE.D P N sum = 8,

77 6.3 Theoretical Estimation per FPGA. Therefore, the complete amount of MRZ candidates is 8, = , which indicates that the complexity is also decreased from approximate 2 47 (See Scenario 1 and 2 in Section 4.2) to Note that the extent of the decrease can strongly vary depending on that how the scenario is implemented. On average, COPACOBANA can find the correcte MRZ after (2 32 /480) 2.0µs which is approximately seconds. 6.3 Theoretical Estimation In order to make the results of this thesis more complete, a theoretical estimate will be performed in this section as a supplement to the practical part. Suppose that the mission is to restore the passport date through decrypting the communication segment, which was eavesdropped during a communication between the passport and a passport reader. However, differing from the previous scenarios, it is impossible to obtain any hints or tips about the concerned MRZ. In this case, it is to estimate how long the COPACOBANA will take to find the key. Doing the same as above, the estimate will be also performed in two situations For German Electronic Passport Just like it is given in Section 4.1.2, the entropy of a whole MRZ becomes HMEZ G = HMEZ G new,2 = 51.72, if it is considered that there are roughly 5300 civil authories in Germany. Thus, based on the average complexity, the COPACOBANA can find the correcte MRZ after (2 50 /480) 2.0µs which is approximately 54 days For Dutch Electronic Passport According to the complexity analysis in Section 4.1.2, the entropy of the MRZ of Dutch electronic passport is HMEZ D = HD MEZ new,1 = Similarly, on average, the COPACOBANA needs approximately 27 days to find a key. 63

78 Chapter 6 Results 64

79 Chapter 7 Conclusion and Future Work At the end of this thesis, the last item to deal with is the conclusion of the whole work. In addition of that, there are still some points to clarify, both the problems that have been detected during the investigation, and also the recommendations that might be interesting for future works. 7.1 Conclusion This thesis dedicates to investigate the security of the electronic passport through the demonstration of an optimum hardware approach against the Basic Access Control protocol. For this purpose, both the theoretical and practical cryptanalysis has been performed. It is based not only on German but also on Dutch electronic passport system, in order to make the conclusion more robust and reliable. Theoretically, the complexity to search the access keys for both systems would be just approximately equal the complexity of a single DES (See Section 6.3), if there are not any hints or tips for guessing the correct MRZ. But actually, the realistic assumption is that it is almost always possible to find some information to make the guessing of the correct MRZ easier. As it was demonstrated through the scenarios in Chapter 4 and the implementation in Chapter 5, with the hardware approach one can find the access key in very short time (See Section 6.2), especially, when the correlation between passport number and date of expiry is known. However, as a fact, it has to be acknowledged that the implementation based on the correlation between passport number and date of expiry leads not always to a correct result (See Section 5.2.3). As contrasted with this, the implementation based on the Scenario 1 always bring the desired result, although the searching time is longer. 65

80 Chapter 7 Conclusion and Future Work 7.2 Future Works Due to limitations of time and resources, the investigation s scope was restricted. As described in Chapter 4, an absolutely meaningful investigation work, a simulation of the eavesdropping on the communication between passport and passport reader, was not the aim of this thesis and therefore, it was not carried out. Whereas many articles (i.e.[24],[9]) made speculation that the communication between passport and passport reader can be eavesdropped from a range of 4 even 10 meter, the BSI has recently acknowledged that the eavesdropping is possible at a distance up to 2 meter [4]. Moreover, there are just a few of the articles which made this statement based on a practical experiment. Therefore, it is very interesting and meaningful to fulfill this project, yet. Figure 7.1: SHA-1 with pipeline principle 66

E-Passport: Cracking Basic Access Control Keys with COPACOBANA

E-Passport: Cracking Basic Access Control Keys with COPACOBANA Yifei Liu, Timo Kasper, Kerstin Lemke-Rust and Christof Paar Communication Security Group Ruhr University Bochum, Germany http://www.crypto.rub.de