Remember the US Government plan to put a radio chip in your passport? The one whose security has never been seriously studied, whose justification seemed to boil down to a hope that it would speed processing, but even that was wrong? The one whose security gets worse every time anyone competent looks at it? Well, someone else just looked at it.
Bart Jacobs & Ronny Wichers Schreur of Radboud University Nijmegen, Netherlands have discovered that an eavesdropper can decrypt everything sent over the air under the latest scheme. In about two hours. They presented at a SafeNL workshop, and have a working demo. It turns out the error is really basic, as explained in this press release:
The secret key is made up of the passport expiry date, birth date and the passport number stored in the passport’s Machine Readable Zone. The Dutch passport numbering scheme proves to be sequential and has a relation with the passport expiry date. Further, the last digit of the number is a checksum introducing additional predictability. The selection of a new and unpredictable passport numbering scheme would considerably improve the security.
Now, why does that sound familiar? Oh yeah! Its because that’s the same predictable key source attack I found on the SecurID client-server protocol a decade ago.
Is this fixable? This particular hole probably is, with a re-issued passport. The important questions are not about whether or not a new scheme can be designed and analyzed. That game of penetrate and patch doesn’t lead to secure systems, it leads to more penetrate and patch.
The important lessons are: First, the people doing this work are either incompetent, or working under such a compressed timeframe that they can’t get it right. Second, the chips should not have a radio. Let me say it again. The radio has no function, and introduces a plethora of security holes. It should be removed now, before the State Department needs to replace millions of passports.