When an e-Passport Talks and it Should Not

1. When an e-Passport Talksand it Should Not Martin Hlaváč and Tomáš Rosa Department of Algebra, MFF UK in Prague PPF banka a.s. and eBanka, a.s.

2. Outline • e-Passport • Active Authentication • Electro-Magnetic Side Channel • RSA with Chinese Remainder Theorem and Montgomery Exponentiation • Extracting Private Key • Conclusion

3. Electronic Passport • Equipped with a contact-less smartcard chip • Compatible with ISO 14443 and ISO 7816 • Application code: A0 00 00 02 47 10 01 • Data files • DG1 to DG15: related to the travel document (DG1 – copy of machine readable zone (MRZ), DG2 – photo of the face, DG15 public key for active authentication) • EF.COM, EF.SOD, EF.DIR: service data

4. P5CD072

5. Talking with the Passport passport RFID terminal RFID internal network transponder field terminal field

6. Security Mechanisms • Required by ICAO • Passiveauthentication – digital signature of all data files DG1, …, DG15 • Required in EU members • BAC – basic access control to data files and selected functions (e.g. active authentication) • Optional • Active authentication – challenge-response authentication of the chip (e.g. used in Czech Republic, not in Germany)

7. Active Authentication I (CZ) • Terminal: • Generates 8B random number V and sends it to passport • Passport: • Generates 106B random numberU • Computesw = SHA-1( U || V ). • Setsm = 6A || U || w || BC, (21022 < m < 21024) • Computess = md mod N, where (N, d) is private RSA key of the passport • Sends s to terminal

8. Active Authentication II (CZ) • Message m is chosen jointly by the passport and terminal, i.e. can not be conveniently chosen by neither side • Existing chosen-plaintext attacks can not be employed

9. FAME-XE Exposure in the Field s = md mod N S M S M S M S M S M S Measurements by doc. Lórencz’s team, KP FEL ČVUT in Prague, april 2007

10. Chinese Remainder Theorem (CRT) • private RSA operation mdmodN is computed using CRT as follows sp = (mp)dpmodp sq = (mq)dqmodq s = ((sq-sp)pinvmodq)p + sp • 4x faster than simple exponentiation • use of secret p,q makes CRT more vulnerable

11. Montgomery exponentiation • exponentiation Input: c, p, d (=dn-1dn-2…d1d0)2) Output: x = cdmodp • ucRmodp • zu • for i = n-2 to 0 • z mont(z,z,p) • if di == 1 then • z mont(z,u,p) • else • z’ mont(z,u,p) • endfor • z mont(z,1,p) • return z • multiplication (mont) Input: x,yZp Output: w = xyR-1modp • wxy • t s(-p-1) modR • gs + tp • wg/R • if w>p then • ww – p (final substitution) • return w • operations mod/div R=2512, i.e. it’s fast • leaks information about secret p in final substitution

12. Amount of Final Substitutions • we suspect the amount of FS leaks from the passport in EM channel • More higher-quality measurements are needed to support this hypothesis If this hypothesis is correct the Active Authentication can be broken

13. lin. algebra Outline of the attack approximations of secret q # FS (known) Experiments indicate some approximations are good enough. function of p (unknown) The relationship between the number of FS during the computation mcmodN and the value miRmodp. (Tomoeda, 2006) precision in bits # FS app. 2%

14. Key Recovery • Construct suitable lattice • Reduce its basis with LLL algorithm • Hope the hidden number q is revealed Experiments: • With 150 measurements filtered from app. 7000, the key is recovered in 40 minutes on 2GHz Opteron

15. Conclusion • EM side channel on e-passport exists • New cryptanalytic technique using this side information is elaborated • Higher quality measurements needed • If our hypothesis is correct, AA can be broken, i.e. e-passport can be duplicated, in order of hours

16. Thank you for your attention … Martin Hlaváč Department of Algebra MFF UK, PPF banka, a.s. hlavm1am@artax.karlin.mff.cuni.cz Tomáš Rosa eBanka, a.s. Department of Algebra MFF UK, trosa@ebanka.cz