an analysis of security weaknesses in the evolution of rfid enabled passport
DESCRIPTION
An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport. Bruna Carolina Baudel de Santana Ermano Ardiles Arruda Guilherme Reis da Rocha Borba Marques Nicolle Chaves Cysneiros Rafael Lucena Cavalcanti de Oliveira Roberta Cabral Mota. Roteiro. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/1.jpg)
An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport
Bruna Carolina Baudel de SantanaErmano Ardiles Arruda
Guilherme Reis da Rocha Borba MarquesNicolle Chaves Cysneiros
Rafael Lucena Cavalcanti de OliveiraRoberta Cabral Mota
![Page 2: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/2.jpg)
Roteiro
O que é um e-passport? Mecanismos de controle de segurança / geração Vulnerabilidades de segurança Modelagem de ataques
O que é um e-passport? Mecanismos de controle de segurança
– Autenticação Passiva (PA)– Autenticação Ativa (AA)– Controle de Acesso Básico (BAC)– Controle de Acesso Estendido (EAC)
Modelagem de ataques
![Page 3: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/3.jpg)
O que é um E-passaport ?
Machine Readable Passport (MRP)
Número do passaporte País emissor Data de expedição Nome / Sobrenome Nacionalidade Data de Nascimento Etc.
Machine Readable Zone (MRZ)
![Page 4: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/4.jpg)
O que é um E-passaport ?
E-passport: Infraestrutura de novos componentes– RFID
Informações MRZ
Foto do portador do passaporte
Número de identificação única do chip
Assinatura digital
Dados adicionais
![Page 5: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/5.jpg)
O que é um E-passaport ?
E-passport: Infraestrutura de novos componentes– PKI
Criptografia de chave pública
Hello, World!
Encrypt6EB695708E03C Decrypt
Hello, World!
public key private key
![Page 6: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/6.jpg)
O que é um E-passaport ?
E-passport: Infraestrutura de novos componentes– PKI
Criptografia de chave pública
Confidencialidade: a chave pública é usada para cifrar mensagens, com isso apenas o dono da chave privada pode decifrá-la.
Hello, Alice!
Bob Alice
Hello, Alice!Encrypt Decrypt6EB6957
08E03C
Alice’s public key Alice’s private key
![Page 7: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/7.jpg)
O que é um E-passaport ?
E-passport: Infraestrutura de novos componentes– PKI
Criptografia de chave pública : FALHA DE SEGURANÇA
Hello, Alice!
Bob David
Hello, Alice!Encrypt Decrypt6EB6957
08E03C
Alice’s FAKE public key David’s private key
MUA HA HA!
![Page 8: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/8.jpg)
O que é um E-passaport ?
E-passport: Infraestrutura de novos componentes– PKI
Criptografia de chave pública + Certificado Digital
Bob
John
A chave de Alice é a número
1.Ok,
John.
1
2
3
![Page 9: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/9.jpg)
O que é um E-passaport ?
E-passport: Infraestrutura de novos componentes– PKI
Criptografia de chave pública + Certificado Digital
BobJohn
A chave de Alice é a número
1.Eu te
conheço?1
2
3Roberta
Pode confiar.
BobOk.
![Page 10: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/10.jpg)
O que é um E-passaport ?
E-passport: Infraestrutura de novos componentes– PKI
DGs
Controle de Imigração
DGsEncrypt Decrypt6EB695708E03C
private key publickey
CA
![Page 11: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/11.jpg)
Passive Authentication (PA)
Único dispositivo de segurança obrigatório na primeira geração de passaportes eletrônicos
Objetivo de verificar a integridade dos dados armazenados no chip RFID
Não verifica se o passaporte pertence a pessoa que o esta carregando
Não previne a cópia dos dados do chip do passaporte
![Page 12: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/12.jpg)
Passive Authentication (PA)
![Page 13: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/13.jpg)
Passive Authentication (PA)
Problemas de segurança relacionados a PA.– Clonagem das informações do chip.– Vazamento de dados.– Interceptação e monitoramento da comunicação entre
passaporte e leitor.– Rastreamento do passaporte.
![Page 14: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/14.jpg)
Passive Authentication (PA)
Exemplo de falha na segurança
![Page 15: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/15.jpg)
Passive Authentication (PA)
Cenário de possível ataque
10m
![Page 16: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/16.jpg)
Basic Access Control (BAC)
Primeira Geração de E-Passport
Procura garantir que os dados do chip RFID sejam lidos apenas por leitores autorizados pelo dono do passaporte
Provê canal de comunicação segura (Secure Messaging) entre chip RFID e leitor
![Page 17: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/17.jpg)
Basic Access Control (BAC)
Chaves de encriptação gerada a partir de dados lidos da Machine Readable Zone (MRZ)
![Page 18: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/18.jpg)
Basic Access Control (BAC)
A autenticação mutua entre o chip RFID e o leitor é feito pelo protocolo Challenge-Response (ISO/IEC 11770-2)
Leitor RFID
GET_CHALLENGE
𝑛𝑇
MUTUAL_AUTHENTICATE
NAJERA, P.; MOYANO, F.; LOPEZ , J. Security Mechanisms an Access Control Infrastructure for e-Passports and General Purpose e-Documents. University of Malaga. Malaga.
![Page 19: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/19.jpg)
Basic Access Control (BAC)
Leitor RFID
𝐶𝑇∨¿𝑀𝑇
NAJERA, P.; MOYANO, F.; LOPEZ , J. Security Mechanisms an Access Control Infrastructure for e-Passports and General Purpose e-Documents. University of Malaga. Malaga.
![Page 20: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/20.jpg)
Basic Access Control (BAC)Vulnerabilidade
As chaves são calculadas a partir de 3 dados:– Número do Passaporte– Data de Nascimento– Data de Validade do Passaporte
Com chaves de entropia de apenas 56 bits (número de passaporte composto por apenas números), o BAC é vulnerável a ataques de força-bruta.
![Page 21: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/21.jpg)
Active Authentication (AA)
Primeira Geração de E-Passport (Opcional)
Mecanismo anti-clonagem ou modificação do chip
Assegura que as informações lidas são do chip original, escrito pela entidade emissora do passporte.
![Page 22: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/22.jpg)
Active Authentication (AA)
É preciso que o Data Group 15 esteja presente no RFID
![Page 23: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/23.jpg)
Private Key ()
![Page 24: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/24.jpg)
Active Authentication (AA)
A autenticação mutua entre o chip RFID e o leitor é feito pelo protocolo Challenge-Response (ISO/IEC 11770-2)
Leitor RFIDR (Challenge)
Z (Response)
R =
CHECK
GET_PUBLIC_KEY
(DG-15) 𝐾𝑃𝑢𝐴𝐴
R, Z,
NAJERA, P.; MOYANO, F.; LOPEZ , J. Security Mechanisms an Access Control Infrastructure for e-Passports and General Purpose e-Documents. University of Malaga. Malaga.
![Page 25: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/25.jpg)
Active Authentication (AA)Vulnerabilidade
Manipulação de Index– AA não é obrigatório– É possível fazer com que o IS ignore a verificação– Basta fazê-lo pensar que o DG-15 não consta no
passaporte
![Page 26: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/26.jpg)
Active Authentication (AA)Vulnerabilidade
Side-channel atacks– Time Analysis (Computation time)– Power Analysis (Power consuption)
![Page 27: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/27.jpg)
Active Authentication (AA)Vulnerabilidade
Time Analysis
![Page 28: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/28.jpg)
Active Authentication (AA)Vulnerabilidade
Power Analysis
![Page 29: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/29.jpg)
Active Authentication (AA)Vulnerabilidade
Side-channel atacks– Time Analysis (Computation time)– Power Analysis (Power consuption)
Tracking Grandmaster Chess Attack Dependeny on BAC (Low Key Entropy)
![Page 30: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/30.jpg)
Extended Access Control (EAC)
Dispositivo de segurança obrigatório pela UE na segunda geração
Adiciona funcionalidades para autenticar o chip RFID e o leitor
Utiliza dois protocolos de segurança– Chip Authentication (CA)– Terminal Authentication (TA)
![Page 31: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/31.jpg)
Chip Authentication (CA)
Verifica se os dados foram alterados ou o chip foi clonado
Método Diffie-Hellman (DH – chave efêmera) Utiliza um par de chaves pública (DG-14) e privada
https://www.bsi.bund.de/EN/Topics/ElectrIDDocuments/SecurityMechanisms/securEAC/securCA/ca_node.html
![Page 32: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/32.jpg)
Chip Authentication (CA)Vulnerabilidades
Espionagem de uma comunicação
Leitor válido com certificado expirado
Denial of Service DoS (Jamming e blocking)
Ataque Grandmaster Chess
Dependência Low key entropy (BAC)
![Page 33: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/33.jpg)
Terminal Authentication (TA)
Verifica se o leitor tem permissão para acessar os dados no chip RFID
PKI: CVCA → Terminal Certificate (TC)
http://www.frontex.europa.eu/assets/Publications/Research/Operational_and_Technical_Security_of_Electronic_Pasports.pdf
![Page 34: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/34.jpg)
Terminal Authentication (TA)Vulnerabilidades
Denial of Service DoS (Jamming)
Leitor válido com certificado expirado
Terminais roubados
![Page 35: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/35.jpg)
Modelagem de Processo de Ataque
Sequências ou passos de Ataque
![Page 36: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/36.jpg)
Attack Trees
Ataque man-in-the-middle
Ataque à vulnerabilidade da entropia baixa da chave BAC
![Page 37: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/37.jpg)
Attack Trees
![Page 38: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/38.jpg)
Attack Trees
![Page 39: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/39.jpg)
Attack Trees
Attack Tree Threat Analisys
![Page 40: An Analysis of Security Weaknesses in the Evolution of RFID Enabled Passport](https://reader038.vdocument.in/reader038/viewer/2022110101/56812b4a550346895d8f6c7b/html5/thumbnails/40.jpg)
Conclusão
Vimos:
Duas gerações de passaportes com RFID
Suas vulnerabilidades
Como criar um perfil de vetores de ataque
Gerenciamento de risco