Attacks on Digital Passports

To view the full lecture on video, click "Here".

• What The News
• General information
  • When & Where
  • Tickets
  • Travel
  • FAQ
  • Thanks to ...
  • Contact
  • Forum (old site)
• Camping
  • Map of WTH
  • Weather
  • Hotels
  • Facilities
  • Campsite locations
• Participate
  • Volunteers
  • Villages
  • Projects
• Conference program
  • Schedule Day 1
  • Schedule Day 2
  • Schedule Day 3
  • Schedule Day 4
  • Events
  • Speakers
  • iCal
• Other
  • Photos
  • Press Reviews

Abstract

Digital Passports are introduced to combat passport modification and cloning fraud. The legacy technology has shown a growing business case for identity-fraud to support illegal migration and terrorism. Digital Passports rely on smart cards for protecting the integrity of personal data and avoiding illegal cloning. Although smart card technology is very suitable for this, vulnerabilities do exist and new attacks continuously emerge.

This presentation first briefly discusses the state of the art of secure identification technology, including applications, biometry, (contactless) smart cards, operating systems, cryptographic protocols and algorithms. Then, it covers several of the latest logical and side channel attack techniques in detail. The theory behind the attack technique is explained to the audience, and for each technique, a demonstration is given on a commercially available card.

Description

The first part of the talk (10 minutes) will be introductory and elaborate on the following subjects:

• problems with legacy identification documents
• identification, authentication and privacy challenges
• digital IDs in the context of application requirements for passports, voting, driving license, health records, etc
• smart card and biometry concepts
• cryptography and key management

The second part of the talk (10 minutes) will discuss the technical capabilities of smart cards:

• system architecture
• security features
• operating system and application sandbox
• Java Card concepts and application programming

The third, and major, part of the talk (45 minutes) will focus on threats and include demonstrations of attacks:

• invasive, logical and side channel attacks
• java card threats: ill-formed applets, malicious applets and automated social engineering.
• demonstration of a type confusion attack using dangling pointers to retrieve secret PIN codes and keys.
• theory of side channel information leakage through power consumption
• Electro-Magnetic Analysis (EMA), smart card attacks through radiation
• advanced side channel attacks: high order differential power analysis
• demonstration of RSA breaking on identity card

Speakers

• Marc Witteman

Schedule

Informations