[LINK] Access Card Insecurity Recognised by AIC

Roger Clarke Roger.Clarke at xamax.com.au
Thu Sep 6 16:18:33 AEST 2007


One aspect of the Institute of Criminology report that's useful is 
the part about the Access Card and the Passport.  (I stress that this 
is just one aspect, and others need attention too!).

Below is the post I sent to the privacy list earlier today.
__________________________________________________________________________

Today's report in the SMH:
Cyber crime will spread: study
http://www.smh.com.au/text/articles/2007/09/05/1188783320037.html

led to:

" ... Australia's biometrically enabled card will have widespread 
uses and applications, making it a likely target for criminals. ... 
[S]uch cards may facilitate the surreptitious collection of personal 
data. For example, the unique multi-purpose identifiers ease the 
monitoring of individuals' activities across different organisations 
and could be exploited by rogue employees. Other areas of risk 
include those associated with dishonest initial enrolment of users as 
well as data security, both with respect to the card's computer chip 
as well as supporting databases" (pp. 42-43)

Choo K.-K.R., Smith R.G. & McCusker R.  (2007)  'Future directions in 
technology-enabled crime : 2007-09'  Research and public policy 
series, no. 78, Australian Institute of Criminology, 2007

Media Release:
http://www.aic.gov.au/media/2007/20070905.html

Summary Paper:
http://www.aic.gov.au/publications/tandi2/tandi341.html

Full Report:
http://www.aic.gov.au/publications/rpp/78/


Extract of pp. 42-43:

Access cards

The Australian Government has resolved to implement a National Health 
and Social Services access card, which includes a microchip with 
detailed personal information. The access card would be issued to 
more than 16.7 million people by 2010 (Hart 2007). Similar 
initiatives have been implemented in the United States such as the 
government ID card based on the Federal Information Processing 
Standards issued by the National Institute of Standards and 
Technology. Although not designed as a generalised government 
identity card (AAP 2007a), Australia's biometrically enabled card 
will have widespread uses and applications, making it a likely target 
for criminals. Privacy and accountability concerns have been cited 
with the access cards (ALRC 2006, Greenleaf 2007) as such cards may 
facilitate the surreptitious collection of personal data. For 
example, the unique multi-purpose identifiers ease the monitoring of 
individuals' activities across different organisations and could be 
exploited by rogue employees.

Other areas of risk include those associated with dishonest initial 
enrolment of users as well as data security, both with respect to the 
card's computer chip as well as supporting databases. As applications 
of government issued smart technologies increase, risks will 
increase, extending to systems used to facilitate new online services 
such as electronic voting in elections, electronic tendering and 
electronic democracy. Such applications would be attractive targets 
for groups wishing to disrupt or affect levels of confidence in 
government and business generally.

Despite the security architecture - supported by rigorous access 
controls, logging and auditing - that will be deployed, organised 
criminal groups will seek ways of compromising the system's computer 
infrastructure or obtaining personal and confidential information. 
The obtained information could be subsequently used in 
identity-related crimes (e.g. more sophisticated malware and social 
engineering) and other technology-enabled crime.

Biometric passports

Traditional paper-based passports are also being replaced with 
RFID-enabled biometric passports (e-passports); a contactless 
smartcard with a secure microprocessor that employs a passive radio 
frequency to transmit data over an encrypted wireless link to a 
reader. E-passports are designed to conform to International Civil 
Aviation Organization standards. Although biometric passports contain 
similar information as is found on the data page at the front of 
traditional paper-based passport, e-passports are designed to provide 
strong authentication that unequivocally identifies their bearers.

Academic researchers such as Smith (2006) have raised issues relating 
to privacy, security and effectiveness of biometry. Researchers from 
Vrije Universiteit Amsterdam and SRI International have suggested 
that RFID chips could be used to compromise computer systems by 
sending malicious data to vulnerable systems (Ortiz Jr 2006). The 
likelihood of this happening in the real world, however, is rather 
low at this time. Researchers from Germany also demonstrated that 
e-passport RFID chips could be skimmed and cloned easily with 
inexpensive and easily obtainable equipment. They then speculated 
that the RFID tags embedded in United States e-passports could 
potentially be used to identify them from a distance (Evers & 
McCullagh 2006); a form of short-range clandestine tracking and 
scanning. To prevent long-range scanning of closed passports, 
metallic material is included in e-passport covers to limit RF 
penetration; and Basic Access Control can be deployed to encrypt the 
contents of e-passports such that optical scanning is required to 
obtain the decryption key from e-passports.

Despite the preventive mechanisms deployed, the future will see new 
hardware devices and software programs seeking to compromise the 
quality of data-protection mechanisms and supporting architecture. 
Such devices and programs aim to clone e-passports, facilitate 
brute-force attacks on keys used for access control, and devise new 
ways of tracking and scanning covertly (to circumvent the use of 
Faraday cages). In 2006, Rieback and colleagues presented design 
principles for RFID malware together with supporting proof-of-concept 
examples to underscore the feasibility of RFID devices being abused 
and exploited in attacks against e-passports (Rieback et al. 2006).

Summary

In many ways anticipating the future technological environment in 
which technology-enabled crimes will be perpetrated is a relatively 
simple task. Technology will continue to advance rapidly and while 
those advances may permit faster access to, greater storage capacity 
within, and greater speed and ease of information dissemination from, 
computer systems, the potential for witting or unwitting negative 
impacts upon that information will occur. Poorly designed, executed 
and maintained security protocols, processes and devices leave 
computer networks open to attack both by critical infrastructure 
incidents and deliberate criminal malfeasance. The typology of recent 
and anticipated security breaches has been typified by the quest for 
and abstraction of information needed by criminals for committing 
large-scale and profitable financial crimes. The ability for law 
enforcement to maintain a watching brief on the potential impact of 
new technologies and to convey that knowledge to organisations 
through their own endeavours and/or through legislation and 
regulation remain ingredients to the effective understanding and 
mitigation of the future technology-enabled crime environment.

-- 
Roger Clarke                  http://www.anu.edu.au/people/Roger.Clarke/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in Info Science & Eng  Australian National University
Visiting Professor in the eCommerce Program      University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW



More information about the Link mailing list