[LINK] Access Card Insecurity Recognised by AIC
Roger Clarke
Roger.Clarke at xamax.com.au
Thu Sep 6 16:18:33 AEST 2007
One aspect of the Institute of Criminology report that's useful is
the part about the Access Card and the Passport. (I stress that this
is just one aspect, and others need attention too!).
Below is the post I sent to the privacy list earlier today.
__________________________________________________________________________
Today's report in the SMH:
Cyber crime will spread: study
http://www.smh.com.au/text/articles/2007/09/05/1188783320037.html
led to:
" ... Australia's biometrically enabled card will have widespread
uses and applications, making it a likely target for criminals. ...
[S]uch cards may facilitate the surreptitious collection of personal
data. For example, the unique multi-purpose identifiers ease the
monitoring of individuals' activities across different organisations
and could be exploited by rogue employees. Other areas of risk
include those associated with dishonest initial enrolment of users as
well as data security, both with respect to the card's computer chip
as well as supporting databases" (pp. 42-43)
Choo K.-K.R., Smith R.G. & McCusker R. (2007) 'Future directions in
technology-enabled crime : 2007-09' Research and public policy
series, no. 78, Australian Institute of Criminology, 2007
Media Release:
http://www.aic.gov.au/media/2007/20070905.html
Summary Paper:
http://www.aic.gov.au/publications/tandi2/tandi341.html
Full Report:
http://www.aic.gov.au/publications/rpp/78/
Extract of pp. 42-43:
Access cards
The Australian Government has resolved to implement a National Health
and Social Services access card, which includes a microchip with
detailed personal information. The access card would be issued to
more than 16.7 million people by 2010 (Hart 2007). Similar
initiatives have been implemented in the United States such as the
government ID card based on the Federal Information Processing
Standards issued by the National Institute of Standards and
Technology. Although not designed as a generalised government
identity card (AAP 2007a), Australia's biometrically enabled card
will have widespread uses and applications, making it a likely target
for criminals. Privacy and accountability concerns have been cited
with the access cards (ALRC 2006, Greenleaf 2007) as such cards may
facilitate the surreptitious collection of personal data. For
example, the unique multi-purpose identifiers ease the monitoring of
individuals' activities across different organisations and could be
exploited by rogue employees.
Other areas of risk include those associated with dishonest initial
enrolment of users as well as data security, both with respect to the
card's computer chip as well as supporting databases. As applications
of government issued smart technologies increase, risks will
increase, extending to systems used to facilitate new online services
such as electronic voting in elections, electronic tendering and
electronic democracy. Such applications would be attractive targets
for groups wishing to disrupt or affect levels of confidence in
government and business generally.
Despite the security architecture - supported by rigorous access
controls, logging and auditing - that will be deployed, organised
criminal groups will seek ways of compromising the system's computer
infrastructure or obtaining personal and confidential information.
The obtained information could be subsequently used in
identity-related crimes (e.g. more sophisticated malware and social
engineering) and other technology-enabled crime.
Biometric passports
Traditional paper-based passports are also being replaced with
RFID-enabled biometric passports (e-passports); a contactless
smartcard with a secure microprocessor that employs a passive radio
frequency to transmit data over an encrypted wireless link to a
reader. E-passports are designed to conform to International Civil
Aviation Organization standards. Although biometric passports contain
similar information as is found on the data page at the front of
traditional paper-based passport, e-passports are designed to provide
strong authentication that unequivocally identifies their bearers.
Academic researchers such as Smith (2006) have raised issues relating
to privacy, security and effectiveness of biometry. Researchers from
Vrije Universiteit Amsterdam and SRI International have suggested
that RFID chips could be used to compromise computer systems by
sending malicious data to vulnerable systems (Ortiz Jr 2006). The
likelihood of this happening in the real world, however, is rather
low at this time. Researchers from Germany also demonstrated that
e-passport RFID chips could be skimmed and cloned easily with
inexpensive and easily obtainable equipment. They then speculated
that the RFID tags embedded in United States e-passports could
potentially be used to identify them from a distance (Evers &
McCullagh 2006); a form of short-range clandestine tracking and
scanning. To prevent long-range scanning of closed passports,
metallic material is included in e-passport covers to limit RF
penetration; and Basic Access Control can be deployed to encrypt the
contents of e-passports such that optical scanning is required to
obtain the decryption key from e-passports.
Despite the preventive mechanisms deployed, the future will see new
hardware devices and software programs seeking to compromise the
quality of data-protection mechanisms and supporting architecture.
Such devices and programs aim to clone e-passports, facilitate
brute-force attacks on keys used for access control, and devise new
ways of tracking and scanning covertly (to circumvent the use of
Faraday cages). In 2006, Rieback and colleagues presented design
principles for RFID malware together with supporting proof-of-concept
examples to underscore the feasibility of RFID devices being abused
and exploited in attacks against e-passports (Rieback et al. 2006).
Summary
In many ways anticipating the future technological environment in
which technology-enabled crimes will be perpetrated is a relatively
simple task. Technology will continue to advance rapidly and while
those advances may permit faster access to, greater storage capacity
within, and greater speed and ease of information dissemination from,
computer systems, the potential for witting or unwitting negative
impacts upon that information will occur. Poorly designed, executed
and maintained security protocols, processes and devices leave
computer networks open to attack both by critical infrastructure
incidents and deliberate criminal malfeasance. The typology of recent
and anticipated security breaches has been typified by the quest for
and abstraction of information needed by criminals for committing
large-scale and profitable financial crimes. The ability for law
enforcement to maintain a watching brief on the potential impact of
new technologies and to convey that knowledge to organisations
through their own endeavours and/or through legislation and
regulation remain ingredients to the effective understanding and
mitigation of the future technology-enabled crime environment.
--
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in Info Science & Eng Australian National University
Visiting Professor in the eCommerce Program University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
More information about the Link
mailing list