{"id":766,"date":"2015-11-08T13:07:46","date_gmt":"2015-11-08T13:07:46","guid":{"rendered":"http:\/\/nethemba.com\/de\/ueber-uns\/forschung\/public-security-analysis-of-slovak-biometric-passports\/"},"modified":"2016-02-19T13:38:37","modified_gmt":"2016-02-19T13:38:37","slug":"public-security-analysis-of-slovak-biometric-passports","status":"publish","type":"page","link":"https:\/\/nethemba.com\/de\/ueber-uns-old\/forschung\/public-security-analysis-of-slovak-biometric-passports\/","title":{"rendered":"Public security analysis of Slovak biometric passports"},"content":{"rendered":"<h3 lang=\"en-GB\">(still in progress &#8211; if you can help us, <a href=\"https:\/\/nethemba.com\/de\/kontakt\">do not hesitate to contact us<\/a>)<\/h3>\n<p lang=\"en-GB\">We have practically demonstrated the possibility of reading of a new Slovak biometric RFID passport. The passport can be read by arbitrary ISO14443A-compliant RFID reader (for our experiment we have used cheap <a href=\"http:\/\/www.touchatag.com\/\">touchatag reader<\/a> that <a href=\"http:\/\/www.touchatag.com\/e-store\">can be bought<\/a> for 30 \u20ac).<\/p>\n<p lang=\"en-GB\">Personal data are encrypted by <a href=\"http:\/\/en.wikipedia.org\/wiki\/Machine-readable_passport\">Machine Readable Zone<\/a> which is printed on the last but one page of the passport.\u00a0The MRZ is composed from the passport&#8217;s number, the birthdate and date of expiration. With the knowledge of this information <a href=\"http:\/\/www.highprogrammer.com\/cgi-bin\/uniqueid\/mrzp\">MRZ can be computed<\/a>. The following information can be obtained from the passport using MRZ:<\/p>\n<ul>\n<li>All personal information that is already printed in the passport (EF.DG1)<\/li>\n<li>Photograph of the passport holder (stored in JPEG)\u00a0(EF.DG2)<\/li>\n<\/ul>\n<p lang=\"en-GB\">The following information cannot be read using MRZ and require a special key\u00a0(owned by the Slovak government):<\/p>\n<ul>\n<li>Fingerprint of the passport holder (EF.DG3)<\/li>\n<li>Active Authentication\u00a0Public\u00a0Key Info (EF.DG15)<\/li>\n<\/ul>\n<p>The passport is not by-default protected by a special <a href=\"http:\/\/www.rfid-shield.com\/\">RFID\u00a0shield<\/a>, so it can be read closed from the distance of 5 cm. In case of using the stronger antenna this distance can be significantly bigger (up to 10 meters and it will increase in the future).<\/p>\n<p>The passport returns a random unique ID\u00a0(UID), so it is not possible to fingerprint it and determine its producer\u00a0(this behaviour can be emulated by NXP JCOP 41 v2.2.1 72K <strong>RANDOM_UID smartcard)<\/strong>.<\/p>\n<p>Without &#8222;Active Authentication Public Key Info&#8220; it is not easy to clone the passport.<\/p>\n<p>To verify:<\/p>\n<ul>\n<li>How do official Slovak biometrical passport readers respond, when they read the passport with invalid hash, digital sign, absence of AA\u00a0information (do they accept an imperfect clone?)<\/li>\n<li>Is it possible to create the imperfect clone (using NXP\u00a0JCOP 41 v2.2.1 72k RANDOM_UID smartcard) where EF.DG3 and EF.DG15 is removed from the passport index?\u00a0Do official Slovak biometrical passport readers accept this clone?<\/li>\n<li>Is it possible to attack the chip using covert channels (e.g. using by<a href=\"http:\/\/wiki.whatthehack.org\/images\/2\/28\/WTH-slides-Attacks-on-Digital-Passports-Marc-Witteman.pdf\">Time-Power Analysis of RSA<\/a>?)<\/li>\n<li>Analysis of MRZ\u00a0entropy:<br \/>\ndate of expiry (10 years) = 3650 values<br \/>\nbirthday (estimation +\/- 5 years)\u00a0= 3650 values<br \/>\npassport number (2 alpha characters + 7 numbers) = 25 *\u00a025 *\u00a0(10 ^ 7) = 6250000000 values<\/li>\n<li>Is it possible to determine the passport number?\u00a0(what algorithm is used for assigning new passport numbers?)<\/li>\n<\/ul>\n<p><strong>You have a right to be informed about security of technologies that process your sensitive information!<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>(still in progress &#8211; if you can help us, do not hesitate to contact us) We have practically demonstrated the possibility of reading of a new Slovak biometric RFID passport. The passport can be read by arbitrary ISO14443A-compliant RFID reader (for our experiment we have used cheap touchatag reader that can be bought for 30 [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":526,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-766","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Public security analysis of Slovak biometric passports - Nethemba<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nethemba.com\/de\/ueber-uns-old\/forschung\/public-security-analysis-of-slovak-biometric-passports\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Public security analysis of Slovak biometric passports - Nethemba\" \/>\n<meta property=\"og:description\" content=\"(still in progress &#8211; if you can help us, do not hesitate to contact us) We have practically demonstrated the possibility of reading of a new Slovak biometric RFID passport. The passport can be read by arbitrary ISO14443A-compliant RFID reader (for our experiment we have used cheap touchatag reader that can be bought for 30 [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nethemba.com\/de\/ueber-uns-old\/forschung\/public-security-analysis-of-slovak-biometric-passports\/\" \/>\n<meta property=\"og:site_name\" content=\"Nethemba\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/nethemba\" \/>\n<meta property=\"article:modified_time\" content=\"2016-02-19T13:38:37+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@nethemba\" \/>\n<meta name=\"twitter:label1\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data1\" content=\"2\u00a0Minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/ueber-uns-old\\\/forschung\\\/public-security-analysis-of-slovak-biometric-passports\\\/\",\"url\":\"https:\\\/\\\/nethemba.com\\\/de\\\/ueber-uns-old\\\/forschung\\\/public-security-analysis-of-slovak-biometric-passports\\\/\",\"name\":\"Public security analysis of Slovak biometric passports - Nethemba\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#website\"},\"datePublished\":\"2015-11-08T13:07:46+00:00\",\"dateModified\":\"2016-02-19T13:38:37+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/ueber-uns-old\\\/forschung\\\/public-security-analysis-of-slovak-biometric-passports\\\/#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nethemba.com\\\/de\\\/ueber-uns-old\\\/forschung\\\/public-security-analysis-of-slovak-biometric-passports\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/ueber-uns-old\\\/forschung\\\/public-security-analysis-of-slovak-biometric-passports\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nethemba.com\\\/de\\\/home-new-2025\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u00dcber uns\",\"item\":\"https:\\\/\\\/nethemba.com\\\/de\\\/?page_id=317\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Forschung\",\"item\":\"https:\\\/\\\/nethemba.com\\\/de\\\/ueber-uns-old\\\/forschung\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Public security analysis of Slovak biometric passports\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/nethemba.com\\\/de\\\/\",\"name\":\"Nethemba\",\"description\":\"We care about your security\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nethemba.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Public security analysis of Slovak biometric passports - Nethemba","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nethemba.com\/de\/ueber-uns-old\/forschung\/public-security-analysis-of-slovak-biometric-passports\/","og_locale":"de_DE","og_type":"article","og_title":"Public security analysis of Slovak biometric passports - Nethemba","og_description":"(still in progress &#8211; if you can help us, do not hesitate to contact us) We have practically demonstrated the possibility of reading of a new Slovak biometric RFID passport. The passport can be read by arbitrary ISO14443A-compliant RFID reader (for our experiment we have used cheap touchatag reader that can be bought for 30 [&hellip;]","og_url":"https:\/\/nethemba.com\/de\/ueber-uns-old\/forschung\/public-security-analysis-of-slovak-biometric-passports\/","og_site_name":"Nethemba","article_publisher":"https:\/\/www.facebook.com\/nethemba","article_modified_time":"2016-02-19T13:38:37+00:00","twitter_card":"summary_large_image","twitter_site":"@nethemba","twitter_misc":{"Gesch\u00e4tzte Lesezeit":"2\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/nethemba.com\/de\/ueber-uns-old\/forschung\/public-security-analysis-of-slovak-biometric-passports\/","url":"https:\/\/nethemba.com\/de\/ueber-uns-old\/forschung\/public-security-analysis-of-slovak-biometric-passports\/","name":"Public security analysis of Slovak biometric passports - Nethemba","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/#website"},"datePublished":"2015-11-08T13:07:46+00:00","dateModified":"2016-02-19T13:38:37+00:00","breadcrumb":{"@id":"https:\/\/nethemba.com\/de\/ueber-uns-old\/forschung\/public-security-analysis-of-slovak-biometric-passports\/#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nethemba.com\/de\/ueber-uns-old\/forschung\/public-security-analysis-of-slovak-biometric-passports\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/nethemba.com\/de\/ueber-uns-old\/forschung\/public-security-analysis-of-slovak-biometric-passports\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nethemba.com\/de\/home-new-2025\/"},{"@type":"ListItem","position":2,"name":"\u00dcber uns","item":"https:\/\/nethemba.com\/de\/?page_id=317"},{"@type":"ListItem","position":3,"name":"Forschung","item":"https:\/\/nethemba.com\/de\/ueber-uns-old\/forschung\/"},{"@type":"ListItem","position":4,"name":"Public security analysis of Slovak biometric passports"}]},{"@type":"WebSite","@id":"https:\/\/nethemba.com\/de\/#website","url":"https:\/\/nethemba.com\/de\/","name":"Nethemba","description":"We care about your security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nethemba.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"}]}},"_links":{"self":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/pages\/766","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/comments?post=766"}],"version-history":[{"count":0,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/pages\/766\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/pages\/526"}],"wp:attachment":[{"href":"https:\/\/nethemba.com\/de\/wp-json\/wp\/v2\/media?parent=766"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}