The fundamental problem with physical identification devices is that they can be lost, stolen, or copied. People lose things all the time. Ever lose a wallet/purse? Remember the miserable experience of canceling all your credit cards, getting a new license and then checking your credit reports just in case somebody used your in- formation to open new accounts in your name (you did remember to do that, right?).
Hacking
It’s possible to duplicate some types of identifiers without ever touching the original. Compromising a card reader is very effective, and often very easy. Small sensor de- vices can be attached to a card swipe system. These sensors can capture the infor- mation from magnetic strips as they are swiped through the reader.
Smart Cards are more difficult to hack—the exchange of data occurs through electronic contact, not magnetically. Furthermore, the exchange is encrypted. Breaking the encryption is a complex process that takes hours. Theoretically, it’s possible to build a device that can capture the encrypted transaction for later analy- sis. Other information, like the amount of power used by the reader and small amounts of electrical radiation escaping from the device, can also be used to break the encryption on a Smart Card. Hacking a Smart Card in this manner requires pow- erful and sophisticated technology. Of course, if the hacker can get a physical hold on the card for long enough, all of this becomes much easier to accomplish.
Anti-tamper features are built into Smart Cards, but they tend to fail and are of- ten disabled. Even with the features active, it’s still possible to access unauthorized information. For example, the chip can be removed from the card and hooked up to common electronics testing equipment that can read data directly from the memory, bypassing all of the security features.
Advanced cards such as Java Cards can be directly attacked by rogue card reader systems. The Java operating system or applications may have implementation glitches that can be exploited. Conversely, a rogue Java Card could be used to attack a card reader, installing a backdoor by exploiting vulnerabilities in the reader system.
Future combination cards will include fingerprint scanning and other user- verification systems to minimize fraud.
126 Network Security Illustrated
Making the Connection
Cryptography: Smart Cards with processors are perfect for cryptographic opera- tions. Data stored on other types of identifiers should generally be encrypted.
Privacy: Portable Identifiers leave trails of information whenever they’re used. For example, each time a credit card is swiped, the data on the magnetic strip is cap- tured by the point of sale.
Best Practices
A number of security tricks are used to minimize the risk posed by a lost identifier. The most basic trick is to keep the identifier unlabelled. Password generating de- vices, magnetic pass cards and other key-type devices should never contain any in- formation about what they open. A simple example is the magnetic hotel key used in modern hotels. The room number is never on the key—if you lose the key, the finder won’t know which door it opens. Some hotels don’t even print their name on the key, although this is often because the hotel is too cheap to have custom keys printed.
Another important safeguard is the ability to immediately deactivate a lost iden- tifier. This works well for identifiers that communicate with central systems, such as credit cards and passive scan devices. It fails for identifiers that have “off-label” uses, such as driver’s licenses. A stolen license can be used to get on an airplane, even if the license itself has been deactivated and re-issued. This is because airlines don’t have direct access to the motor vehicle databases (this will most likely change soon). Smart Cards pose a more difficult problem—critical information can be stored on the memory chip. Changing an encryption key can be a complicated process if the infrastructure isn’t designed properly. An institution might deactivate a particular Smart Card, but the information (account number, encryption key, etc.) stored on the card might still be valid.
Combining portable identifiers with other forms of identification technology can increase security. This has been done for years. The original combination token is the photo ID. A driver’s license contains authentication information printed on the surface, biometric data (the photograph), and a magnetic or bar code strip with ad- ditional information. Some of the newest Smart Card technologies support on-board biometric and password entry systems for added security.
Final Thoughts
Portable identifiers certainly have proven their place in modern society. They have infiltrated the daily lives of many, and provide convenience and added security to those who use them. Nonetheless, the fact remains that when used as a sole system for identification, portable identifiers can do more harm than good. They are best used in combination with other methods of identification security to greatly reduce the risk of fraud or theft. When used properly, portable identifiers are a great addi- tion to personal and industrial security schemes.
Part IV Determining Identity 127
Chapter 10 Determining Identity: Portable Identifiers 14_200423_CH10_Sonnenreich 9/2/03 3:21 PM Page 127