B1;2c leakiEst e-Passport Traceability Example Dataset

leakiEst

Example: e-Passport Traceability

The RFID chip in e-passports is designed to be untraceable; i.e., without knowing the secret key for a passport, it should be impossible to distinguish it from another passport across sessions. In [CG11] we observed that e-passports fail to achieve this goal due to a poorly-implemented MAC check: passports take longer to reject replayed messages. This means that a single message can be used to test for the presence of a particular passport.

We collected timing data from an e-passport and analysed it with leakiEst, which clearly detects the presence of an information leak from a dataset containing 100 observations. Attempting to fix the leak, we developed a variant of the e-passport protocol that pads the time delays so that the average response time is equal in all cases. leakiEst still indicated the presence of a small information leak: while the average times are the same, it appears that the actual time measurements come from a different distribution. After modifying the protocol to continue processing a message even when the MAC check fails, and only reject it at the end of the protocol, leakiEst indicates that it is free from leaks.

Command lines and outputs

The configuration files need to be located in the same directory as leakiest-1.4.9.jar.

$ java -jar leakiest-1.4.9.jar -cfg configPassportBritish.txt
Show/hide leakiEst output for configuration file: configPassportBritish.txt
Estimated mutual information: 0.9471 (out of possible  1.000 bits)
There is a leak.
  Estimate is NOT below 0.0101(the 95 percentile for shuffled values).
$ java -jar leakiest-1.4.9.jar -cfg configPassportBritishFix.txt
Show/hide leakiEst output for configuration file: configPassportBritishFix.txt
Estimated mutual information: 0.0531 (out of possible  1.000 bits)
No leak detected.
  Estimate is below 0.0699(the 95 percentile for shuffled values).
$ java -jar leakiest-1.4.9.jar -cfg configPassportGerman.txt
Show/hide leakiEst output for configuration file: configPassportGerman.txt
Estimated mutual information: 0.9822 (out of possible  1.000 bits)
There is a leak.
  Estimate is NOT below 0.0228(the 95 percentile for shuffled values).
$ java -jar leakiest-1.4.9.jar -cfg configPassportGermanFix.txt
Show/hide leakiEst output for configuration file: configPassportGermanFix.txt
Estimated mutual information: 0.1524 (out of possible  1.000 bits)
No leak detected.
  Estimate is below 0.3614(the 95 percentile for shuffled values).
$ java -jar leakiest-1.4.9.jar -cfg configPassportIrish.txt
Show/hide leakiEst output for configuration file: configPassportIrish.txt
Estimated mutual information: 1.0 (out of possible  1.000 bits)
There is a leak.
  Estimate is NOT below 0.0156(the 95 percentile for shuffled values).
$ java -jar leakiest-1.4.9.jar -cfg configPassportIrishFix.txt
Show/hide leakiEst output for configuration file: configPassportIrishFix.txt
Estimated mutual information: 0.4206 (out of possible  1.000 bits)
There is a leak.
  Estimate is NOT below 0.357(the 95 percentile for shuffled values).