Towards Disclosing the RSA Private Key of an e-Passport
Martin Hlaváč & Tomáš Rosa (UK, Praha & e-banka)

The recent deployment of the electronic passports equipped with RFID chips might leave one asking on how far is that platform secure. We briefly review (and also demonstrate partially) several generic and unavoidable weaknesses of the RFID chips, such as an ID cloning, the relay attack, and electromagnetic side channels. Secondly, we focus on a specific cryptographic operation of the e-passport. It is shown that due to an existing side channel an insecure implementation of one single cryptographic primitive such as the modular multiplication can cause the entire (otherwise secure) scheme to collapse. To provide an attack on the real e-passport, two elementary steps need to be done. First, the side channel signal has to be mapped on the assumed chip operations. Secondly, we have to develop a mathematical tool allowing us to exploit such a signal. Our contribution deals mainly with the second part, the first one leaving open with several positive indices. We show that given the amount of so-called final substitutions in Montgomery multiplication algorithm (used for RSA signing operation) one can launch a known cipher text attack on the RSA instance. This is an improvement of the existing chosen ciphertext attack [1]. As the original attack required a chosen ciphertext condition, it was useless for the e-passport signature scheme. Therefore, we regard our improvement as being essential step towards breaking the e-passport active authentication scheme.

[1] Tomoeda et al., An SPA-Based Extension of Schindler's Timing Attack against RSA Using CRT, 2005