SA eID smart cards privacy and security explained

[squid66]

To my knowledge (well, understanding), the banks use cards that have both the chip and the magnetic strip. Where a POS does not support a chip, the retailer can still use the magnetic strip to make the transaction. So my point becomes, that when a bank card gets cloned, it is the legacy strip that is compromised, and not necessarily the chip. Again this is my own layman analysis. If anybody tells me that the chip also gets compromised, I will not disagree with them, but will rather want to hear their explanation.

The problem with chip and mag stripe cards (aka Hybrid cards) is, while they provide a convenient migration path for POS to upgrade their technology without compromising service, they are only as secure as their weakest link, the mag stripe. Now there is data on this mag stripe which will tell the POS device to use the chip reader if so fitted, but even this is easy to work around by getting the chip Answer To Reset to fail, thereby falling back to the (possibly cloned) mag stripe. It is also easy to modify the ICC present data on the magstripe and rewrite it so that a chip insertion is not requested.

Anyway my point is that the same scenario applies to this new ID card, as long as an old id book is valid (another 10 years or so), there is a loophole for the criminal element to use.

 

[morganc]

Not really what I was asking
I was referring to this line "Fouladi said that cloning these cards is almost impossible.". And I was saying that surely they can be cloned.
As a simple example, a PC hard drive can have all the encryption you want, but can still be cloned/ghosted.

You can't simply copy the contents of the chip. It has an API which lets you sign or decrypt data using the embedded private key, but not extract the key.

That said, there are attacks - they just have to be very sophisticated, like getting into the chip itself without damaging it.

Google "Javacard attacks" - I won't post results, many of them are PDFs.

Security is a matter of risk management. The risks here are lower than a magstripe or barcode, but are not zero. To assess the risks, you'd have to consider the system. It may be designed to operate in an online and offline way - i.e. if the people verifying your identity are not linked to Home Affairs (or their link goes down), what can they rely on, and how can that SYSTEM be attacked (rather than just the card)?

 

[Trib]

Running a Java applet

Correct. A Javacard applet. This is different to the Java Desktop/Web based Applet.

 

[Trib]

Anyway my point is that the same scenario applies to this new ID card, as long as an old id book is valid (another 10 years or so), there is a loophole for the criminal element to use.

I agree with you, but you have to admit... this is a step in the right direction and correct method of implementation, a phased approach.