SoS at Vara's Nieuwslicht
The SoS group has contributed twice (so far) to the national TV-show Vara's Nieuwslicht. This is a Dutch TV program which shines a scientific light over the news of the week. It used to be hosted by Paul Witteman, but this season Menno Bentveld took over.
The main topic for our contribution was the use of contactless chips. In particular the use of such a contactless chip in the new biometric passport. What are the possibilities and dangers of putting biometric information on a chip that might be readable without the owner knowing it? Of course the passport has some countermeasures that should prevent this kind of attack, but are they strong enough? And what about the national database where these biometric features are collected?
Apart from Bart's conversation with Menno on these issues we also did two demo's. The first demo was taped two days before in Nijmegen where Martijn Oostdijk tried to read the RFID chip which was implented some time ago in Bas Haring's left upper arm at the Baya Beach Club in Barcelona. During this demo Bas and Martijn also discussed some of the good points and some of the risks of using RFID chips on a large scale.
The second demo was about the fact that you can really store a picture on a smartcard and as soon as the card is detected by the reader asks for a secret key to unlock the card. This is basically what happens with the new biometric passport.
More details will be added later...
Prof. Bart Jacobs. was one of the guests in this show. Together with the regular panel of the program he talked about flaws in software. In particular about the possibility to implement flaws on purpose. Together with the Vara the SoS group set up an election to visualize problems like these.
How did it work?
 |
Before entering the studio the audience received a voting card with a unique number on it. |
 |
With this card one should go to one of the voting terminals (laptops with SoS software on it) and enter the vote number. |
 |
After entering the unique number on the card, people should use the mouse to point at their prefered candidate: Bush, Kerry or blank. |
 |
After choosing the candidate a printer would print a ballot with the name of the candidate chosen. The voter should check whether the paper ballot indeed showed the name of the candidate he voted for. |
 |
If so, he should fold the ballot and deposit it into the container. This checked paper trail is used in order to be able to verify whether the outcome of the election as presented by our program was correct. |
 |
After the complete audience had voted and entered the studio we collected the votes on all three client machines and stored them onto Bart's laptop which was running the server software. Bart presented the outcome and showed that Bush had just beaten Kerry. Paul Witteman didn't believe him since this was a very unlikely outcome for a Vara audience and asked the audience to raise their hands to show whom they actually voted for. Of course this made clear that the results of the program were not trustworthy. Bart admitted that our program was modified in such a way that it assured that Bush would win the elections. |
 |
At the end of the item, Bart showed the true results of the election. This time Bush got only 9 votes and Kerry 33. There were 3 blank votes. |
The complete show can be viewed on the Nieuwslicht website.
Downloads
Here you can download the programs being used for the test in the studio. They are written in Java, hence if you want to run these programs you will need a J2SE Java Runtime Environment. (Or a J2SE Software Development Kit.) If you don't have this yet, you can download such a JRE or SDK from Sun. We compiled the programs against j2sdk1.4.2_04.
We offer two versions. Both are available as a .zip file.
Unzip the chosen package and read the README.TXT file to get things started. In particular this file contains a list of valid vote numbers; without them, you won't get very far.
The programs were written by Engelbert Hubbers.