ePassport: Securing International Contacts with Contactless Chips
نویسندگان
چکیده
Electronic passports (ePassports) have known a wide and fast deployment all around the world since the International Civil Aviation Organization published their specifications in 2004. Based on an integrated circuit, ePassports are significantly more secure than their predecessors. Forging an ePassport is definitely thwarted by the use of cryptographic means. In spite of their undeniable benefit, ePassports have raised questions about personal data protection, since attacks on the basic access control mechanism came into sight. Keys used for that purpose derive from the nothing but predictable machine readable zone data, and so suffer from weak entropy. We provide an in-depth evaluation of the basic access key entropy, and prove that Belgian passport, recipient of Interpol “World’s most secure passport” award in 2003, provides the worst basic access key entropy one has ever seen. We also state that two-thirds of Belgian ePassports in circulation do not implement any data protection mechanism. We demonstrate our claims by means of practical attacks. We then provide recommendations to amend the ePassport security, and directions for further work.
منابع مشابه
ePassport: Side Channel in the Basic Access Control
An electronic version of the traditional passport (ePassport) is nowadays issued by many countries to their citizens. A contactless chip storing personal details of the document holder is embedded in the ePassport cover. To prevent unauthorized reads of the chip’s content and to protect its communication with a legitimate reader the Basic Access Control (BAC) has been introduced. Thanks to the ...
متن کاملWeakening ePassports through Bad Implementations
Different countries issue an electronic passport embedding a contactless chip that stores the holder data (ePassport). To prevent unauthorized reading of the sensitive information present on such chip an access control mechanism based on symmetric cryptography, the Basic Access Control (BAC), has been introduced. In this work we present the flaws we have found out in some implementations of the...
متن کاملA Note on the Relay Attacks on e-passports: The Case of Czech e-passports
The threat of relay attacks on authentication protocols is often well recognized, especially for contactless applications like RFID chips. It is, therefore, a bit surprising to meet an implementation that actually encourages rather than eliminates these attacks. We present our experimental observations concerning Czech e-passports. These show clearly an inherent weakness rooted in lower layers ...
متن کاملContactless Identification Device With Anticollision Algorithm
An anticollision algorithm for radio frequency based communication with passive contactless identification devices is realized. The anticollision algorithm is based on a bit-wise arbitration during the identification phase of the target device. The identification time of a unique device is independent of the number of devices which are actively involved in the identification process (keywords: ...
متن کاملEvolution of Electronic Passport Scheme using Cryptographic Protocol along with Biometrics Authentication System
Millions of citizens around the world have already acquired their new electronic passport. The epassport is equipped with contactless chip which stores personal data of the passport holder, information about the passport and the issuing institution, as well as with a multiple biometrics enabling cryptographic functionality. Countries are required to build a Public Key Infrastructure, biometric ...
متن کامل