Weakening ePassports through Bad Implementations
نویسنده
چکیده
Different countries issue an electronic passport embedding a contactless chip that stores the holder data (ePassport). To prevent unauthorized reading of the sensitive information present on such chip an access control mechanism based on symmetric cryptography, the Basic Access Control (BAC), has been introduced. In this work we present the flaws we have found out in some implementations of the software hosted on ePassport chips and how BAC is affected. In particular we show how it is possible to discern the different software versions used on the chip over time through some their peculiar fingerprints. This information can be used to shrink the BAC keys space making the protocol weaker. In addition, we show the presence of a defective function to exchange random material during the BAC procedure that opens a door for a MITM attack. The results of this paper could be exploited as a first guide for reviewing and refining existing ePassport implementations.
منابع مشابه
A Survey on the Evolution of Cryptographic Protocols in ePassports
ePassports are biometric identification documents that contain RFID Tags and are primarily used for border security. The embedded RFID Tags are capable of storing data, performing low cost computations and cryptography, and communicating wirelessly. Since 2004, we have witnessed the development and widespread deployment of three generations of electronic passports The ICAO First Generation ePas...
متن کاملUser-Centric Identity Using ePassports
The worldwide introduction of ePassports presents a unique opportunity for the online identity community to implement trustworthy identity providers. The ePassport provides citizens with a strong authentication token within a global Public Key Infrastructure backed by government administrations. This paper studies the possibilities for leveraging the ePassport for usercentric identity and repor...
متن کاملePassport: Securing International Contacts with Contactless Chips
Electronic passports (ePassports) have known a wide and fast deployment all around the world since the International Civil Aviation Organization published their specifications in 2004. Based on an integrated circuit, ePassports are significantly more secure than their predecessors. Forging an ePassport is definitely thwarted by the use of cryptographic means. In spite of their undeniable benefi...
متن کاملAn analysis of security and privacy issues relating to RFID enabled ePassports
The European Union sees the introduction of the ePassport as a step towards rendering passports more secure against forgery while facilitating more reliable border controls. In this paper we take an interdisciplinary approach to the key security and privacy issues arising from the use of ePassports. We further analyse how European data protection legislation must be respected and what additiona...
متن کاملFinding Bad States during Symbolic Supervisor Synthesis
This paper is about supervisor synthesis, a central issue in solving control problems within the Ramadge-Wonham framework for Discrete Event Systems. As most automata-based methods, this framework is subject to the state explosion problem. The impact of state explosion has been considerably reduced in the area of formal verification through the introduction of symbolic representation techniques...
متن کامل