An analysis of security and privacy issues relating to RFID enabled ePassports

IFIP International Federation for Information Processing

Volumn 232, Issue , 2007, Pages 467-472

  Kosta, Eleni ^a   Meints, Martin ^b   Hansen, Marit ^b   Gasson, Mark ^c  

^a UNIVERSITY OF LEUVEN   (Belgium)

^b Independent Centre for Privacy Protection   (Germany)

^c UNIVERSITY OF READING   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

BORDER CONTROL; DATA PROTECTION; E-PASSPORT; EPASSPORTS; EUROPEAN UNION; SECURITY AND PRIVACY ISSUES; SECURITY MEASURE;

INFORMATION TECHNOLOGY;

SECURITY OF DATA;

EID: 36349031223     PISSN: 15715736     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-0-387-72367-9_42     Document Type: Conference Paper

References (15)

1. ICAO = International Civil Aviation Organization, http://www.icao.int/.
2. Information available via http://www.icao.int/mrtd/publications/doc.cfm.
3. http://europa.eu.int/eur-lex/lex/LexUriServ/site/en/oj/2004/1_385/ 1_38520041229en00010006.pdf.
4. A. Juels, D. Molnar, and D. Wagner, Security and Privacy Issues in E-passports, IEEE SecureComm 2005; available online at http://www.cs.berkeley.edu/~dmolnar/papers/RFID-passports.pdf The term 'intended' indicates the range of vendor-standard readers.
5. Protection Profile BSI-PP-0016-2005 and BSI-PP-0017-2005, certified in August and October 2005 respectively by the German Federal Office for Information Security; available via http://www.bsi.de/zertifiz/zert/ report.htm.
6. This has recently been analysed and demonstrated with a Dutch passport (see H. Robroch, ePassport Privacy Attack, 2006, which also details reading and eavesdropping distances; see http://www.riscure.com/2_news/ 200604%20CardsAsiaSing%20ePassport%20Privacy.pdf)
7. J. Beel and B. Gipp, ePass - der neue biometrische Reisepass, Shaker Verlag, Aachen 2005. Download of chapter 6 "Fazif" http://www.beel.org/epass/epasskapitel6-fazit.pdf). In most ePassports the effective key length is far lower than 56 bits, typically 35 bits, and in some cases even as low as 28 bits.
8. See, e.g., K. Zetter, Hackers Clone E-Passports, Wired News, August 3, 2006; http://www.wired.com/news/technology/1,71521-0.html.
9. Among others see Z. Geradts (ed.), FIDIS Deliverable D6.1: Forensic Implications of Identity Management Systems, Frankfurt 2006; http://www.fidis.net/fidis-del/period-2-20052006/#c822/Starbug, How to fake fingerprints?, October 26, 2004; http://www.ccc.de/biometrie/ fingerabdruck_kopieren.xml?language=en.
10. In France: E.g., the project INES (identité nationale électronique sécurisée), January 31, 2005; http://www.foruminternet.org/telechargement/forum/ presprog-ines-20050201.pdf; in Germany: C. Engel, Auf dem Weg zum elektronischen Personalausweis, Datenschutz und Datensicherheit 4/2006, pp. 207-210, Vieweg, Wiesbaden 2006.
11. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23/11/1995 pp. 0031-0050.
12. Article 29 Data Protection Working Party, Opinion on implementing the Council Regulation (EC) No 2252/2004 of 13 December 2004 on standards for security features and biometrics in passports and travel documents issued by Member States, adopted on 30 September 2001, 1710/05/EN (WP 112).
13. R. Jay and A. Hamilton, Data protection - Law and practice, London Sweet & Maxwell 2003, p. 91.
14. P. van Eecke and G. Skouma, RFID and Privacy: A difficult Marriage?, in: S. Paulus, N. Pohlmann, and H. Reimer (eds.), ISSE 2005 Securing Electronic Business Processes - Highlights of the Information Security Solutions Europe 2005 Conference (pp. 169-178), Vieweg, Wiesbaden 2005, p. 173.
15. http://www.fidis.net/press-events/press-releases/budapest-declaration/ (2006).