An analysis of security weaknesses in the evolution of RFID enabled passport

World Congress on Internet Security, WorldCIS-2012

Volumn , Issue , 2012, Pages 158-166

  Bogari, Eyad Abdullah ^a   Zavarsky, Pavol ^a   Lindskog, Dale ^a   Ruhl, Ron ^a  

^a Department of Philosophy and Religious Studies   (Canada)

Author keywords

E passport; E passport security features; ICAO; PKI; RFID; vulnerabilities

Indexed keywords

E-PASSPORT; ICAO; PKI; SECURITY FEATURES; VULNERABILITIES;

INTERNET; RADIO FREQUENCY IDENTIFICATION (RFID); SECURITY SYSTEMS;

SECURITY OF DATA;

EID: 84867161676     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (52)

1. M. Abid, and H. Afifi, "Secure E-passport protocol using elliptic curve Diffie-Hellman key agreement protocol," in 4th Int. Conf. on Inform. Assurance and Security ISIAS'08, 2008, pp. 99-102.
2. S.A. Anshuman, "A survey of system security in contactless electronic passports," J. of Comput. Security, vol. 19, no. 1, Feb. 2011, pp. 203-226. Available: http://iospress.metapress.com/content/8402gr10203t4236/. (Access Date: 4 May, 2012)
3. A. Atanasiu, and M.I. Mihailescu, "Biometric passports (ePassports)," in 8th IEEE Int. Conf. on Commun. (COMM), Bucharest, Romania, 2010, pp. 443-446.
4. V. Auletta et al., "Increasing privacy threats in the cyberspace: The case of Italian e-passports," in Financial Cryptography and Data Security, vol. 6054, Springer Berlin, Heidelberg, 2010, pp. 94-104.
5. G. Avoine, K. Kalach, and J. Quisquater, "E-passport: securing international contacts with contactless chips," in Financial Cryptography and Data Security, vol. 5143, Springer Berlin, Heidelberg, 2008, pp. 141-155.
6. C. Blundo et al., "Improved security notions and protocols for non-transferable identification," in Computer Security ESORICS'08, vol. 5283, Springer Berlin, Heidelberg, 2008, pp. 364-378.
7. S. Boggan, (2008, August 06). Fakeproof e-passport is cloned in minutes. The Times. Available: http://www.thetimes.co.uk/tto/news/. (Access Date: 4 May, 2012)
8. "Advanced security mechanisms for machine readable travel documents: EAC, PACE, and RI. v2.10," The German Federal Office of Information Security BSI, Tech. Guidelines, TR-03110-3, Mar. 2012.
9. D. Carluccio et al., "E-passport: the global traceability or how to feel like a UPS package," in Inform. Security Applicat., vol. 4298, Springer Berlin, Heidelberg, 2007, pp. 391-404.
10. J. Chapman, "Determining the security enhancement of biometrics in epassports," in Bonn-Aachen Int. Center for Inform. Technology, Nov. 2009. Available: http://cosec.bit.uni-bonn.de/fileadmin/user-upload/teaching/09ws/ 09ws-sem/biometry-ws09-chapman.pdf. (Access Date: 4 May, 2012)
11. T. Chothia, and V.A. Smirnov, "Traceability attack against e-passports," in Financial Cryptography and Data Security, vol. 6052, Springer Berlin, Heidelberg, 2010, pp. 20-34.
12. J. Coron, et al., "Supplemental access control (PACE v2): security analysis of PACE integrated mapping," in Cryptology eprint archive report 2011/058, 2009. Available: http://eprint.iacr.org/2011/058.pdf. (Access Date: 4 May, 2012)
13. "Israel cloned 1000s of UK passports and used airport security as mossad front," European Union Times, Mar 31, 2010, Available: http://www.eutimes.net/2010/03/israel-cloned-1000s-of-uk-passports-used- airportsecurity-as-mossad-front/. (Access Date: 4 May, 2012)
14. G. M. Ezovski, and S.E. Watkins, "The electronic passport and the future of government-issued RFID-based identification," in IEEE International Conference on RFID, 2007, pp. 15-22.
15. A. Fernandez-Mir, J. Castella-Roca, and A. Viejo, "Secure and scalable RFID authentication protocol," in Data Privacy Manage. and Autonomous and Spontaneous Security, vol. 6514, Springer Berlin, Heidelberg, 2011. pp. 231-243.
16. L. Grunwald, "Security issues with RFID enabled passports and government issued eID documents, an overview of risk scenarios and attack vectors," Neo Catena Networks Inc., 2010. Available: https://media. blackhat.com/bh-ad-10/Grunwald/BlackHat-AD-2010-Grunwald-MRTD-eID-wp.pdf. (Access Date: 4 May, 2012)
17. G.P. Hancke, "Practical eavesdropping and skimming attacks on high-frequency RFID tokens," J. of Computer Security (RFID Sec'10 Asia), vol. 19, no. 2. 2011.
18. V. Heino, "Moving to the third generation of electronic passports," the Silicon Trust Gemalto, 2011. Available: http://www.securitydocumentworld.com/client-files/moving-to-the-third- generation-of-electronic-passports-october-20111.pdf. (Access Date: 4 May, 2012)
19. M. Hlavac, and T. Rosa, "A note on the relay attacks on E-passports: The case of Czech E-passports," Cryptology eprint archive report 2007/244, 2007. Available: http://eprint.iacr.org/2007/244.pdf. (Access Date: 4 May, 2012)
20. M. Hlavac, "Known plaintext only attack on RSA-CRT with Montgomery multiplication," in Cryptographic Hardware and Embedded Systems, vol. 5747, Springer Berlin, Heidelberg, 2009, pp. 128-140.
21. J. Hoepman et al., "Crossing borders: Security and privacy issues of the European e-Passport," in Advances in Information and Computer Security, vol. 4266, Springer Berlin, Heidelberg, 2006, pp. 152-167.
22. M. Hutter, S. Mangard, and M. Feldhofer, "Power and EM attacks on passive 13.56 MHz RFID devices," in Cryptographic Hardware and Embedded Systems, vol. 4727, Springer Berlin, Heidelberg, 2007, pp. 320-333.
23. "ISO/IEC 14443-4:2008 - Identification cards - Contactless integrated circuit cards - Proximity cards - Part 4: Transmission protocol," International Organization for Standardization, 2008.
24. A. K. Jain, A. Ross, and S. Prabhakar, "An introduction to biometric recognition," in IEEE Trans. on Circuits and Systems for Video Technology, vol.14, no. 1, 2004, pp. 4-20.
25. A. Juels, "RFID security and privacy: a research survey," IEEE J. Selected Areas in Communications, vol. 24, no. 2, 2006, pp. 381-394.
26. A. Juels, D. Molnar, and D. Wagner, "Security and privacy issues in E-passports," in Proc. Anonymous Security and Privacy for Emerging Areas in Communications Networks, 2005, pp. 74-88.
27. P.A. Karger et al., "Security and privacy issues in machine readable travel documents," IBM Research Report, TR RC 23575 (W0504-003), , 2005. Available: http://domino.watson.ibm.com/library/CyberDig.nsf/papers/ 751B6341BFB9015485256FDB005DB216/$File/RC23575.pdf. (Access Date: 4 May, 2012)
28. A. Laurie, "RF idiot", Available: http://rfidiot.org/. (Access Date: 4 May, 2012)
29. D. Lekkas, and D. Gritzalis, "E-passports as a means towards the first world-wide public key infrastructure," in Public Key Infrastructure, vol. 4582, Springer Berlin, Heidelberg 2007, pp. 34-48.
30. J. Leyden, "Code highlights E-passport eavesdropping risk: What RFIDIOt chipped my passport?," The Register, 2006. Available: http://www.theregister.co.uk/2006/10/31/rfid-e-passport-attack/. (Access Date: 4 May, 2012)
31. J. Leyden, "RFID hack attack: E-passport cloning risks exposed,", The Register, 2006. Available: http://www.theregister.co.uk/ 2006/08/04/epassport-hack-attack/. (Access Date: 4 May, 2012)
32. I. Liersch, "Electronic passports - from secure specifications to secure implementations," in Inform. Security Tech. Rep., vol.14, no.2, 2009, pp. 96-100.
33. Y. Liu et al., "E-passport: cracking basic access control keys," On the Move to Meaningful Internet Systems, vol. 4804, Springer Berlin, Heidelberg, 2007, pp. 1531-1547.
34. L. Mirowski, J. Hartnett, and R, Williams, "An RFID attacker behavior taxonomy," IEEE Pervasive Computing, vol.8, no.4, 2009, pp. 79-84.
35. P. Najera, F. Moyano, and J. Lopez, "Security mechanisms and access control infrastructure for E-passport and general purpose e-documents," J. Universal Computer Science, vol.15, no. 5, 2009, pp. 970-991.
36. R. Nithyanand, "A Survey on the evolution of cryptographic protocols in ePassports," Cryptology eprint archive 2009/200, 2009. Available: http://eprint.iacr.org/2009/200.pdf. (Access Date: 4 May, 2012)
37. V. Pasupathinathan, J. Pieprzyk, and H. Wang, "An on-line secure E-passport protocol," in Information Security Practice and Experience, vol. 4991, Springer Berlin / Heidelberg, 2008, pp. 14-28.
38. I. Pooters, "Keep out of my passport: access control mechanisms in E-passports," 2008. Available: http://danishbiometrics.files.wordpress.com/ 2010/05/ivo.pdf. (Access Date: 4 May, 2012)
39. "Protection profile for ePassport IC with active authentication," Passport Division, Consular Affairs Bureau, Ministry of Foreign Affairs of Japan, 2010. Available: http://www.commoncriteriaportal.org/ files/ppfiles/c0247-epp.pdf. (Access Date: 4 May, 2012)
40. H. Richter, W. Mostowski, and E. Poll, "Fingerprinting passports," 2008. Available: http://www.cs.ru.nl/~woj/papers/download/ nluug2008.pdf. (Access Date: 4 May, 2012)
41. H. Robroch, "ePassport privacy attack," Cards Asia Singapore, Apr. 2006. Available: http://www.riscure.com/archive/200604-CardsAsiaSing- ePassport-Privacy.pdf. (Access Date: 4 May, 2012)
42. P.A. Rotter, "A framework for assessing RFID system security and privacy risks," IEEE Pervasive Computing, vol.7, no.2, 2008, pp. 70-77.
43. B. Schneier, "How to clone and modify E-passports," Schneier on Security, Sep. 2008. Available: http://www.schneier.com/blog/archives/2008/09/ how-to-clone-an.html. (Access Date: 4 May, 2012)
44. B. Schneier, "RFID cards and Man-in-the-Middle Attacks," Schneier on Security, Apr. 2006. Available: http://www.schneier.com/blog/ archives/2006/04/rfid-cards-and.html. (Access Date: 4 May, 2012)
45. S. Sheetal, "Technical analysis of security mechanisms used in RFID E-passport, related threats, security and privacy issues," 2006. Available: http://www-scf.usc.edu/~sheetals/publications/RFID-epassport.pdf. (Access Date: 4 May, 2012)
46. The ICAO Secretary General, "Machine readable travel documents (MRTDs): History, Interoperability, and Implementation," ISO/IEC JTC1 SC17 WG3/TF1 for ICAO-NTWG, 2007.
47. The ICAO Secretary General, "Specifications for electronically Enabled MRTDs with biometric identification capability, Doc 9303, Machine Readable Travel Documents (MRTDs)," International Civil Aviation Organization, Part 3, Vol. 2, 2008.
48. The ICAO Secretary General, "Supplement to Doc 9303, Machine Readable Travel Documents," ISO/IEC JTC1 SC17 WG3/TF1 for ICAO-NTWG," Ver. 10, May 2011.
49. The ICAO Secretary General, "Supplemental access control for machine readable travel documents - Technical Report, ISO/IEC JTC1 SC17 WG3/TF5 for ICAO, Ver. 1.01," November 2010.
50. L. Thomson, "Hacker clones passports in drive-by RFID heist," V3 UK, Feb. 2009. Available: http://www.v3.co.uk/v3-uk/news/1953428/ hackerclones-passports-drive-rfid-heist. (Access Date: 4 May, 2012)
51. M. Ullmann et al., "Password authenticated key agreement for contactless smart cards," Workshop on RFID Security, 2008. Available: http://events.iaik.tugraz.at/RFIDSec08/Papers/Publication/14%20-%20Ullmann%20- %20PW%20Authenticated%20Key%20Agreement%20-%20Paper.pdf. (Access Date: 4 May, 2012)
52. P. Vijayakrishnan, J. Pieprzyk, and H. Wang, "Formal security analysis of Australian and E. U. E-passport implementation," in Proc. 6th Australasian conf. on inform. security, vol. 81, Australia, 2008, pp. 75-82.