Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
Passports and Visas versus Ids
Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Security and Privacy Issues in E-passports
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Crossing borders: security and privacy issues of the european e-passport
IWSEC'06 Proceedings of the 1st international conference on Security
Increasing privacy threats in the cyberspace: the case of Italian e-passports
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
Securing low-cost RFID systems: An unconditionally secure approach
Journal of Computer Security - 2010 Workshop on RFID Security (RFIDSec'10 Asia)
Practical eavesdropping and skimming attacks on high-frequency RFID tokens
Journal of Computer Security - 2010 Workshop on RFID Security (RFIDSec'10 Asia)
Enhancing the privacy of electronic passports
International Journal of Information Technology and Management
A secure distance-based RFID identification protocol with an off-line back-end database
Personal and Ubiquitous Computing
A traceability attack against e-passports
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Weakening epassports through bad implementations
RFIDSec'12 Proceedings of the 8th international conference on Radio Frequency Identification: security and privacy issues
An investigative analysis of the security weaknesses in the evolution of RFID enabled passport
International Journal of Internet Technology and Secured Transactions
Hi-index | 0.00 |
Electronic passports (ePassports) have known a wide and fast deployment all around the world since the International Civil Aviation Organization published their specifications in 2004. Based on an integrated circuit, ePassports are significantly more secure than their predecessors. Forging an ePassport is definitely thwarted by the use of cryptographic means. In spite of their undeniable benefit, ePassports have raised questions about personal data protection, since attacks on the basic access control mechanism came into sight. Keys used for that purpose derive from the nothing but predictable machine readable zone data, and so suffer from weak entropy. We provide an in-depth evaluation of the basic access key entropy, and prove that Belgian passport, recipient of Interpol "World's most secure passport" award in 2003, provides the worst basic access key entropy one has ever seen. We also state that two-thirds of Belgian ePassports in circulation do not implement any data protection mechanism. We demonstrate our claims by means of practical attacks. We then provide recommendations to amend the ePassport security, and directions for further work.