The Evolution of RFID Security
IEEE Pervasive Computing
Security and Privacy Issues in E-passports
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Practical Attacks on Proximity Identification Systems (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
rfid in pervasive computing: State-of-the-art and outlook
Pervasive and Mobile Computing
E-Passport: cracking basic access control keys
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
Privacy of recent RFID authentication protocols
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
Traceable privacy of recent provably-secure RFID protocols
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Increasing privacy threats in the cyberspace: the case of Italian e-passports
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
Passive cryptanalysis of the unconditionally secure authentication protocol for RFID systems
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
Weakening epassports through bad implementations
RFIDSec'12 Proceedings of the 8th international conference on Radio Frequency Identification: security and privacy issues
Security and Privacy Analysis of Song---Mitchell RFID Authentication Protocol
Wireless Personal Communications: An International Journal
Hi-index | 0.00 |
Since the introduction of RFID technology there have been public debates on security and privacy concerns. In this context the Machine Readable Travel Document (MRTD), also known as e-passport, is of particular public interest. Whereas strong cryptographic mechanisms for authenticity are specified for MRTDs, the mechanisms for access control and confidentiality are still weak. In this paper we revisit the privacy concerns caused by the Basic Access Control mechanism of MRTDs and consider German e-passports as a use case. We present a distributed hardware architecture that can continuously read and record RF based communication at public places with high e-passport density like airports and is capable of performing cryptanalysis nearly in real-time. For cryptanalysis, we propose a variant of the cost-efficient hardware architecture (COPACOBANA) which has been recently realized. Once, MRTD holder identification data are revealed, this information can be inserted into distributed databases enabling global supervision activities. Assuming RF readers and eavesdropping devices are installed in several different airports or used in other similar places, e.g., in trains, one is able to trace any individual similar to tracing packages sent using postal services such as UPS.