Increasing privacy threats in the cyberspace: the case of Italian e-passports

Authors:
Vincenzo Auletta;Carlo Blundo;Angelo De Caro;Emiliano De Cristofaro;Giuseppe Persiano;Ivan Visconti
Affiliations:
Dipartimento di Informatica ed Applicazioni, Università degli Studi di Salerno, Fisciano, SA, Italy;Dipartimento di Informatica ed Applicazioni, Università degli Studi di Salerno, Fisciano, SA, Italy;Dipartimento di Informatica ed Applicazioni, Università degli Studi di Salerno, Fisciano, SA, Italy;University of California, Irvine, Irvine, CA;Dipartimento di Informatica ed Applicazioni, Università degli Studi di Salerno, Fisciano, SA, Italy;Dipartimento di Informatica ed Applicazioni, Università degli Studi di Salerno, Fisciano, SA, Italy
Venue:
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
Year:
2010

Citing 5
Cited 2

Security and Privacy Issues in E-passports

SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
E-Passport Threats

IEEE Security and Privacy
ePassport: Securing International Contacts with Contactless Chips

Financial Cryptography and Data Security
Improved Security Notions and Protocols for Non-transferable Identification

ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
E-passport: the global traceability or how to feel like a UPS package

WISA'06 Proceedings of the 7th international conference on Information security applications: PartI

Weakening epassports through bad implementations

RFIDSec'12 Proceedings of the 8th international conference on Radio Frequency Identification: security and privacy issues
An investigative analysis of the security weaknesses in the evolution of RFID enabled passport

International Journal of Internet Technology and Secured Transactions

Quantified Score

Hi-index	0.00

Visualization

Abstract

The recent introduction of electronic passports (e-Passports) motivates the need of a thorough investigation on potential security and privacy issues. In this paper, we focus on the e-Passport implementation adopted in Italy. Leveraging previous attacks to e-Passports adopted in other countries, we analyze (in)security of Italian e-Passports and we investigate additional critical issues. Our work makes several contributions. 1. We show that in some concrete scenarios, Italian e-Passports are prone to eavesdropping attacks, where one can unnoticeably obtain private data stored in the e-Passport using RF communication, while the passport is stored in a bag/pocket. Moreover, we show how to trace e-Passports by successfully linking two or more communication transcripts related to the same e-Passport. 2. We propose a set of open-source tools that build successful attacks to the security of Italian e-Passports. Among them, we provide a simulator that produces attacks without requiring physical passports and RFID equipment. 3. We show that the random number generator included in the RFID chips produces bits that are noticeably far from the uniform distribution, thus potentially exposing Italian e-Passports to several other attacks.