A traceability attack against e-passports

Authors:
Tom Chothia;Vitaliy Smirnov
Affiliations:
School of Computer Science, University of Birmingham, Birmingham, UK;School of Computer Science, University of Birmingham, Birmingham, UK
Venue:
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Year:
2010

Citing 7
Cited 9

Picking Virtual Pockets using Relay Attacks on Contactless Smartcard

SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Security and Privacy Issues in E-passports

SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Practical Attacks on Proximity Identification Systems (Short Paper)

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
ePassport: Securing International Contacts with Contactless Chips

Financial Cryptography and Data Security
E-Passport: cracking basic access control keys

OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
Physical-layer identification of RFID devices

SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Crossing borders: security and privacy issues of the european e-passport

IWSEC'06 Proceedings of the 1st international conference on Security

Practical eavesdropping and skimming attacks on high-frequency RFID tokens

Journal of Computer Security - 2010 Workshop on RFID Security (RFIDSec'10 Asia)
Enhancing the privacy of electronic passports

International Journal of Information Technology and Management
Privacy supporting cloud computing: confichair, a case study

POST'12 Proceedings of the First international conference on Principles of Security and Trust
TARDIS: time and remanence decay in SRAM to implement secure protocols on embedded devices without clocks

Security'12 Proceedings of the 21st USENIX conference on Security symposium
Tracking unmodified smartphones using wi-fi monitors

Proceedings of the 10th ACM Conference on Embedded Network Sensor Systems
An investigative analysis of the security weaknesses in the evolution of RFID enabled passport

International Journal of Internet Technology and Secured Transactions
A tool for estimating information leakage

CAV'13 Proceedings of the 25th international conference on Computer Aided Verification
Probabilistic relational verification for cryptographic implementations

Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Privacy-supporting cloud computing by in-browser key translation

Journal of Computer Security - Security and Trust Principles

Quantified Score

Hi-index	0.00

Visualization

Abstract

Since 2004, many nations have started issuing “e-passports” containing an RFID tag that, when powered, broadcasts information. It is claimed that these passports are more secure and that our data will be protected from any possible unauthorised attempts to read it. In this paper we show that there is a flaw in one of the passport’s protocols that makes it possible to trace the movements of a particular passport, without having to break the passport’s cryptographic key. All an attacker has to do is to record one session between the passport and a legitimate reader, then by replaying a particular message, the attacker can distinguish that passport from any other. We have implemented our attack and tested it successfully against passports issued by a range of nations.