Picking Virtual Pockets using Relay Attacks on Contactless Smartcard
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Security and Privacy Issues in E-passports
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Practical Attacks on Proximity Identification Systems (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
ePassport: Securing International Contacts with Contactless Chips
Financial Cryptography and Data Security
E-Passport: cracking basic access control keys
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
Physical-layer identification of RFID devices
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Crossing borders: security and privacy issues of the european e-passport
IWSEC'06 Proceedings of the 1st international conference on Security
Practical eavesdropping and skimming attacks on high-frequency RFID tokens
Journal of Computer Security - 2010 Workshop on RFID Security (RFIDSec'10 Asia)
Enhancing the privacy of electronic passports
International Journal of Information Technology and Management
Privacy supporting cloud computing: confichair, a case study
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Tracking unmodified smartphones using wi-fi monitors
Proceedings of the 10th ACM Conference on Embedded Network Sensor Systems
An investigative analysis of the security weaknesses in the evolution of RFID enabled passport
International Journal of Internet Technology and Secured Transactions
A tool for estimating information leakage
CAV'13 Proceedings of the 25th international conference on Computer Aided Verification
Probabilistic relational verification for cryptographic implementations
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Privacy-supporting cloud computing by in-browser key translation
Journal of Computer Security - Security and Trust Principles
Hi-index | 0.00 |
Since 2004, many nations have started issuing “e-passports” containing an RFID tag that, when powered, broadcasts information. It is claimed that these passports are more secure and that our data will be protected from any possible unauthorised attempts to read it. In this paper we show that there is a flaw in one of the passport’s protocols that makes it possible to trace the movements of a particular passport, without having to break the passport’s cryptographic key. All an attacker has to do is to record one session between the passport and a legitimate reader, then by replaying a particular message, the attacker can distinguish that passport from any other. We have implemented our attack and tested it successfully against passports issued by a range of nations.