Crossing borders: security and privacy issues of the european e-passport

Authors:
Jaap-Henk Hoepman;Engelbert Hubbers;Bart Jacobs;Martijn Oostdijk;Ronny Wichers Schreur
Affiliations:
Institute for Computing and Information Sciences, Radboud University Nijmegen, Nijmegen, GL, The Netherlands;Institute for Computing and Information Sciences, Radboud University Nijmegen, Nijmegen, GL, The Netherlands;Institute for Computing and Information Sciences, Radboud University Nijmegen, Nijmegen, GL, The Netherlands;Institute for Computing and Information Sciences, Radboud University Nijmegen, Nijmegen, GL, The Netherlands;Institute for Computing and Information Sciences, Radboud University Nijmegen, Nijmegen, GL, The Netherlands
Venue:
IWSEC'06 Proceedings of the 1st international conference on Security
Year:
2006

Citing 2
Cited 25

Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Security and Privacy Issues in E-passports

SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks

E-Passport Threats

IEEE Security and Privacy
Pseudonymous Mobile Identity Architecture Based on Government-Supported PKI

Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Combining Biometric Authentication with Privacy-Enhancing Technologies

Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
ePassport: Securing International Contacts with Contactless Chips

Financial Cryptography and Data Security
A Practical Attack on the MIFARE Classic

CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Dismantling MIFARE Classic

ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Biometrics and their use in e-passports

Image and Vision Computing
Security of RFID Protocols -- A Case Study

Electronic Notes in Theoretical Computer Science (ENTCS)
Securing ePassport system: a proposed anti-cloning and anti-skimming protocol

SoftCOM'09 Proceedings of the 17th international conference on Software, Telecommunications and Computer Networks
Private handshakes

ESAS'07 Proceedings of the 4th European conference on Security and privacy in ad-hoc and sensor networks
E-Passport: cracking basic access control keys

OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
Privacy of recent RFID authentication protocols

ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
Traceable privacy of recent provably-secure RFID protocols

ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Untraceability of RFID protocols

WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
Readers behaving badly: reader revocation in PKI-based RFID systems

ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Attacks on a lightweight mutual authentication protocol under EPC C-1 G-2 standard

WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
Passive cryptanalysis of the unconditionally secure authentication protocol for RFID systems

ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
Usability of display-equipped RFID tags for security purposes

ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Privacy Analysis of Forward and Backward Untraceable RFID Authentication Schemes

Wireless Personal Communications: An International Journal
A traceability attack against e-passports

FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Practical schemes for privacy and security enhanced RFID

WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
Weakening epassports through bad implementations

RFIDSec'12 Proceedings of the 8th international conference on Radio Frequency Identification: security and privacy issues
An investigative analysis of the security weaknesses in the evolution of RFID enabled passport

International Journal of Internet Technology and Secured Transactions
Can Jannie verify? Usability of display-equipped RFID tags for security purposes

Journal of Computer Security - Research in Computer Security and Privacy: Emerging Trends
User-aided reader revocation in PKI-based RFID systems

Journal of Computer Security - ESORICS 2010

Quantified Score

Hi-index	0.00

Visualization

Abstract

The first generation of European e-passports will be issued in 2006. We discuss how borders are crossed regarding the security and privacy erosion of the proposed schemes, and show which borders need to be crossed to improve the security and the privacy protection of the next generation of e-passports. In particular we discuss attacks on Basic Access Control due to the low entropy of the data from which the access keys are derived, we sketch the European proposals for Extended Access Control and the weaknesses in that scheme, and show how fundamentally different design decisions can make e-passports more secure.