Privacy issues of electronic passports

• Autorzy: Riha Z. , Matyas V.
• Języki publikacji: EN

Abstrakty

EN

Electronic passports combine classical passport booklets with the smartcard technology, biometrics and cryptography. The communication with the electronic passports is based on contactless ISO 14443 technology, designed for the communication distance of 0-10 cm. This paper is focused on the privacy aspects of the electronic passports. Weaknesses of the basic access control and extended access control are discussed. Significant emphasis is put on passport fingerprinting which may allow guessing the issuing country. Aspects of biometric data formats, skimming, eavesdropping and active authentication challenge semantics are also covered. The conclusions sum up recommendations for passport holders and issuers.

Słowa kluczowe

EN

access control; biometrics; electronic passport; privacy; skimming; tracking

PL

kontrola dostępu; biometria; elektroniczny paszport; prywatność; śledzenie

• Wydawca: University of Silesia, Institute of Informatics, Computer Systems Department
• Czasopismo: Journal of Medical Informatics & Technologies
• Rocznik: 2011
• Tom: Vol. 17
• Strony: 37--48
• Opis fizyczny: Bibliogr. 33 poz., rys.

Twórcy

autor

Riha Z.

• Faculty of Informatics, Masaryk University, Brno, Czech Republic

autor

Matyas V.

Bibliografia

• [1] AVOINE G., KALACH K., QUISQUATER J.J. Belgian Biometric Passport does not get a pass..., 2007, http://www.dice.ucl.ac.be/crypto/passport/index.html.
• [2] van BEEK J., ePassports reloaded goes mobile, BlackHat Europe 2009, Amsterdam.
• [3] Advanced Security Mechanisms for Machine Readable Travel Documents – Extended Access Control (EAC), Ver. 1.11, TR-03110, BSI, 2008.
• [4] Advanced Security Mechanisms for Machine Readable Travel Documents – Extended Access Control (EAC), Password Authenticated Connection Establishment (PACE), and Restricted Identification (RI), Ver. 2.02, TR-03110, BSI, 2009.
• [5] Budapest Declaration on Machine Readable Travel Documents, FIDIS, 2006.
• [6] FINKE T., KELTER H., Radio Frequency Identification – Abhörmöglichkeiten der Kommunikation zwischen Lesegerät und Transponder am Beispiel eines ISO14443-Systems, 2004.
• [7] HANCKE G.P., Eavesdropping Attacks on High-Frequency RFID Tokens, Proceedings of the 4th Workshop on RFID Security (RFIDsec’08), July 2008, pp. 100–113.
• [8] HLAVÁČ M, ROSA T., A Note on the Relay Attacks on e-passports? The Case of Czech e-passports, Tech. report 2007/244, Int'l Assoc. for Cryptologic Research, 2007.
• [9] HOEPMAN J.H., HUBBERS E., JACOBS B., OOSTDIJK M., SCHREUR R.W., Crossing Borders: Security and Privacy Issues of the European e-Passport, in Advances in Information and Computer Security, Vol. 4266, LNCS, Springer Berlin, Heidelberg, 2006, pp. 152-167.
• [10] CHOTHIA T., SMIRNOV V., A Traceability Attack Against e-Passports, 14th International Conference on Financial Cryptography and Data Security 2010, LNCS, Springer, 2010.
• [11] ICAO, Document 9303, Edition 6, Part 1.
• [12] ICAO, Machine readable travel documents (MRTDs): history, interoperability, and implementation, Release 1. September 2006.
• [13] JUELS A., MOLNAR D., WAGNER D., Security and Privacy Issues in E-passports, Proc. of the First Int. Conf. on Security and Privacy for Emerging Areas in Communications Networks (SecureComm’05), Washington, 2005, IEEE, pp. 74-88.
• [14] KASPER T., CURLUCCIO D., PAAR C., An Embedded System for Practical Security Analysis of Contactless Smartcards, WISTP 07, May 2007.
• [15] KFIR Z., WOOL A., Picking Virtual Pockets using Relay Attacks on Contactless Smartcard Systems, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05), 2005, pp. 47-58.
• [16] KIRSCHENBAUM I., WOOL A., How to Build a Low-Cost, Extended-Range RFID Skimmer, Cryptology ePrint Archive: Report 2006/054, 2006.
• [17] KOSTA E., MEINTS M., HANSEN M., GASSON M., An analysis of security and privacy issues relating to RFID enabled ePassports, in IFIPSEC07, International Federation for Information Processing, Vol. 232, New approaches for Security, Privacy and Trust in Complex Environments, May 2007, pp. 467-72.
• [18] KÜGLER D., NAUMANN I., Sicherheitsmechanismen für kontaktlose Chips im deutschen Reisepass. Ein Überblick über Sicherheitsmerkmale, Risiken und Gegenmaßnahmen, Datenschutz und Datensicherheit, March 2007 (in German).
• [19] MAHAFFEY K., HERING J., United States e-Passport Shield Failure Vulnerability, Blackhat 2006.
• [20] BSI, Messung der Abstrahleigenschaften von RFID-Systemen (MARS), Projektdokument 1: Teilbericht zu den Möglichkeiten des passiven Mitlesens einer RFID-Kommunikation, 2008.
• [21] MATYÁŠ V., ŘÍHA Z., ŠVENDA P., Security of Electronic Passports, UPENET, UPGRADE European NETwork, Upgrade Vol. VIII, No. 6, Dec. 2007.
• [22] Minime (pseudonym), Mahajivana (pseudonym), RFID-Zapper, http://events.ccc.de/congress/2005/wiki/RFIDZapper(EN).
• [23] ICAO TAG-MRTD/17 – WP11, Extended Access Control, Working paper for the 17th meeting in Montreal, NTWG, March 2007.
• [24] Priva’C, http://www.ask.fr/uk/products_and_services/priva_c.html, accessed on July 2nd, 2009.
• [25] RFID shield, http://www.rfid-shield.com/, accessed on June 1st, 2009.
• [26] RICHTER H., MOSTOWSKI W., POLL E., Fingerprinting Passports, NLUUG 2008 Spring Conference on Security, 2008, pp. 21-30.
• [27] ROBROCH H., ePassport Privacy Attack, Cards Asia Singapore, April 26, 2006.
• [28] ŘÍHA Z., CHAREAU. J.M., Bezpečnost elektronických pas,. Mikulášská kryptobesídka 2008, Praha, December 2008.
• [29] ISO/IEC JTC1 SC17 WG3, Supplement to Doc 9303, Release 6, September 21, 2007.
• [30] VAUDENAY S., VUAGNOUX M., About Machine-Readable Travel Documents, Anti-counterfeit Image Analysis Methods, A Special Session of ICSXII, Journal of Physics, Conference Series 77, IOP Publishing, 2007, 012006.
• [31] German entry for ‘Reisepass’, http://de.wikipedia.org/wiki/Reisepass.
• [32] BRANDFORD W., e-Passport/MRTD Observations, 2nd Symposium on ICAO-Standard MRTDs, Biometrics and Security, Montreal, 2006.
• [33] WITTEMAN, M. Attacks on Digital Passports, WhatTheHack Conference, July 2005, http://wiki.whatthehack.org/images/2/28/WTH-slides-Attacks-on-Digital-Passports-Marc-Witteman.pdf.