A Survey of Security and Privacy Issues in ePassport Protocols

@article{Avoine2016ASO,
  title={A Survey of Security and Privacy Issues in ePassport Protocols},
  author={Gildas Avoine and Antonin Beaujeant and Julio C{\'e}sar Hern{\'a}ndez Castro and Louis Demay and Philippe Teuwen},
  journal={ACM Computing Surveys (CSUR)},
  year={2016},
  volume={48},
  pages={1 - 37}
}
This article examines in great detail the most relevant security and privacy issues affecting the protocols used by contactless chips integrated in ePassports, and presents all relevant literature together with some new attacks and insights that could help in improving future standards and the next generations of ePassports. 
ePassport Protocol on the Spi Calculus
TLDR
A new protocol of ePassport is model via this work to provide better authentication and to protect sensitive data, and Elliptic curve cryptography and secret sharing scheme present the main topics referred to in the proposed protocol.
Post-quantum Certificates for Electronic Travel Documents
TLDR
This paper investigates the practicality of employing post-quantum digital signatures to ensure the authenticity of an electronic travel document, and creates a special-purpose public key infrastructure based on these techniques, and gives performance results for both creation and verification of certificates.
Security assessment of the Spanish contactless identity card
TLDR
This study considers as case study the recently deployed contactless Spanish identity card assessing its security against identity theft, and finds that no defences against online brute-force attacks were incorporated, and suggests two countermeasures to protect against these attacks.
Discovering ePassport Vulnerabilities using Bisimilarity
TLDR
This paper explains how bisimilarity was used to discover privacy vulnerabilities in the ICAO 9303 standard implemented by ePassports worldwide, and develops here a chain of methods for the applied $\pi$-calculus including a symbolic under-approximation of bis similarity, called open bisimilarities, and a modal logic for describing and certifying attacks.
Elliptic Curve Cryptography on E-Passport Authentication Protocol
  • S. Saoudi, S. Yousfi, R. Robbana
  • Computer Science
    2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA)
  • 2017
TLDR
A new mechanism is presented to strengthen e-passport authentication process and a new protocol based on Elliptic Curve, Identity-Based Encryption and Shared Secret between entities is proposed to provide a secure data storage and authentication.
A Privacy-Preserving Device Tracking System Using a Low-Power Wide-Area Network
TLDR
This paper builds and evaluates a complete demonstrator with off-the-shelf IoT nodes, Bluetooth Low Energy (BLE) beacons, and LoRa long distance communication (LPWAN), and validate the setup for a bicycle tracking application and also estimate the requirements for a low-cost ASIC node.
Breaking Unlinkability of the ICAO 9303 Standard for e-Passports Using Bisimilarity
TLDR
It is demonstrated that the original privacy claims made are flawed, by uncovering attacks on a strong formulation of unlinkability using a state-of-the-art approach to bisimilarity.
Mobile Authentication System Based on National Regulation and NFC Technology
TLDR
Using mobile payments as a specific case, a new authentication system, i.e. National Authentication System (NAS), based on national regulations for mobile devices is introduced, able to provide a more secure authentication and protection method using identifications and sensitive information isolation.
Biometric Passport for National Security Using Multibiometrics and Encrypted Biometric Data Encoded in the QR Code
TLDR
A multimodal biometric, secure encrypted data and encrypted biometric encoded in the Quick Response Code (QR code) based e-passport authentication method is proposed for national security application.
Facial blemishes detection and encryption with secure force algorithm into HCC2D code for biometric-passport
TLDR
A face recognition based on facial blemishes detection and encrypted into the High Capacity Color 2-Dimensional (HCC2D) code for biometric passport security to protect the biometric information from an intruder.
...
...

References

SHOWING 1-10 OF 62 REFERENCES
An analysis of security and privacy issues relating to RFID enabled ePassports
TLDR
An interdisciplinary approach to the key security and privacy issues arising from the use of ePassports is taken and how European data protection legislation must be respected and what additional security measures must be integrated in order to safeguard the privacy of the EU ePassport holder is analyzed.
Enhancing the privacy of electronic passports
TLDR
This paper proposes a new solution combining cryptographic protocols and cancellable biometrics to solve the problem of privacy in the current architecture in electronic passports for the storage and transmission of biometric data such as fingerprints.
Crossing Borders: Security and Privacy Issues of the European e-Passport
TLDR
This work discusses attacks on Basic Access Control due to the low entropy of the data from which the access keys are derived, sketches the European proposals for Extended Access Control and the weaknesses in that scheme, and shows how fundamentally different design decisions can make e-passports more secure.
An On-Line Secure E-Passport Protocol
TLDR
An on-line authentication mechanism for electronic passports that addresses the weakness in existing implementations, of both The International Civil Aviation Organisation (ICAO) and EU is proposed, which utilises ICAO PKI implementation, thus requiring very little modifications to the existing infrastructure which is already well established.
Weakening ePassports through Bad Implementations
TLDR
This work presents the flaws found out in some implementations of the software hosted on ePassport chips and how the Basic Access Control (BAC) protocol is affected, and shows how it is possible to discern the different software versions used on the chip over time through some their peculiar fingerprints.
ePassport: Securing International Contacts with Contactless Chips
TLDR
It is proved that Belgian passport, recipient of Interpol "World's most secure passport" award in 2003, provides the worst basic access key entropy one has ever seen, and that two-thirds of Belgian ePassports in circulation do not implement any data protection mechanism.
Security and Privacy Issues in E-passports
  • A. Juels, D. Molnar, D. Wagner
  • Computer Science
    First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05)
  • 2005
TLDR
Privacy and security issues that apply to e-passports are described and analyzed, and these issues are analyzed in the context of the International Civil Aviation Organization (ICAO) standard for e- Passports.
PKCS #5: Password-Based Cryptography Specification Version 2.0
This memo represents a republication of PKCS #5 v2.0 from RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, and change control is retained within the PKCS process. The body of this
E-Passport: The Global Traceability Or How to Feel Like a UPS Package
TLDR
This paper revisits the privacy concerns caused by the Basic Access Control mechanism of MRTDs and considers German e-passports as a use case and proposes a variant of the cost-efficient hardware architecture (COPACOBANA) which has been recently realized.
Securing Traceability of Ciphertexts - Towards a Secure Software Key Escrow System (Extended Abstract)
  • Y. Desmedt
  • Computer Science, Mathematics
    EUROCRYPT
  • 1995
TLDR
This paper proposes an alternative approach to achieve traceability based on the computational complexity of some well known problems in number theory, which does not require a tamperproof implementation, nor a secret algorithm.
...
...