An analysis of security weaknesses in the evolution of RFID enabled passport

  title={An analysis of security weaknesses in the evolution of RFID enabled passport},
  author={Eyad Abdullah Bogari and Pavol Zavarsky and Dale Lindskog and Ron Ruhl},
  journal={World Congress on Internet Security (WorldCIS-2012)},
Since the introduction of Radio Frequency Identification (RFID) Enabled Passports, the system have been plagued with various vulnerability issues that prove to compromise the E-passport security. To date, three generations of E-passports have been introduced by the International Civil Aviation Organization (ICAO) and the European Union (EU). The first two generations of E-passports are being issued worldwide. This paper presents the evolution of these passports over the years to develop… 

Figures and Tables from this paper

Technical Analysis of Security Infrastructure in RFID Technology

The main aim of the paper is to focus on the drawbacks of the pre-existing security measures in RFID technology as well as to discuss the direction in which further research has to be carried out without the compromise on its unique features.

Assessment of Malaysian E-Passport PKI based on ISO 27000 Series International Standards

Malaysia was the 1st country in the world to issue biometric passports (e-Passport) in 1998. Recent years, a number of vulnerabilities in e-Passport have been identified in the first and second

A new security approach for public transport application against tag cloning with neural network-based pattern recognition

A neural network-based technique for identifying cloned tickets for a public transport system based on modeling passenger behavior that provides high security, especially for low-cost RFID tags.

Forward Private RFID Authentication Protocol Based on Universal Hash Function

A universal hash function HM −hash is proposed that is suitable for low-cost RFID tags and the security of the protocol is proofed based on hardware circuit which makes the result more credible.

Enhanced network intrusion detection system protocol for internet of things

A new NIDS protocol with an efficient replica detection algorithm to increase the utility and performance of existing NIDS, where a number of replica test nodes are intentionally inserted into the network to test the reliability and response of witness nodes.

An Audit Model Based On FSM for Offline Synchronization System

The method uses FSM model to simulate the process of customer behaviors and does a data collision with cards information, which can be used to quickly and effectively detect the IC cards with security problems.

A system architecture, processor, and communication protocol for secure implants

A new implant system architecture is proposed, where security and main-implant functionality are made completely decoupled by running the tasks onto two separate cores, achieving high security levels at 56% energy savings and at an area overhead of less than 15%.

Tackling Illegal Wildlife Trade by Improving Traceability: A Case Study of the Potential for Stable Isotope Analysis

The illegal wildlife trade is amongst the top transnational organised crimes in terms of value, estimated to be worth more than the illegal trade in small arms, diamonds, and human organs (Haken



Security and Privacy Issues in E-passports

  • A. JuelsD. MolnarD. Wagner
  • Computer Science
    First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05)
  • 2005
Privacy and security issues that apply to e-passports are described and analyzed, and these issues are analyzed in the context of the International Civil Aviation Organization (ICAO) standard for e- Passports.

A Survey on the Evolution of Cryptographic Protocols in ePassports

An introductory study of the technologies implemented in ePassports Biometrics, RFID, and Public Key Infrastructures is provided and the protocols implemented in each of the three generations of ePassport are analyzed.

The Electronic Passport and the Future of Government-Issued RFID-Based Identification

Radio-frequency identification devices for electronic passports and other existing identity documents are discussed and policy regarding these electronic approaches and developments toward electronic data storage and transmission are examined.

Security Analysis of Australian and E.U. E-passport Implementation

It is shown that both the Australian e-passport implementation and the EU proposal fail to address many security and privacy aspects that are paramount in implementing a secure border control mechanism.

E-Passport: The Global Traceability Or How to Feel Like a UPS Package

This paper revisits the privacy concerns caused by the Basic Access Control mechanism of MRTDs and considers German e-passports as a use case and proposes a variant of the cost-efficient hardware architecture (COPACOBANA) which has been recently realized.

E-Passports as a Means Towards the First World-Wide Public Key Infrastructure

It is argued that an e-passport may also be exploited in other applications as a globally interoperable PKI-enabled tamperproof device.

Increasing Privacy Threats in the Cyberspace: The Case of Italian E-Passports

It is shown that in some concrete scenarios, Italian e-Passports are prone to eavesdropping attacks, where one can unnoticeably obtain private data stored in the e- Passport using RF communication, while the passport is stored in a bag/pocket.

A Traceability Attack against e-Passports

There is a flaw in one of the passport's protocols that makes it possible to trace the movements of a particular passport, without having to break the passport’s cryptographic key.

Determining the Security Enhancement of Biometrics in E-Passports

It is suggested that a security benefit can be achieved if, and only if, border control procedures are merely augmented with authentication based on e-passport biometrics, and solely relying on them may pose a risk that was not existing with previous passports and border controls.

Secure and Scalable RFID Authentication Protocol

A novel scheme is presented with two main features: (i) it improves the scalability at the sever-side; and (ii) the level of resistance to desynchronization attacks can be configured.