An On-Line Secure E-Passport Protocol
The first generation e-passport standard is proven to be insecure and prone to various attacks. To strengthen, the European Union (EU) has proposed an Extended Access Control (EAC) mechanism for e-passports that intends to provide better security in prote
- PDF / 263,553 Bytes
- 15 Pages / 430 x 660 pts Page_size
- 23 Downloads / 236 Views
Centre for Advanced Computing - Algorithms and Cryptography (ACAC) Department of Computing Macquarie University, Australia {krishnan,josef}@ics.mq.edu.au 2 Nanyang Technological University, Singapore [email protected]
Abstract. The first generation e-passport standard is proven to be insecure and prone to various attacks. To strengthen, the European Union (EU) has proposed an Extended Access Control (EAC) mechanism for e-passports that intends to provide better security in protecting biometric information of the e-passport bearer. But, our analysis shows, the EU proposal fails to address many security and privacy issues that are paramount in implementing a strong security mechanism. In this paper we propose an on-line authentication mechanism for electronic passports that addresses the weakness in existing implementations, of both The International Civil Aviation Organisation (ICAO) and EU. Our proposal utilises ICAO PKI implementation, thus requiring very little modifications to the existing infrastructure which is already well established.
1
Introduction
Due to increased risk of terrorism, countries are adopting biometric enabled passport as a preventive measure to monitor and strengthen their border security. The ICAO, an United Nation body responsible for setting international passport standards, established five task forces under the New Technology Working Group (NTWG) to develop a standard for Machine Readable Travel Documents (MRTD) [1]. The ICAO standard DOC 9303 [1] for MRTD describes a contactless smart card microchip that conforms with ISO-14443 [2], embedded within an e-passport booklet. The microchip duplicates the information that appears on an passport’s bio-data page and which is recorded in the Machine Readable Zone (MRZ). The e-passport standard provides details about establishing a secure communication between an e-passport and an Inspection System (IS), authentication of an epassport, details on storage mechanism and biometric identifiers that should be used. Ari Juels, et al. [3] presented some security and privacy issues that apply to the first generation e-passports. The authors express concerns regarding the fact that the contactless chip embedded in an e-passport allows the e-passport contents to be read without direct contact with an Inspection System (IS) and, importantly, with the e-passport booklet closed. The authors also raise concerns as to whether L. Chen, Y. Mu, and W. Susilo (Eds.): ISPEC 2008, LNCS 4991, pp. 14–28, 2008. c Springer-Verlag Berlin Heidelberg 2008
An On-Line Secure E-Passport Protocol
15
data on the chip could therefore be covertly collected by means of “skimming” or “eavesdropping”. Because of low entropy, the key would be also vulnerable to brute force attacks as demonstrated by [4]. The risk of eavesdropping is increased by the surveillance environment in which border checks occur, particularly, as the border control becomes more and more automated (as discussed in [5]), this will ultimately assist in a covert collection of e-passport data. Kc and Karger [6]
Data Loading...