• PDF / 263,553 Bytes
• 15 Pages / 430 x 660 pts Page_size
• 23 Downloads / 236 Views

DOWNLOAD

REPORT

Centre for Advanced Computing - Algorithms and Cryptography (ACAC) Department of Computing Macquarie University, Australia {krishnan,josef}@ics.mq.edu.au 2 Nanyang Technological University, Singapore [email protected]

Abstract. The first generation e-passport standard is proven to be insecure and prone to various attacks. To strengthen, the European Union (EU) has proposed an Extended Access Control (EAC) mechanism for e-passports that intends to provide better security in protecting biometric information of the e-passport bearer. But, our analysis shows, the EU proposal fails to address many security and privacy issues that are paramount in implementing a strong security mechanism. In this paper we propose an on-line authentication mechanism for electronic passports that addresses the weakness in existing implementations, of both The International Civil Aviation Organisation (ICAO) and EU. Our proposal utilises ICAO PKI implementation, thus requiring very little modifications to the existing infrastructure which is already well established.

1

Introduction

Due to increased risk of terrorism, countries are adopting biometric enabled passport as a preventive measure to monitor and strengthen their border security. The ICAO, an United Nation body responsible for setting international passport standards, established five task forces under the New Technology Working Group (NTWG) to develop a standard for Machine Readable Travel Documents (MRTD) [1]. The ICAO standard DOC 9303 [1] for MRTD describes a contactless smart card microchip that conforms with ISO-14443 [2], embedded within an e-passport booklet. The microchip duplicates the information that appears on an passport’s bio-data page and which is recorded in the Machine Readable Zone (MRZ). The e-passport standard provides details about establishing a secure communication between an e-passport and an Inspection System (IS), authentication of an epassport, details on storage mechanism and biometric identifiers that should be used. Ari Juels, et al. [3] presented some security and privacy issues that apply to the first generation e-passports. The authors express concerns regarding the fact that the contactless chip embedded in an e-passport allows the e-passport contents to be read without direct contact with an Inspection System (IS) and, importantly, with the e-passport booklet closed. The authors also raise concerns as to whether L. Chen, Y. Mu, and W. Susilo (Eds.): ISPEC 2008, LNCS 4991, pp. 14–28, 2008. c Springer-Verlag Berlin Heidelberg 2008 

An On-Line Secure E-Passport Protocol

15

data on the chip could therefore be covertly collected by means of “skimming” or “eavesdropping”. Because of low entropy, the key would be also vulnerable to brute force attacks as demonstrated by [4]. The risk of eavesdropping is increased by the surveillance environment in which border checks occur, particularly, as the border control becomes more and more automated (as discussed in [5]), this will ultimately assist in a covert collection of e-passport data. Kc and Karger [6]

Recommend Documents

ePassport

126 97 47MB

Secure JTAG Implementation Using Schnorr Protocol

177 36 657KB

Secure Transaction Protocol Analysis Models and Applications

178 60 3MB

An Efficient and Secure User Authentication Protocol for Smart Card Users

166 86 23MB

A Lightweight Secure Authentication Protocol for Wireless Sensor Networks

188 5 47MB

A Protocol Compiler for Secure Sessions in ML

163 88 7MB

Robust Cryptographical Applications for a Secure Wireless Network Protocol

182 41 18MB

Secure I-Voting System with Modified Voting and Verification Protocol

154 13 63MB

An Improved Secure Routing Protocol Based on Clustering for Wireless Sensor Networks

184 58 196KB

An Improved Quantum Identity Authentication Protocol for Multi-party Secure Communication

150 62 78MB

SETNR/A: An Agent-Based Secure Payment Protocol for Mobile Commerce

157 86 386KB

An Efficient Secure Division Protocol Using Approximate Multi-bit Product and New Constant-Round Building Blocks

230 80 10MB