TY - GEN
T1 - Securing epassport system
T2 - SoftCOM 2009 - 17th International Conference on Software, Telecommunications and Computer Networks
AU - Saeed, Muhammad Qasim
AU - Masood, Ashraf
AU - Kausar, Firdous
PY - 2009
Y1 - 2009
N2 - Despite the fact that RFID based ePassport (a.k.a biometric passport) has increased the efficiency of passport systems, it has created many new threats concerning personal data protection. Cryptographic tools are used to counter these threats but vulnerabilities are discovered in the implementation of these tools. For instance, Basic Access Control (BAC) is used to thwart data skimming from the ePassport to an illegitimate reader. Study reveals that the BAC keys suffer from very low practical entropy, therefore BAC cannot be considered as an effective tool against skimming attacks. Moreover, Active Authentication (AA), a measure against chip cloning, can be bypassed by amending the EF.COM file of the passport chip. In this paper, an Anti-Cloning and Anti-Skimming Protocol (ACASP) is proposed that provides a counter solution to the aforementioned vulnerabilities. It takes advantage of publicprivate key pair stored in the chip and optional data storage capacity in Machine Readable Zone (MRZ) of the passport. It increases BAC keys entropy from 30-40 bits to 56 bits and provides an entirely different approach to avoid chip cloning. ACASP can be implemented without any change in hardware of reader and tag. It also requires no change in Logical Data Structure (LDS) of the RFID chip. However, application software of reader and tag needs to be modified as required.
AB - Despite the fact that RFID based ePassport (a.k.a biometric passport) has increased the efficiency of passport systems, it has created many new threats concerning personal data protection. Cryptographic tools are used to counter these threats but vulnerabilities are discovered in the implementation of these tools. For instance, Basic Access Control (BAC) is used to thwart data skimming from the ePassport to an illegitimate reader. Study reveals that the BAC keys suffer from very low practical entropy, therefore BAC cannot be considered as an effective tool against skimming attacks. Moreover, Active Authentication (AA), a measure against chip cloning, can be bypassed by amending the EF.COM file of the passport chip. In this paper, an Anti-Cloning and Anti-Skimming Protocol (ACASP) is proposed that provides a counter solution to the aforementioned vulnerabilities. It takes advantage of publicprivate key pair stored in the chip and optional data storage capacity in Machine Readable Zone (MRZ) of the passport. It increases BAC keys entropy from 30-40 bits to 56 bits and provides an entirely different approach to avoid chip cloning. ACASP can be implemented without any change in hardware of reader and tag. It also requires no change in Logical Data Structure (LDS) of the RFID chip. However, application software of reader and tag needs to be modified as required.
KW - Active authentication (AA)
KW - Basic access control (BAC)
KW - Epassport
KW - International civil aviation organization (ICAO)
UR - http://www.scopus.com/inward/record.url?scp=70649096313&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=70649096313&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:70649096313
SN - 9789532900132
T3 - SoftCOM 2009 - 17th International Conference on Software, Telecommunications and Computer Networks
SP - 90
EP - 94
BT - SoftCOM 2009 - 17th International Conference on Software, Telecommunications and Computer Networks
Y2 - 24 September 2009 through 26 September 2009
ER -