Securing epassport system: A Proposed anti-cloning and anti-skimming protocol

Muhammad Qasim Saeed, Ashraf Masood, Firdous Kausar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Despite the fact that RFID based ePassport (a.k.a biometric passport) has increased the efficiency of passport systems, it has created many new threats concerning personal data protection. Cryptographic tools are used to counter these threats but vulnerabilities are discovered in the implementation of these tools. For instance, Basic Access Control (BAC) is used to thwart data skimming from the ePassport to an illegitimate reader. Study reveals that the BAC keys suffer from very low practical entropy, therefore BAC cannot be considered as an effective tool against skimming attacks. Moreover, Active Authentication (AA), a measure against chip cloning, can be bypassed by amending the EF.COM file of the passport chip. In this paper, an Anti-Cloning and Anti-Skimming Protocol (ACASP) is proposed that provides a counter solution to the aforementioned vulnerabilities. It takes advantage of publicprivate key pair stored in the chip and optional data storage capacity in Machine Readable Zone (MRZ) of the passport. It increases BAC keys entropy from 30-40 bits to 56 bits and provides an entirely different approach to avoid chip cloning. ACASP can be implemented without any change in hardware of reader and tag. It also requires no change in Logical Data Structure (LDS) of the RFID chip. However, application software of reader and tag needs to be modified as required.

Original languageEnglish
Title of host publicationSoftCOM 2009 - 17th International Conference on Software, Telecommunications and Computer Networks
Pages90-94
Number of pages5
Publication statusPublished - 2009
Externally publishedYes
EventSoftCOM 2009 - 17th International Conference on Software, Telecommunications and Computer Networks - Hvar, Croatia
Duration: Sep 24 2009Sep 26 2009

Publication series

NameSoftCOM 2009 - 17th International Conference on Software, Telecommunications and Computer Networks

Conference

ConferenceSoftCOM 2009 - 17th International Conference on Software, Telecommunications and Computer Networks
Country/TerritoryCroatia
CityHvar
Period9/24/099/26/09

Keywords

  • Active authentication (AA)
  • Basic access control (BAC)
  • Epassport
  • International civil aviation organization (ICAO)

ASJC Scopus subject areas

  • Software
  • Electrical and Electronic Engineering

Cite this