Skip to main content
Springer Nature Link
Log in

E-Passport: Cracking Basic Access Control Keys

  • Conference paper
On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS (OTM 2007)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4804))

  • 657 Accesses

Abstract

Since the introduction of the Machine Readable Travel Document (MRTD) that is also known as e-passport for human identification at border control debates have been raised about security and privacy concerns. In this paper, we present the first hardware implementation for cracking Basic Access Control (BAC) keys of the e-passport issuing schemes in Germany and the Netherlands. Our implementation was designed for the reprogrammable key search machine COPACOBANA and achieves a key search speed of 228 BAC keys per second. This is a speed-up factor of more than 200 if compared to previous results and allows for a runtime in the order of seconds in realistic scenarios.

Supported by the European Commission through the IST Contract IST-2002-507932 ECRYPT, the European Network of Excellence in Cryptology.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. 3-millionster deutscher ePass ausgeliefert, http://www.bundesdruckerei.de/de/presse/ pressemeldungen/pm_2007_04_02.html

  2. Advanced Security Mechanisms for Machine Readable Travel Documents – Extended Access Control, http://www.bsi.bund.de/fachthem/epass/EACTR03110_v101.pdf

  3. Behördenkennzahl, http://www.pruefziffernberechnung.de/Begleitdokumente/BKZ.shtml

  4. Behördenkennzahlen für deutsche Personalausweise und Reisepässe, http://www.pruefziffernberechnung.de/Begleitdokumente/BKZ.pdf

  5. Benefits of MRTD, http://mrtd.icao.int/content/view/28/203/

  6. Bundestag verabschiedet Novelle des Passgesetzes, http://www.heise.de/newsticker/meldung/90202

  7. FIPS 180-1 Secure Hash Standard, http://www.itl.nist.gov/fipspubs/fip180-1.htm

  8. FIPS 46-3 Data Encryption Standard (DES), http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf

  9. Paßgesetz PaßG, http://www.gesetze-im-internet.de/bundesrecht/pa_g_1986/gesamt.pdf

  10. Privacy issues with new digital passport, http://www.riscure.com/news/passport.html

  11. Avoine, G., Kalach, K., Quisquater, J.-J.: Belgian Biometric Passport does not get a pass. Your personal data are in danger!, http://www.dice.ucl.ac.be/crypto/passport/index.html

  12. Bosselaers, A.: Fast Implementations on the Pentium, http://homes.esat.kuleuven.be/~bosselae/fast.html

  13. Carluccio, D., Lemke-Rust, K., Paar, C., Sadeghi, A.-R.: E-Passport: The Global Traceability or How to Feel Like an UPS Package. In: WISA 2006. LNCS, vol. 4298, pp. 391–404. Springer, Heidelberg (2006)

    Google Scholar 

  14. Statistisches Bundesamt Deutschland. GENESIS-Online - Das statistische Informationssystem, https://www-genesis.destatis.de/genesis/online/logon

  15. Finkenzeller, K.: RFID-Handbuch. Hanser Fachbuchverlag, 3rd edn. (October 2002)

    Google Scholar 

  16. Hancke, G.P.: Practical Attacks on Proximity Identification Systems (Short Paper). In: IEEE Symposium on Security and Privacy 2006 (2006), http://www.cl.cam.ac.uk/~gh275/SPPractical.pdf

  17. Hoepman, J.-H., Hubbers, E., Jacobs, B., Oostdijk, M., Schreur, R.W.: Crossing Borders: Security and Privacy Issues of the European e-Passport. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 152–167. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  18. ISO/IEC 14443. Identification cards - Contactless integrated circuit(s) cards - Proximity cards - Part 1-4 (2001), www.iso.ch

  19. Vaudenay, S., Monnerat, J., Vuagnoux, M.: About Machine-Readable Travel Documents. In: Proceedings of the International Conference on RFID Security 2007, pp. 15–28 (2007)

    Google Scholar 

  20. Juels, A., Molnar, D., Wagner, D.: Security and Privacy Issues in E-passports. Cryptology ePrint Archive, Report 2005/095 (2005), http://eprint.iacr.org/2005/095.pdf

  21. Kc, G.S., Karger, P.A.: Security and Privacy Issues in Machine Readable Travel Documents (MRTDs). RC 23575, IBM T. J. Watson Research Labs (April 2005)

    Google Scholar 

  22. Kumar, S., Paar, C., Pelzl, J., Pfeiffer, G., Rupp, A., Schimmler, M.: How to Break DES for C 8,980. In: SHARCS‘06 – Special-purpose Hardware for Attacking Cryptographic Systems, pp. 17–35 (2006), http://www.hyperelliptic.org/tanja/SHARCS/talks06/copa_sharcs.pdf

  23. Kumar, S., Paar, C., Pelzl, J., Pfeiffer, G., Schimmler, M.: Breaking Ciphers with COPACOBANA - A Cost-Optimized Parallel Code Breaker. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 101–118. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  24. ICAO TAG MRTD/NTWG. Biometrics Deployment of Machine Readable Travel Documents, Technical Report (2004), http://www.icao.int/mrtd

  25. International Civil Aviation Organization. Annex I, Use of Contactless Integrated Circuit. Machine Readable Travel Documents (2004), http://www.icao.int/mrtd

  26. International Civil Aviation Organization. Machine Readable Travel Documents, PKI for Machine Readable Travel Documents offering ICC Read-Only Access (2004), http://www.icao.int/mrtd

  27. International Civil Aviation Organization. Machine Readable Travel Documents, Technical Report, Development of a Logical Data Structure - LDS For Optional Capacity Expansion Technologies (2004), http://www.icao.int/mrtd

  28. International Civil Aviation Organization. Machine Readable Travel Documents, Supplement to Doc9303-part1-sixth edition (2005), http://www.icao.int/mrtd

  29. International Civil Aviation Organization. Machine Readable Travel Documents, Doc 9303, Part 1 Machine Readable Passports, Fifth Edition (2003)

    Google Scholar 

  30. Robroch, H.: ePassport Privacy Attack, Presentation at Cards Asia Singapore (April 26, 2006), http://www.riscure.com

Download references

Author information

Authors and Affiliations

  1. Horst Görtz Institute for IT Security, Ruhr University Bochum, Germany

    Yifei Liu, Timo Kasper, Kerstin Lemke-Rust & Christof Paar

Authors
  1. Yifei Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Timo Kasper
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kerstin Lemke-Rust
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Christof Paar
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Robert Meersman Zahir Tari

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Liu, Y., Kasper, T., Lemke-Rust, K., Paar, C. (2007). E-Passport: Cracking Basic Access Control Keys. In: Meersman, R., Tari, Z. (eds) On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS. OTM 2007. Lecture Notes in Computer Science, vol 4804. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76843-2_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-76843-2_30

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-76835-7

  • Online ISBN: 978-3-540-76843-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics