Skip to main content
SpringerLink
Log in

Increasing Privacy Threats in the Cyberspace: The Case of Italian E-Passports

  • Conference paper
Financial Cryptography and Data Security (FC 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6054))

Included in the following conference series:

Abstract

The recent introduction of electronic passports (e-Passports) motivates the need of a thorough investigation on potential security and privacy issues. In this paper, we focus on the e-Passport implementation adopted in Italy. Leveraging previous attacks to e-Passports adopted in other countries, we analyze (in)security of Italian e-Passports and we investigate additional critical issues.

Our work makes several contributions.

  1. 1

    We show that in some concrete scenarios, Italian e-Passports are prone to eavesdropping attacks, where one can unnoticeably obtain private data stored in the e-Passport using RF communication, while the passport is stored in a bag/pocket. Moreover, we show how to trace e-Passports by successfully linking two or more communication transcripts related to the same e-Passport.

  2. 1

    We propose a set of open-source tools that build successful attacks to the security of Italian e-Passports. Among them, we provide a simulator that produces attacks without requiring physical passports and RFID equipment.

  3. 1

    We show that the random number generator included in the RFID chips produces bits that are noticeably far from the uniform distribution, thus potentially exposing Italian e-Passports to several other attacks

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 54.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Advanced security mechanisms for Machine Readable Travel Documents - Extended Access Control, http://www.bsi.bund.de/fachthem/epass/EACTR03110_v110.pdf

  2. BACK User Guide, http://rfid.dia.unisa.it/epass/UserGuide.pdf

  3. Benefits of MRTD, http://mrtd.icao.int/content/view/28/203/

  4. NIST Statistical Test Suite, http://csrc.nist.gov/groups/ST/toolkit/rng/documents/sts-2.0b.zip

  5. NIST Statistical Test Suite Documentation, http://csrc.nist.gov/publications/nistpubs/800-22-rev1/SP800-22rev1.pdf

  6. Privacy issues with new digital passport, http://www.riscure.com/news/passport.html

  7. Random Number Generation Technical Working Group, http://csrc.nist.gov/groups/ST/toolkit/rng/index.html

  8. Security features and biometrics in passports, http://www.europarl.europa.eu/sides/getDoc.do?language=EN&type=IM-PRESS&reference=20090114IPR46171

  9. Avoine, G., Kalach, K., Quisquater, J.: E-Passport: Securing international contacts with contactless chips. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 141–155. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  10. Avoine, G., Kalach, K., Quisquater, J.-J.: Belgian biometric passport does not get a pass...your personal data are in danger!, http://www.dice.ucl.ac.be/crypto/passport/index.html

  11. Avoine, G., Kalach, K., Quisquater, J.-J.: epassport: Securing international contacts with contactless chips. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 141–155. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  12. Blundo, C., Persiano, G., Sadeghi, A., Visconti, I.: Identification protocols revisited -episode i: E-passports. In: Secure Component and System Identification, SECSI 2008 (2008)

    Google Scholar 

  13. Blundo, C., Persiano, G., Sadeghi, A., Visconti, I.: Improved security notions and protocols for non-transferable identification. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 364–378. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  14. Blundo, C., Persiano, G., Sadeghi, A., Visconti, I.: Resettable and non-transferable chip authentication for e-passports. In: Workshop on RFID Security (RFIDSec 2008) (2008)

    Google Scholar 

  15. Carluccio, D., Lemke-Rust, K., Paar, C., Sadeghi, A.-R.: E-passport: The global traceability or how to feel like an ups package. In: Lee, J.K., Yi, O., Yung, M. (eds.) WISA 2006. LNCS, vol. 4298, pp. 391–404. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  16. Courses, E., Surveys, T.: E-Passport Threats. IEEE Security & Privacy Magazine 5(6), 61–64 (2007)

    Article  Google Scholar 

  17. Avoine, G., Kalach, K., Quisquater, J.-J.: Belgian Biometric Passport does not get a pass... (2007), http://www.dice.ucl.ac.be/crypto/passport/index.html

  18. Grunwald, L.: New attacks against RFID-Systems (2006), http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Grunwald.pdf

  19. Kc, G.S., Karger, P.A.: Security and Privacy Issues in Machine Readable Travel Documents (MRTDs). RC 23575, IBM T. J. Watson Research Labs (April 2005)

    Google Scholar 

  20. Halvac, M., Rosa, T.: A Note on the Relay Attacks on e-passports: The Case of Czech e-Passports. Cryptology ePrint Archive, Report 2007/244 (2007)

    Google Scholar 

  21. ICAO. Machine Readable Travel Documents, PKI for Machine Readable Travel Documents offering ICC Read-Only Access (2004), http://www.icao.int/mrtd

  22. H. J.H., H. E., J. B., and O.M. S.R. W

    Google Scholar 

  23. Juels, A., Molnar, D., Wagner, D.: Security and Privacy Issues in E-passports. Technical report

    Google Scholar 

  24. Juels, A., Molnar, D., Wagner, D.: Security and Privacy issues in e-Passports. In: SecureComm (2005)

    Google Scholar 

  25. Juels, A., Molnar, D., Wagner, D.: Security and privacy issues in e-passports. In: SecureComm 2005, First International Conference on Security and Privacy for Emerging Areas in Communication Networks, Athens, Greece (September 2005)

    Google Scholar 

  26. Kc, G., Karger, P.: Security and Privacy Issues in Machine Readable Travel Documents, MRTDs (2006)

    Google Scholar 

  27. Kumar, S., Paar, C., Pelzl, J., Pfeiffer, G., Rupp, A., Schimmler, M.: How to Break DES for 8,980. In: SHARCS 2006 – Special-purpose Hardware for Attacking Cryptographic Systems, pp. 17–35 (2006), http://www.hyperelliptic.org/tanja/SHARCS/talks06/copa_sharcs.pdf

  28. Laurie, A.: RFIDIOt, http://www.rfidiot.org

  29. Liu, Y., Kasper, T., Lemke-Rust, K., Paar, C.: E-passport: Cracking basic access control keys with copacobana. In: SHARCS 2007 (2007)

    Google Scholar 

  30. Lehtonen, M., Michahelles, F., Staake, T., Fleisch, E.: Strengthening the security of machine readable documents by combining rfid and optical memory devices. In: Proceedings of Int. Conf. on Ambient Intelligence Development (2006)

    Google Scholar 

  31. Monnerat, J., Vaudenay, S., Vuagnoux, M.: About machine-readable travel documents – privacy enhancement using (weakly) non-transferable data authentication. In: International Conference on RFID Security (2007)

    Google Scholar 

  32. Ortiz-Yepes, D.: ePassports: Authentication and Access Control Mechanisms (2007)

    Google Scholar 

  33. Robroch, H.: ePassport Privacy Attack, Presentation at Cards Asia Singapore (April 26, 2006), http://www.riscure.com

  34. Vaudenay, S.: E-passport threats, vol. 5, pp. 61–64. IEEE Computer Society, Los Alamitos (2007)

    Google Scholar 

  35. Witteman, M.: Attacks on digital passports. What the Hack

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Informatica ed Applicazioni, Università degli Studi di Salerno, I-84084, Fisciano, (SA), Italy

    Vincenzo Auletta, Carlo Blundo, Angelo De Caro, Giuseppe Persiano & Ivan Visconti

  2. University of California, Irvine, Irvine, CA, 92617, USA

    Emiliano De Cristofaro

Authors
  1. Vincenzo Auletta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Carlo Blundo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Angelo De Caro
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Emiliano De Cristofaro
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Giuseppe Persiano
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Ivan Visconti
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, Stony Brook University, 11794, Stony Brook, NY, USA

    Radu Sion

  2. Department of Computer Science, New Jersey Institute of Technology, 218 Central Ave, 07102, Newark, NJ, USA

    Reza Curtmola

  3. Computer Science Department, Castle Point on Hudson, Stevens Institute of Technology, 07030, Hoboken, NJ, USA

    Sven Dietrich

  4. Computer Science and Engineering, University of Connecticut,, 372 Fairfield Way, 06269, Storrs, CT, USA

    Aggelos Kiayias

  5. Departamento de Matemáticas, Universidad de Lleida, Jaume II, 69, 25001, Lleida, Spain

    Josep M. Miret

  6. NEC Central Research Labs, 1753 Shimonumabe, Nakahara, 211-8666, Kawasaki, Japan

    Kazue Sako

  7. Departamento de Matemáticas, Dept. of Computer Engineering and Universidad de Lleida, Jaume II, 69, 25001, Lleida, Spain

    Francesc Sebé

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Auletta, V., Blundo, C., De Caro, A., De Cristofaro, E., Persiano, G., Visconti, I. (2010). Increasing Privacy Threats in the Cyberspace: The Case of Italian E-Passports. In: Sion, R., et al. Financial Cryptography and Data Security. FC 2010. Lecture Notes in Computer Science, vol 6054. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14992-4_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14992-4_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14991-7

  • Online ISBN: 978-3-642-14992-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation