ePassport: Securing International Contacts with Contactless Chips
作者: Gildas Avoine , Kassem Kalach , Jean-Jacques Quisquater
DOI: 10.1007/978-3-540-85230-8_11
关键词: Integrate circuit 、 Cryptography 、 Data Protection Act 1998 、 Computer security 、 Computer science 、 Software deployment 、 Entropy (information theory) 、 Access key 、 Civil aviation 、 Access control
摘要: Electronic passports (ePassports) have known a wide and fast deployment all around the world since International Civil Aviation Organization published their specifications in 2004. Based on an integrated circuit, ePassports are significantly more secure than predecessors. Forging ePassport is definitely thwarted by use of cryptographic means. In spite undeniable benefit, raised questions about personal data protection, attacks basic access control mechanism came into sight. Keys used for that purpose derive from nothing but predictable machine readable zone data, so suffer weak entropy. We provide in-depth evaluation key entropy, prove Belgian passport, recipient Interpol "World's most passport" award 2003, provides worst entropy one has ever seen. also state two-thirds circulation do not implement any protection mechanism. demonstrate our claims means practical attacks. then recommendations to amend security, directions further work.
springer.com
ifca.ai 参考文章(13)
Mikko Lehtonen, Florian Michahelles, Thorsten Staake, Elgar Fleisch, Strengthening the Security of Machine Readable Documents by Combining RFID and Optical Memory Devices Springer, Paris. pp. 77- 92 ,(2006) , 10.1007/978-2-287-47610-5_6
A. Juels, D. Molnar, D. Wagner, Security and Privacy Issues in E-passports international workshop on security. pp. 74- 88 ,(2005) , 10.1109/SECURECOMM.2005.59
Gildas Avoine, Cryptography in radio frequency identification and fair exchange protocols EPFL. ,(2005) , 10.5075/EPFL-THESIS-3407
Dario Carluccio, Kerstin Lemke-Rust, Christof Paar, Ahmad-Reza Sadeghi, E-passport: the global traceability or how to feel like a UPS package workshop on information security applications. pp. 391- 404 ,(2006) , 10.1007/978-3-540-71093-6_30
Louis C. Guillou, Jean-Jacques Quisquater, A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory theory and application of cryptographic techniques. pp. 123- 128 ,(1988) , 10.1007/3-540-45961-8_11
Louis Claude Guillou, Jean-Jacques Quisquater, A Paradoxical Indentity-Based Signature Scheme Resulting from Zero-Knowledge international cryptology conference. pp. 216- 231 ,(1988) , 10.1007/0-387-34799-2_16
S Vaudenay, M Vuagnoux, About Machine-Readable Travel Documents international conference on supercomputing. ,vol. 77, pp. 012006- ,(2007) , 10.1088/1742-6596/77/1/012006
George I. Davida, Yvo G. Desmedt, Passports and Visas versus Ids theory and application of cryptographic techniques. pp. 183- 188 ,(1988) , 10.1007/3-540-45961-8_16
Jaap-Henk Hoepman, Engelbert Hubbers, Bart Jacobs, Martijn Oostdijk, Ronny Wichers Schreur, Crossing borders: security and privacy issues of the european e-passport international workshop on security. pp. 152- 167 ,(2006) , 10.1007/11908739_11
Martin Hlavác, Tomás Rosa, A Note on the Relay Attacks on e-passports: The Case of Czech e-passports. IACR Cryptology ePrint Archive. ,vol. 2007, pp. 244- ,(2007)