Crossing Borders: Security and Privacy Issues of the European e-Passport

Hoepman, Jaap-Henk; Hubbers, E.M.G.M.; Jacobs, Bart; Oostdijk, Martijn; Schreur, Ronny Wichers

doi:10.1007/11908739_11

Cited by 72 publications

(59 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…RFID tags can be very small and cheap [1] and can therefore be embedded in a wide variety of objects. They have, for instance, been embedded in passports [2] and there are plans to embed them in bank notes [3] and groceries [4,5].…”

Section: Introductionmentioning

confidence: 99%

Untraceability of RFID Protocols

Deursen¹,

Mauw²,

Radomirović³

2008

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract.We give an intuitive formal definition of untraceability in the standard Dolev-Yao intruder model, inspired by existing definitions of anonymity. We show how to verify whether communication protocols satisfy the untraceability property and apply our methods to known RFID protocols. We show a previously unknown attack on a published RFID protocol and use our framework to prove that the protocol is not untraceable.

show abstract

Section: Introductionmentioning

confidence: 99%

Untraceability of RFID Protocols

Deursen¹,

Mauw²,

Radomirović³

2008

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…RFIDs are widely used in inventory control and supply chain management [1,7,18,19,25], in e-passports [12,6,11,15,20] e.g. for US' visa waiver policies, in contactless credit cards [10].…”

Section: Introductionmentioning

confidence: 99%

Information Security Practice and Experience

2008

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Privacy is a major concern in RFID systems, especially with widespread deployment of wireless-enabled interconnected personal devices e.g. PDAs and mobile phones, credit cards, e-passports, even clothing and tires. An RFID authentication protocol should not only allow a legitimate reader to authenticate a tag but it should also protect the privacy of the tag against unauthorized tracing: an adversary should not be able to get any useful information about the tag for tracking or discovering the tag's identity. In this paper, we analyze the privacy of some recently proposed RFID authentication protocols (2006 and 2007) and show attacks on them that compromise their privacy. Our attacks consider the simplest adversaries that do not corrupt nor open the tags. We describe our attacks against a general untraceability model; from experience we view this endeavour as a good practice to keep in mind when designing and analyzing security protocols.

show abstract

“…Despite much prior work in RFID security and certificate revocation, coupled with the fact that the problem had been spotted by researchers [17,19,16], little has been done to address reader PKC revocation and expiration checking problems. Only very recently, Nithyanand et al [28] proposed a method that entails user involvement and DERTs to determine PKC validity.…”

Section: Reader Revocation Checkingmentioning

confidence: 99%

Usability of Display-Equipped RFID Tags for Security Purposes

Kobsa

Nithyanand

Tsudik

et al. 2011

Computer Security – ESORICS 2011

View full text Add to dashboard Cite

Abstract. The recent emergence of RFID tags capable of performing public key operations has enabled a number of new applications in commerce (e.g., RFIDenabled credit cards) and security (e.g., ePassports and access-control badges). While the use of public key cryptography in RFID tags mitigates many difficult security issues, certain important usability-related issues remain, particularly when RFID tags are used for financial transactions or for bearer identification. In this paper, we focus exclusively on techniques with user involvement for secure user-to-tag authentication, transaction verification, reader expiration and revocation checking, as well as association of RFID tags with other personal devices. Our approach is based on two factors: (1) recent advances in hardware and manufacturing have made it possible to mass-produce inexpensive passive displayequipped RFID tags, and (2) high-end RFID tags used in financial transactions or identification are usually attended by a human user (namely the owner). Our techniques rely on user involvement coupled with on-tag displays to achieve better security and privacy. Since user acceptance is a crucial factor in this context, we thoroughly evaluate the usability of all considered methods through comprehensive user studies and report on our findings.

show abstract

Crossing Borders: Security and Privacy Issues of the European e-Passport

Cited by 72 publications

References 2 publications

Untraceability of RFID Protocols

Untraceability of RFID Protocols

Information Security Practice and Experience

Usability of Display-Equipped RFID Tags for Security Purposes

Contact Info

Product

Resources

About