An analysis of security weaknesses in the evolution of RFID enabled passport

World Congress on Internet Security (WorldCIS-2012) Pub Date : 2012-05-01 DOI:10.1504/IJITST.2012.054060

Eyad Abdullah Bogari, P. Zavarsky, Dale Lindskog, Ron Ruhl

{"title":"An analysis of security weaknesses in the evolution of RFID enabled passport","authors":"Eyad Abdullah Bogari, P. Zavarsky, Dale Lindskog, Ron Ruhl","doi":"10.1504/IJITST.2012.054060","DOIUrl":null,"url":null,"abstract":"Since the introduction of Radio Frequency Identification (RFID) Enabled Passports, the system have been plagued with various vulnerability issues that prove to compromise the E-passport security. To date, three generations of E-passports have been introduced by the International Civil Aviation Organization (ICAO) and the European Union (EU). The first two generations of E-passports are being issued worldwide. This paper presents the evolution of these passports over the years to develop taxonomy of the weaknesses and to serve as a reference point detailing security vulnerabilities linked to the RFID E-passport features in the first and second E-passport generations. The findings can also assist in profiling possible attack vectors on the existing RFID enabled passports and in developing comprehensive RFID E-passport risk mitigation strategies. To illustrate the importance of a comprehensive risk strategy when using RFID E-passport, the attack process modeling method is used to highlight the possible attacks and weaknesses which could result from not using one or more security features.","PeriodicalId":216307,"journal":{"name":"World Congress on Internet Security (WorldCIS-2012)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"World Congress on Internet Security (WorldCIS-2012)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/IJITST.2012.054060","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 13

Abstract

Since the introduction of Radio Frequency Identification (RFID) Enabled Passports, the system have been plagued with various vulnerability issues that prove to compromise the E-passport security. To date, three generations of E-passports have been introduced by the International Civil Aviation Organization (ICAO) and the European Union (EU). The first two generations of E-passports are being issued worldwide. This paper presents the evolution of these passports over the years to develop taxonomy of the weaknesses and to serve as a reference point detailing security vulnerabilities linked to the RFID E-passport features in the first and second E-passport generations. The findings can also assist in profiling possible attack vectors on the existing RFID enabled passports and in developing comprehensive RFID E-passport risk mitigation strategies. To illustrate the importance of a comprehensive risk strategy when using RFID E-passport, the attack process modeling method is used to highlight the possible attacks and weaknesses which could result from not using one or more security features.

查看原文本刊更多论文

RFID护照发展过程中的安全弱点分析

自引入射频识别(RFID)护照以来，该系统一直受到各种漏洞问题的困扰，这些漏洞被证明会损害电子护照的安全性。迄今为止，国际民用航空组织(ICAO)和欧盟(EU)已经推出了三代电子护照。前两代电子护照正在全球发行。本文介绍了这些护照多年来的演变，以开发弱点分类，并作为参考点，详细介绍了第一代和第二代电子护照中与RFID电子护照特征相关的安全漏洞。研究结果还有助于分析现有RFID护照上可能的攻击媒介，并有助于制定全面的RFID电子护照风险缓解战略。为了说明在使用RFID电子护照时综合风险策略的重要性，使用攻击过程建模方法来突出可能的攻击和弱点，这些攻击和弱点可能由于不使用一个或多个安全特性而导致。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

World Congress on Internet Security (WorldCIS-2012)

自引率

0.00%

发文量