Abstract
The European Union sees the introduction of the ePassport as a step towards rendering passports more secure against forgery while facilitating more reliable border controls. In this paper we take an interdisciplinary approach to the key security and privacy issues arising from the use of ePassports. We further analyse how European data protection legislation must be respected and what additional security measures must be integrated in order to safeguard the privacy of the EU ePassport holder.
Please use the following format when citing this chapter: Kosta, E., Meints, M., Hansen, M., and Gasson, M, 2007, in 1FJP international Federation for Information Processing, Volume 232, New Approaches for Security, Privacy and Trust in Complex Environments, eds. Venter, H-, Eloff, M-, Labuschagne. L., Eloff, J., von Solms, R., (Boston: Springer), pp. 467–472.
Chapter PDF
Similar content being viewed by others
Keywords
- Personal Data
- Privacy Issue
- Identity Theft
- International Civil Aviation Organization
- Data Protection Directive
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
ICAO = International Civil Aviation Organization, http://www.icao.int.
Information available via http://www.icao.int/mrtd/publications/doc.cfm.
http://www.europa.eu.int/eur-lex/lex/LexUriServ/site/en/oj/2004/1385/138520041229en00010006.pdf.
A. Juels, D. Molnar, and D. Wagner, Security and Privacy Issues in E-passports, IEEE SecureComm 2005; available online at http://www.cs.berkeley.edu/dmolnar/papers/RFID-passports.pdf. The term ‘intended’ indicates the range of vendor-standard readers.
Protection Profile BSI-PP-0016-2005 and BSI-PP-0017-2005, certified in August and October 2005 respectively by the German Federal Office for Information Security; available via http://www.bsi.de/zertifiz/zert/report.htm.
This has recently been analysed and demonstrated with a Dutch passport (see H. Robroch, ePassport Privacy Attack, 2006, which also details reading and eavesdropping distances; see http://www.riscure.com/2news/200604%20CardsAsiaSing%20ePassport%20Privacy.pdf.)
J. Beel and B. Gipp, ePass — der neue biometrische Reisepass, Shaker Verlag, Aachen 2005. Download of chapter 6 “Fazit”: http://www.beel.org/epass/epass-kapitel6-fazit.pdf). In most ePassports the effective key length is far lower than 56 bits, typically 35 bits, and in some cases even as low as 28 bits.
See, e.g., K. Zetter, Hackers Clone E-Passports, Wired News, August 3, 2006; http://www.wired.eom/news/technology/l,71521-O.html.
Among others see Z. Geradts (ed.), FIDIS Deliverable D6.1: Forensic Implications of Identity Management Systems, Frankfurt 2006; http://www.fidis.net/fidis-del/period-2-20052006/≠c822/Starbug, How to fake fingerprints?, October 26, 2004; http://www.ccc.de/biometrie/fingerabdruck_kopieren.xml
In France: e.g., the project INES (identité nationale électronique sécurisée), January 31, 2005; http://www.foruminternet.org/telechargement/forum/presprog-ines-20050201.pdf; in Germany: C. Engel, Auf dem Weg zum elektronischen Personalausweis, Datenschutz und Datensicherheit 4/2006, pp. 207-210, Vieweg, Wiesbaden 2006.
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23/11/1995 pp. 0031–0050.
Article 29 Data Protection Working Party, Opinion on implementing the Council Regulation (EC) No 2252/2004 of 13 December 2004 on standards for security features and biometrics in passports and travel documents issued by Member States, adopted on 30 September 2001, 1710/05/EN (WP 112).
R. Jay and A. Hamilton, Data protection — Law and practice, London Sweet & Maxwell 2003, p. 91.
P. van Eecke and G. Skouma, RFID and Privacy: A difficult Marriage?, in: S. Paulus, N. Pohlmann, and H. Reimer (eds.), ISSE 2005 Securing Electronic Business Processes — Highlights of the Information Security Solutions Europe 2005 Conference (pp. 169-178), Vieweg, Wiesbaden 2005, p. 173.
http://www.fidis.net/press-events/press-releases/budapest-declaration (2006).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 International Federation for Information Processing
About this paper
Cite this paper
Kosta, E., Meints, M., Hansen, M., Gasson, M. (2007). An analysis of security and privacy issues relating to RFID enabled ePassports. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds) New Approaches for Security, Privacy and Trust in Complex Environments. SEC 2007. IFIP International Federation for Information Processing, vol 232. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-72367-9_42
Download citation
DOI: https://doi.org/10.1007/978-0-387-72367-9_42
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-72366-2
Online ISBN: 978-0-387-72367-9
eBook Packages: Computer ScienceComputer Science (R0)