E-Passport: The Global Traceability Or How to Feel Like a UPS Package

  • Dario Carluccio
  • Kerstin Lemke-Rust
  • Christof Paar
  • Ahmad-Reza Sadeghi
Conference paper

DOI: 10.1007/978-3-540-71093-6_30

Part of the Lecture Notes in Computer Science book series (LNCS, volume 4298)
Cite this paper as:
Carluccio D., Lemke-Rust K., Paar C., Sadeghi AR. (2007) E-Passport: The Global Traceability Or How to Feel Like a UPS Package. In: Lee J.K., Yi O., Yung M. (eds) Information Security Applications. WISA 2006. Lecture Notes in Computer Science, vol 4298. Springer, Berlin, Heidelberg

Abstract

Since the introduction of RFID technology there have been public debates on security and privacy concerns. In this context the Machine Readable Travel Document (MRTD), also known as e-passport, is of particular public interest. Whereas strong cryptographic mechanisms for authenticity are specified for MRTDs, the mechanisms for access control and confidentiality are still weak.

In this paper we revisit the privacy concerns caused by the Basic Access Control mechanism of MRTDs and consider German e-passports as a use case. We present a distributed hardware architecture that can continuously read and record RF based communication at public places with high e-passport density like airports and is capable of performing cryptanalysis nearly in real-time. For cryptanalysis, we propose a variant of the cost-efficient hardware architecture (COPACOBANA) which has been recently realized.

Once, MRTD holder identification data are revealed, this information can be inserted into distributed databases enabling global supervision activities. Assuming RF readers and eavesdropping devices are installed in several different airports or used in other similar places, e.g., in trains, one is able to trace any individual similar to tracing packages sent using postal services such as UPS.

Keywords

E-Passport Privacy MRTD Basic Access Control  RF Eavesdropper MRTD Cracker Biometrics 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Dario Carluccio
    • 1
  • Kerstin Lemke-Rust
    • 1
  • Christof Paar
    • 1
  • Ahmad-Reza Sadeghi
    • 1
  1. 1.Horst Görtz Institute for IT Security, Ruhr University Bochum, 44780 BochumGermany

Personalised recommendations