Weakening ePassports through Bad Implementations

SPORTIELLO, Luigi

doi:10.1007/978-3-642-36140-1

An official website of the European Union How do you know?

Weakening ePassports through Bad Implementations

Different countries issue an electronic passport embedding a contactless chip that stores the holder data (ePassport). Due to the sensitive nature of the information present on such chip, the relative data do not have to be accessible without authorization. That being so an access control mechanism based on symmetric cryptography called Basic Access Control (BAC) has been introduced to regulate the chip access and encrypt its communication. In this work we present the flaws we have found out in some implementations of the software hosted on ePassport chips and how they affect BAC reducing its keys space and opening a door for a MITM attacks. The results of this paper could be exploited as a first guide for reviewing and refining existing ePassport implementations.

SPORTIELLO Luigi;

2013-02-28

Springer

JRC69717

ISSN 0302-9743 (print), ISSN 1611-3349 (online),

https://publications.jrc.ec.europa.eu/repository/handle/JRC69717,

10.1007/978-3-642-36140-1,

Language	Citation

Name	Country	City	Type

Datasets

ID	Title	Public URL

Dataset collections

ID	Acronym	Title	Public URL

Scripts / source codes

Description	Public URL

Additional supporting files

File name	Description	File type

Show metadata record Copy citation url to clipboard Download BibTeX

Items published in the JRC Publications Repository are protected by copyright, with all rights reserved, unless otherwise indicated. Additional information: https://ec.europa.eu/info/legal-notice_en#copyright-notice