ePassport: Side Channel in the Basic Access Control

An electronic version of the traditional passport (ePassport) is nowadays issued by many countries to their citizens. A contactless chip storing personal details of the document holder is embedded in the ePassport cover. To prevent unauthorized reads of the chip's content and to protect its communication with a legitimate reader the Basic Access Control (BAC) has been introduced. Thanks to the BAC, only those readers aware of the secret associated with an ePassport chip can access its content. In this paper we show that a side channel analysis can be carried out for some chips secured with the BAC. In particular we analyze the chip response time during BAC operations, showing how the collected data could be exploited to mount an attack in order to get access to the chip's content. We have verified the presence of such side channel in real ePassports and stress that electronic Driving Licences could be affected as well, since the same access control mechanism is adopted for them.

SPORTIELLO Luigi; 

2014-12-02

Springer International Publishing

JRC89091

978-3-319-13066-8 (online),    978-3-319-13065-1 (print),   

0302-9743,   

http://link.springer.com/chapter/10.1007%2F978-3-319-13066-8_11,    https://publications.jrc.ec.europa.eu/repository/handle/JRC89091,   

10.1007/978-3-319-13066-8_11,