A survey of system security in contactless electronic passports

11
INTERNATIONAL JOURNAL OF CRITICAL INFRASTRUCTURE PROTECTION 4 (2011) 154–164 Available online at www.sciencedirect.com journal homepage: www.elsevier.com/locate/ijcip A survey of system security in contactless electronic passports Anshuman Sinha United Technologies Corporation, Fire & Security, 791 Park of Commerce Boulevard #100, Boca Raton, Florida 33487, United States ARTICLE INFO Article history: Received 20 May 2010 Received in revised form 3 September 2011 Accepted 6 September 2011 Published online 21 September 2011 Keywords: ePassport Electronic passport RFID Security Contactless EAC BAC MAC PKI ABSTRACT A traditional paper-based passport contains a Machine-Readable Zone (MRZ) and a Visual Inspection Zone (VIZ). The MRZ has two lines of the holder’s personal data, document data, and verification characters encoded using Optical Character Recognition font B (OCR-B). The encoded data include the holder’s name, date of birth, and other identity information of the holder. The VIZ contains the holder’s photo with signature and is usually placed on the data page of a paper passport. However, the MRZ and VIZ can be easily duplicated with normal document reproduction technology to produce a fake passport which can pass traditional verification. Neither of these features actively verify the holder’s identity; nor do they bind the holder’s identity to the document in a fool proof way. A passport also contains blank pages for visa stamps and country entry or exit dates. Any of this information can be easily altered to produce fake permissions and travel records. The electronic passport, supporting authentication using secure credentials on a tamper-resistant chip, is an attempt to improve the security of paper-based passport at minimum cost. This paper surveys security mechanisms built in first-generation electronic passports and compares them with second- generation passports. It analyzes and describes the cryptographic protocols used in Basic Access Control (BAC) and Extended Access Control (EAC). c 2011 Elsevier B.V. All rights reserved. 1. Introduction In an effort to secure the borders of the United States of America, the Congress legislated requirements for Electronic Passports (ePassports) [1] for all visitors from countries participating in the Visa Waiver Program (VWP) [2,3]. Any passport issued by a participating state after October 2010 must be machine-readable with an electronic facial image encoded on a secure chip. As per the requirement of the US- VISIT program [4], all visitors to the United States of America must have their photo, and fingerprint of their index finger, taken for electronic comparison. In a reciprocal move, the United States has started issuing electronic passports to its citizens from all domestic issuance agencies since August 2007. E-mail addresses: [email protected], [email protected]. European Union countries have advanced to a second- generation electronic passport. Countries like Germany, France, and Czech Republic have passports at the next level, whereby biometric information is stored in a secure passport chip. Similarly, Asian countries like Malaysia and the European Union (EU) countries have already advanced to biometrics and Extended Access Control (EAC) like access control. Any effort to make passports electronic and secure requires adding hardware, firmware, and software at different levels to the existing verification infrastructure. The centerpiece of the next generation of passport technology lies in Java programmable secure controllers with advanced cryptographic capabilities. An ePassport has an embedded Radio Frequency Identification chip (RFID) with advanced cryptographic capabilities. Unfortunately, the contactless link 1874-5482/$ - see front matter c 2011 Elsevier B.V. All rights reserved. doi:10.1016/j.ijcip.2011.09.002

Transcript of A survey of system security in contactless electronic passports

Page 1: A survey of system security in contactless electronic passports

I N T E R N A T I O N A L J O U R N A L O F C R I T I C A L I N F R A S T R U C T U R E P R O T E C T I O N 4 ( 2 0 1 1 ) 1 5 4 – 1 6 4

Available online at www.sciencedirect.com

journal homepage: www.elsevier.com/locate/ijcip

A survey of system security in contactless electronicpassports

Anshuman Sinha

United Technologies Corporation, Fire & Security, 791 Park of Commerce Boulevard #100, Boca Raton, Florida 33487, United States

A R T I C L E I N F O

Article history:

Received 20 May 2010

Received in revised form

3 September 2011

Accepted 6 September 2011

Published online 21 September 2011

Keywords:

ePassport

Electronic passport

RFID

Security

Contactless

EAC

BAC

MAC

PKI

A B S T R A C T

A traditional paper-based passport contains a Machine-Readable Zone (MRZ) and a Visual

Inspection Zone (VIZ). The MRZ has two lines of the holder’s personal data, document data,

and verification characters encoded using Optical Character Recognition font B (OCR-B). The

encoded data include the holder’s name, date of birth, and other identity information of the

holder. The VIZ contains the holder’s photo with signature and is usually placed on the data

page of a paper passport. However, the MRZ and VIZ can be easily duplicated with normal

document reproduction technology to produce a fake passport which can pass traditional

verification. Neither of these features actively verify the holder’s identity; nor do they bind

the holder’s identity to the document in a fool proof way. A passport also contains blank

pages for visa stamps and country entry or exit dates. Any of this information can be easily

altered to produce fake permissions and travel records. The electronic passport, supporting

authentication using secure credentials on a tamper-resistant chip, is an attempt to

improve the security of paper-based passport at minimum cost. This paper surveys security

mechanisms built in first-generation electronic passports and compares themwith second-

generation passports. It analyzes and describes the cryptographic protocols used in Basic

Access Control (BAC) and Extended Access Control (EAC).c⃝ 2011 Elsevier B.V. All rights reserved.

d

1. Introduction

In an effort to secure the borders of the United States ofAmerica, the Congress legislated requirements for ElectronicPassports (ePassports) [1] for all visitors from countriesparticipating in the Visa Waiver Program (VWP) [2,3]. Anypassport issued by a participating state after October 2010must be machine-readable with an electronic facial imageencoded on a secure chip. As per the requirement of the US-VISIT program [4], all visitors to the United States of Americamust have their photo, and fingerprint of their index finger,taken for electronic comparison. In a reciprocal move, theUnited States has started issuing electronic passports to itscitizens from all domestic issuance agencies since August2007.

E-mail addresses: [email protected], sinhanshuman@

1874-5482/$ - see front matter c⃝ 2011 Elsevier B.V. All rights reservedoi:10.1016/j.ijcip.2011.09.002

gmail.com.

European Union countries have advanced to a second-generation electronic passport. Countries like Germany,France, and Czech Republic have passports at the nextlevel, whereby biometric information is stored in a securepassport chip. Similarly, Asian countries like Malaysia andthe European Union (EU) countries have already advancedto biometrics and Extended Access Control (EAC) likeaccess control. Any effort to make passports electronic andsecure requires adding hardware, firmware, and software atdifferent levels to the existing verification infrastructure. Thecenterpiece of the next generation of passport technologylies in Java programmable secure controllers with advancedcryptographic capabilities. An ePassport has an embeddedRadio Frequency Identification chip (RFID) with advancedcryptographic capabilities. Unfortunately, the contactless link

.

Page 2: A survey of system security in contactless electronic passports

I N T E R N A T I O N A L J O U R N A L O F C R I T I C A L I N F R A S T R U C T U R E P R O T E C T I O N 4 ( 2 0 1 1 ) 1 5 4 – 1 6 4 155

Table 1 – ePassport threat model.

S. No. Security threats Compromises

1 Forging Integrity2 Repudiation Availability3 Skimming Confidentiality4 Cryptographic analysis Confidentiality

& integrity5 Unauthorized system Authorization6 Unauthorized user Verification7 Privacy threats Consent, verification

& authentication8 Platform integrity Integrity

between this passport tag, which is called chip in theremainder of this paper, and a passport verification readercan lead to security and privacy threats. Threat modelingis based on first principles which analyzes compromise tocommon security goals of any system.

2. Threat model for ePassports

Electronic passports [5] must prevent the known attackscommon to secure radio frequency-based identification andaccess control systems. Comprehensive threat modeling anddesigning countermeasures are key to the robustness ofany security system; ePassports are no different in thisregard. Each threat must have one or more mechanisms (orcountermeasures) built into the system. A security systemcan be designed only to secure against known threats andattacks. A threat is defined as a weak link in the system,which can be broken to compromise the system’s security. Athreat model should be comprehensive enough to include allknown attacks. Threat and attack model will have overlaps;however, this may not be the case for every noted threat.

The system may fail to secure against unknown threatsor those discovered after the design has been committed.Side channel attacks [6] is an example of one of thethreats which was not modeled and accounted for in thedesign of early hardware systems. Cryptographer thesedays are aiming to build systems which would be safeto unknown attacks. A threat model for ePassports isgiven in Table 1. The left column shows known threatsthat must have “antidotes” in the design to ensure thatfundamental security requirements are not violated. Theright column shows requirement(s) at risk. System security,including passport system security, comprises the followingfundamental security requirements: Secrecy - preventingsystem information from flowing in unauthorized paths;Integrity - preventing unauthorized modification of systemstate; Legitimate Use - preventing unauthorized use of systemresources; Availability - preventing unauthorized interferencein use of the system. Notice that all of these issues involve thenotion of authorization.

(a) Forging: A passport can be forged by replacing a completechip with a different one. There are two cases of suchan attack. The first is a replacement of chip with acloned or duplicate LDS, the unprotected contents ofan ePassport’s Logical Data Structure. In this case, the

duplicated passport LDS matches that of an originalelectronic passport. This is cloning of a chip and itscomplete data set. The second case is a replacement ofa chip with tampered LDS. (A secure chip generally hashardware mechanisms built-in to protect against dataalteration.) Forging clearly violates integrity.

(b) Non-repudiation: A non-repudiation attack concerns anePassport that has been tampered to withhold informa-tion embedded in its secure chip. The chip or its antennacould be set to a state where it cannot be read by a validreader. In such a scenario, the passport holder cannotbe verified electronically. Due to unavailability of securechip, two situations emerge. First is failure to authenticatethe passport electronically. If secure chip is not available,passport cannot be authenticated and verified electroni-cally. The authentication must be performed by relying onMRZ data. The second case that emerges is failure to verifythe passport holder. Due to unavailability of passport chip,the holder’s biometrics and other data stored on chip maynot be verified. If the passport the holder’s biometrics arestored only on secure chip and not on a backend system,biometrics cannot be verified.

(c) Skimming: Unprotected contents of an ePassport’s LDScould be read by an unauthorized reader close to passport.A skimmer could utilize a reader which has beenmodifiedto read data from distances greater than the designersanticipated.

(d) Cryptographic analysis: The cryptographic keys storedin an ePassport chip could be exposed by deployingmass computing power after gathering skimmed oreavesdropped data from different electronic passports.The keys could be used to communicate illicitly with otherpassports.

(e) Unauthorized system: A system may be authentic but maynot have privileges to read information from the passport.

(f) Unauthorized user: Unauthorized user is anyone who isnot the person to whom identity credentials had beenissued. Such a person misuses identity documents byusing someone else’s information or appearance.

(g) Privacy threats: Privacy threats [7] are unapproved use ofpersonal information or tracking of the passport holder.

(h) Platform integrity: The platform on which applications runmust be free from any malicious code which can act asa Trojan Horse for information stored in the ePassport.Usually, such methods are added to the system for easeof testing during development and must be removed tosecure the system completely.

3. Known attacks for ePassports

Security mechanisms built into ePassports must counterspecific known attacks shown in Table 2. The attack profileis as important as the threat profile.

(i) Forging: A passport can be forged by replacing itscomplete chip with a different one. There are twosuch cases. First, the chip is replaced with a cloned orduplicated LDS. In this case, the chip on the duplicatedpassport matches the data contents of the originalePassport. This is cloning of a chip and its complete data

Page 3: A survey of system security in contactless electronic passports

156 I N T E R N A T I O N A L J O U R N A L O F C R I T I C A L I N F R A S T R U C T U R E P R O T E C T I O N 4 ( 2 0 1 1 ) 1 5 4 – 1 6 4

Table 2 – ePassport attack model.

S. No. Known attacks

1 Forging2 Skimming3 Eavesdropping4 Illicit verification5 Data/noise injection6 Impostor/false biometrics7 Rogue reader/hardware8 Duplication/cloning9 Tracking

set. Second, the chip is replaced with a tampered LDS. Anew chip, with a modified copy of credentials is put inplace of the original chip. Such a modified secure chip isembedded into a passport from which the original chipwas removed. A secure chip has hardware mechanismsbuilt to protect against data alteration.

(j) Skimming: An ePassport can be skimmed to read theunprotected contents of its LDS. The skimmermay gathersensitive details like the passport the holder’s name,age, address, and travel information. The skimmer couldutilize readers which are modified, extended, or rogue toread data from distances greater than designed for.

(k) Illicit verification: Illicit verifiers are like fake ATM(s)installed to retrieve the PIN of a banking card. Thepersonal information could be skimmed if such a systemwith copied keys is installed.

(l) Data/noise injection: A data injector is a device whichcan manipulate or alter data being sent by a securechip to a reader or vice versa. It can interject datawith its own data frames which may not only interferewith communication but also alter add or subtract dataexchanged between secure reader and chip.

(m) Imposter/false biometrics: An impostor can fake thebiometrics of an authentic passport holder with methodslike wax fingers or face masks to fool the system.Impostors break the security of a system by fakingidentity of the actual passport holder.

(n) Rogue reader/hardware: A modified reader can be used toread the contactless data from a card beyond its normaloperating range. Other modified hardware can storecommunications while legitimately communicating witha reader.

(o) Duplication/cloning: Cloning of a chip and duplicationof its complete or partial data is an attack requiringsophisticated machinery and means. Such attacks areconducted only by advanced attackers who have thefinances to invest in such systems.

(p) Tracking: A tracker is a person who is only interested inknowing where the passport holder is traveling. A trackermay not have access to all the information which isstored in the secure chip. The tracker is only interestedto know the whereabouts of a person. The tracker skimsthe data which could be used to trace a passport holder’slocation.

4. Authentication in ePassport systems

International Civil Aviation Organization (ICAO) [8] has de-fined two different mechanisms to authenticate secure chips

embedded in ePassports: active and passive authentication.In active authentication, the secure controller processes cryp-tographic information in the chip; in passive authentication,no computation is involved and the contents of a tamper-proof chip are read only by a verification device. Conse-quently, passive authentication is implemented on securememory devices, whereas active authentication requires aprocessor. Lately, a new type of authentication for EAC, calledChip Authentication has been proposed by European Union(EU) [9]. Similar authentication was also proposed by some ofthe far east countries, but this paper details only the EU pro-posal.

4.1. Passive authentication

An ePassport’s document security object SOD is digitallysigned by issuing country at the time of personalization andthe certificate is stored in secure chip. Hash of each datagroup (DG) is computed and stored in secure passport chip.In Passive Authentication (PA), the inspection system firstverifies issuing country’s signed security data object [10] usingpublic keys stored in the inspection system. If the signaturematches, hash of each data group is verified. By verifying thehash, inspection system infers if the data has been tampered.Certificate of document signer may be distributed to visitedcountry in lieu of storing it on the chip. Typically, a visitedcountry enters into an agreement with the issuing country toobtain the certificate and distribute it at different entry checkpoints. Validity of the certificate is checked before checkingthe signature. This is done by checking Certificate RevocationList (CRL) for any updates. The revocation lists are regularlyupdated in a secure but mutually agreed storage area knownas the Public Key Directory (PKD). The ePassport Public KeyInfrastructure (PKI) symbols for passive authentication isdefined in Appendix C.(1) Weaknesses: Passive authentication does not prevent copy-ing of chip data onto another chip, skimming, or unautho-rized access to contents stored in the chip. The certificate ofa document signer from an issuing country is stored on thesecure chip. Reading a certificate from a secure chip to au-thenticate and verify a signature is not a good security prac-tice. It is quite possible that the certificate was revoked, or itis invalid. The verification device must check the CRL whilereading certificate from secure chip. For electronic passports,the Certificate Revocation List (CRL) is stored in PKD.(2) Strengths: An ePassport’s security object has provisionsto select hashing and signature algorithms. In case, analgorithm is obsolete, it can be switched to an alternate one.However, passports which have already been issued, cannotbe substituted with the latest algorithm. ICAO specificationsfor passive authentication have provisions for using largerkey lengths which improve cryptographic security. The choiceof a strong cryptographic algorithm for computing a hashof data structures improves possible collisions of signaturevalues. Passive authentication does not necessarily requireverification device to be online except to get the updated CRLfrom the PKD.

4.2. Active authentication

Active Authentication (AA) of electronic passports is per-formed using a unique cryptographic key pair KPuAAand

Page 4: A survey of system security in contactless electronic passports

I N T E R N A T I O N A L J O U R N A L O F C R I T I C A L I N F R A S T R U C T U R E P R O T E C T I O N 4 ( 2 0 1 1 ) 1 5 4 – 1 6 4 157

KPrAA. The AA public key KPuAA is stored in Data Group 15(DG15). It is one of 16 Data Groups (DGs), in secure chip.The private key is stored in secure chip and never leaves thechip. Typically, an active authentication key pair is generatedinside the secure chip; however, many system designers pre-fer creation of keys outside the chip to improve personal-ization speed. The correctness of an AA key is verified bychecking the signature of DG15, which is signed by passportsigner’s private key. Signer’s certificate should be retrievedfrom PKD or from the chip, and the CRL checked for updates.Visual inspection, electronic verification of the security ob-ject, and challenge–response authentication using asymmet-ric key pair, determine if keys are read from a passport whichhas not been copied or cloned. The chip also stores signedMRZ information in the logical data structure (LDS). Active au-thentication is designed to detect if a passport chip has beenreplaced by a fake one, or its contents have been copied toanother chip.(1) Challenge–response: The challenge–response protocol for AAis outlined below.

(a) The authentication device checks for validity of thesecurity object and retrieves the KPuAA either from thechip or PKD.

(b) The validity of the key is verified before it is used incryptographic protocol.

(c) The passport’s chip contains the secret authenticationprivate key KPrAA which is not accessible. The certificateand public key KPuAA are also stored in the chip.

(d) The terminal generates a nonce and sends it to the securechip as a challenge. The verification device may choose tosend a date and time in addition to the nonce, which canoptionally be stored in the chip upon signature.

Challenge = RVD → ePassport. (1)

(e) The challenge, and at times an additional counter, issigned by the authentication private key.

Response = Sign(RSA1)KPrAA(RVD + C). (2)

(f) Verification device checks digital signature sent to it.(g) If the signature is verified, the secure chip is actively

authenticated.

(2) Key lifetime: The authentication key pair is normally validfor the lifetime of an ePassport. Typically, ePassports areissued at least for five years or more. Therefore, the keylifetime of an active authentication key pair is five years. Thestrength of active authentication lies with the strength of chipto securely hold the private key. Secure controllers with all thetamper-proofing mechanisms are strong key vaults.(3)Weaknesses: AA is designed to detect passports with clonedchips. It requires a secure chip with cryptographic capabil-ities, which may increase authentication time compared toPA [11]. However, with faster processing and better algorithmsthis difference in time may not be noticeable. AA is usuallyperformed in combination with BAC, which uses diversified

1 The signature with message recovery is defined in ISO 9796-2. Other signature schemes like Digital Signature Algorithm (DSAper FIPS 186-3) and Elliptic Curve Digital Signature Algorithm(ECDSA) could also be used for the purpose.

Fig. 1 – Messaging in chip authentication.

keys that do not have high entropy. Use of AA with BAC over-comes the strongest weakness of BAC. In AA, the same keypair is used for every authentication session. There are notemporal keys for every new session of authentication. AAdoes not perform any type of external or terminal authenti-cation. It assumes all terminals are trustworthy. This may notbe an issue since, unlike second generation passports, firstgeneration passports do not hold any private biometric data.(4) Strengths: Introducing an asymmetric key pair allowssigned trace and track information of visitors. An authenti-cated time stamp using the private key, which is stored onlyin the secure chip, allows a system to be updated with traceinformation regarding the entry or exit of a visitor. The privatekey is bound to the identity of a person holding the ePassport.AA could improve privacy since each access to the passportcan be logged in secure memory of the chip. The audit trailcould be helpful in tracing and tracking an illicit request toaccess the passport. The AA public keys are signed and oftenstored on the chip; therefore, it does not require verificationdevices to be online.

4.3. Chip authentication

Chip authentication is used in second generation ePassportswith BAC to improve security by introducing encryption ofall messages exchanged between the inspection system andePassport. In BAC with key diversification, the keys mustbe generated using holder-specific data. The generated keysmay not have high entropy. The active authentication anddiversified keys are not unique to each and every session.Chip authentication improves these two authenticationmechanisms by introducing keys which are unique toevery chip and every session. Additionally, a messageauthentication code (MAC) is added to every message fromthe chip. Like AA, it introduces asymmetric key pair, signed,with public key of the issuing country. In chip authentication,every chip has its own key pair assigned and stored in it.The public key is signed and stored in one of the public datagroups. The private key is stored in secure memory of thechip [12]. See Fig. 1.(1) Ephemeral static Diffie–Hellman key exchange: The terminalchooses an ephemeral key pair which is used to encrypt asingle session of communication between the secure chip andthe interface device. The Elliptic Curve Diffie–Hellman (ECDH)key agreement scheme is chosen to agree upon keys. Thekeys encrypt data exchanged between chip and verificationdevice [12]. Subsequently, a symmetric key, 3DES is usedfor encryption of all messages between the secure chip andterminal. This improves weaknesses of key diversification

Page 5: A survey of system security in contactless electronic passports

158 I N T E R N A T I O N A L J O U R N A L O F C R I T I C A L I N F R A S T R U C T U R E P R O T E C T I O N 4 ( 2 0 1 1 ) 1 5 4 – 1 6 4

Fig. 2 – Messaging in terminal authentication.

using static keys and PA challenge–response mechanisms. Italso improves asymmetric key challenge–response used inAA; the symmetric keys are used to encrypt messages. Thefollowing is a conceptual outline of chip authentication.

(a) An elliptic curve and corresponding public curve point P ischosen for a given field and shared between the passportchip and verification device.

(b) The verification device generates a random number whichis its private key. The passport’s key, and private keyskpand kv, are stored in the chip.

(c) Both generate public keys Qp and Qv and send them toeach other.

Q =

Qp = kpPQv = kvP.

(d) The chip and the verification device generate commonshared data Qs using each other’s public key.

Qs =

kpQv = kpkvPkvQp = kvkpP.

(e) After the above step, Qs becomes the shared symmetrickey for any encryption of any subsequent communicationbetween the chip and the verification device. There aremany different forms of the ECDH protocol, each withits merits. Menezes Qu Vanstone (MQV), another form ofECDH, has additional security mechanisms built into it.An ePassport uses one of the forms of ECDH to performthe key agreement.

(2)Weaknesses: Chip authentication requires high-end proces-sors, which can perform Diffie–Hellman key exchange. Stan-dard interfaces for Diffie–Hellman key exchange are availableonly in Java Card 2.2.x.(3) Strengths: Chip authentication covers all the weaknesseswith the different schemes mentioned above. Along withmessage authentication as defined for BAC, chip authentica-tion is the strongest known authentication mechanism.

4.4. Terminal authentication

The second generation ePassport introduces the concept ofterminal rights and their authentication using asymmetriccryptography. In EAC [9], the holder’s biometrics are storedon the chip. The holder’s biometrics should not be released toterminals which do not have rights to read the information.A secure chip has no power source, so cannot maintain time.Due to this limitation, the chip cannot verify standard X.509

Fig. 3 – PKI for terminal authentication.

Fig. 4 – PKI for terminal authentication with crosscertification.

certificates. The secure chip in an electronic passport haslimited access to the network, and therefore, cannot reliablyupdate itself. To overcome these limitations, a different typeof certificate, known as a ‘card/chip verifiable’ certificate isused for external authentication.

The terminal is authenticated if an asymmetric key pairis verified. The terminal stores the private key of key pairand ePassport stores the public key, which is embeddedwith other information in a certificate, known as CardVerifiable Certificate (CVC). The CVC is securely stored to theePassport at the time of personalization. The knowledge ofthe private key in the terminal is verified by an asymmetricchallenge–response protocol. See Fig. 2.

To authenticate the terminal, the ePassport sends achallenge to the verification device, which has access to thecorresponding private key. The verification device attachesdocument number, challenge, and hash of the session-uniquedata and signs it with its private key. Either the RSA or ECDSAsignature algorithm is used to sign and verify. The terminalcontains its private key either in tamper-resistant memoryor on the connected network from where it can be securelyfetched. The chip contains ‘trust anchor’ or ‘root certificate’which is used to verify signature received from the terminal.The access rights built-in to restrict read or update biometricsof the passport holder. Terminal authentication is precededby internal chip authentication. As described above, chipauthentication concludes with a mutually agreed symmetrickey which envelops all the subsequent communicationbetween ePassport and verification terminal. All messagesare encrypted and attached with MAC computed as perspecifications of Chip Authentication.(1) PKI for terminal authentication: Fig. 3 illustrates the two-levelPKI necessary for terminal authentication. Country VerifyingCA (CVCAIssuer) issues certificate to document verifying CA(DVCAIssuer). The document verifying CA issues terminalcertificates to each and every verification terminal deployedin the location.

Page 6: A survey of system security in contactless electronic passports

I N T E R N A T I O N A L J O U R N A L O F C R I T I C A L I N F R A S T R U C T U R E P R O T E C T I O N 4 ( 2 0 1 1 ) 1 5 4 – 1 6 4 159

Terminal verification extends beyond the boundaries of anissuing country. Cross certification allows foreign countries toverify the identity of the passport holder using biometrics.The CVCAIssuer certifies visited country’s document verifyingCA (DVCAVisit). The terminals at visited country now havesignatures of the issuing country CA which can be verifiedby electronic passports from the issuing country. Fig. 4represents the PKI for cross certification.(2) Access rights: EAC introduces access rights to verificationterminals allowing only authorized terminals to read ormodify certain data. The terminal’s application has controlledaccess to different biometrics stored on the chip. Role-based access right mechanisms are implemented by encodedtables in card-verifiable terminal certificates. Such accessright control mechanisms are used to limit or grant accessto perform read or update operations. The card-verifiablecertificates have been defined to contain privileges fordifferent roles. Different roles include certificate authority,foreign country, and domestic inspection systems. Germanyhas chosen to implement such a system [12].(3) Weaknesses: Terminal authentication cannot revoke acertificate once it has been issued to a country or anorganization. Once issued, there is no known way to revokea certificate using mechanisms like CRL and time.(4) Strengths: Terminal authentication adds terminal authen-tication and access rights to the facility of authentication,which is useful in controlling access to the biometrics storedinside the chip.

5. Access control in ePassport systems

Access control using data stored in a secure chip is definedfor various levels of classification by the issuing country. TheU.S. had chosen Plain Access Control2 (PAC) as the primarymethod to control access. However, this was later changed toBAC after skimming and eavesdropping concerns were raisedby different privacy groups. ICAO mandates storage of onlya facial image in the chip; other biometrics, like fingerprints,are not stored in the chip, which limits the use of biometricsfor access control. Mutual authentication of a secure chip anda verification device is optional. These limitations have beenremoved in EAC, which is better suited for biometrics-basedaccess control at the verification point.

5.1. Plain access control

PAC is a special case of BAC, in which key diversification isnot required to read the data. This scheme of access controlallows any reader to read data from a chip. The secure dataobject is hashed, signed, and stored in the LDS. Authenticityof a passport is verified by checking the authenticity of dataand its signature via a signed object. According to ISO 14443,read range is limited to 10 cm; however, the data can beskimmed using modified readers that achieve a range greater

2 Plain Access Control (PAC) is a term coined only in this paperby the author and may be viewed as a special case of BAC.Per ICAO, BAC has mandatory document signing but the keydiversification to read the data stored in the chip is optional.

Table 3 – Optional and mandatory security mechanisms.

Mechanism Mandatory/Optional

Passive authentication ICAO mandatoryBAC ICAO optional, EU mandatoryActive authentication Issuing countryEAC EU mandatory for biometrics

than 10 cm. Therefore, PAC does not counter skimming andeavesdropping types of attacks. PACmay be secure for contactonly communication; however, contactless communicationintroduces risks andmere signature verification is inadequatesecurity. See Table 3.(1) Security weaknesses

(a) Confidentiality: The data is unencrypted and can be readby any reader. There is no confidentiality of data, and thisscheme allows any reader to read the data [13].

(b) Authentication: Any reader can read the data encoded onthe chip. There is no security mechanism to authenticate thereader, passport holder, or the secure chip.

(c) Data cloning: The data can be easily read and written toanother chip without any modification.

5.2. Basic access control

Per ICAO, BAC is an optional but recommended wayto achieve interoperability of the ePassport based bordercontrol between countries since the European Unionmandated diversified key authentication. The diversifiedkey is generated, using MRZ data, and used to mutuallyauthenticate the passport and inspection devices. Sincecommon knowledge is required to generate the diversifiedkeys, this scheme implicitly authenticates the inspectionsystem; however, mutual authentication is not strong. InBAC, data between inspection or verification reader is notencrypted using the session keys. An ePassport could beauthenticated using either active or passive authentication.

The mandatory and optional stages of BAC are listedbelow.

(1) Key diversification [Optional]: BAC diversified key authen-tication and opening of an unencrypted communicationchannel is an optional but suggested method to authenti-cate the ePassport and inspection device.

(2) Passive authentication [Mandatory]: Passive authentica-tion and checking of the signature is a mandatory step inBAC. Passive authentication verifies the authenticity of thedata only.

(3) Active authentication [Optional]: Active Authentication,as described above, is an optional step in BAC.

(1) Key diversification: The fixed seed key is diversified usingthe passport number, date of birth, and expiration date ofthe document. Key diversification creates a unique key foreach passport; however, keys are diversified using known datawhich is not random and therefore has low entropy. A truerandom number cannot be known to both the inspectionsystem and the secure chip without doing one of thefollowing.

• Use a back-end system to store a known secret randomnumber. The same number can be stored in the card.

Page 7: A survey of system security in contactless electronic passports

160 I N T E R N A T I O N A L J O U R N A L O F C R I T I C A L I N F R A S T R U C T U R E P R O T E C T I O N 4 ( 2 0 1 1 ) 1 5 4 – 1 6 4

• Exchange the random number as part of a setup message.However, this must be passed in the clear, which weakenssecurity.

• Use a known but secret coding algorithm to generate thesame codes. A known algorithm could be used to generatea pseudo random number. However, this is not a goodapproach since a secret black box algorithm could bebroken.

(2) Session key derivation: BAC uses two keys, one for encryptionand another for calculating the message authentication codebeing exchanged between reader and secure chip. Sessionskeys are generated using a seed key derived using the dataread from the MRZ.

(1) The passport contains Kseed, MRZData, CEnc and CMAC. Thesession keys are derived from seed key and personal datastored in MRZ. Kseed CMACMRZData CENC

(2) The seed key Kseed is diversified using data stored in the

MRZ.

MRZData ⊗ Kseed → Kdiv.

(3) The Kdiv is concatenated with 32-bit counters. One forencryption and the other for MAC.

D =

KEnc ⇐ Kdiv ‖ CEnc,

KMAC ⇐ Kdiv ‖ CMAC.

(4) Next, a message digest is generated on the key set D. SHA-1 is calculated on both the keys defined in key set D, nowcalled H. This is a 160-bit or a 20-byte long number.

H =

HEnc ⇐ SHA(KEnc),

HMAC ⇐ SHA(KMAC).

(5) The first 56 bits of H constitute Ka, and the checksum iscalculated using DES algorithm. The computed checksumis appended to the key to make it 64 bits long.

H → Ka.

(6) The next 56 bits from the 64th bit of H constitute K(b),and the checksum is calculated using DES algorithm. Thecomputed checksum is appended to the key to make it 64bits long.

H → Kb.

(7) The last 20 bits or four bytes of H are discarded with noeffect.

(8) The challenge–response messaging verifies the passportas per ISO 11770-2 using 3DES in block-cipher mode.

(9) Random numbers (nonces) generated by the passport andthe reader are of eight bytes long.

The keys generated are valid from start to the endof communication between the verification device andePassport. The lifetime of the document signing key is equalto the longest time for which the passport is valid plus timefor which the key has been used to sign other passports. Thedocument-signing key is erased once the key has expired.Countries choose the frequency at which a new document-signing certificate is issued.(3) Challenge–response: The message sequence for challenge–response is summarized below. The nonce is eight bytes or64 bits long.

(1) The verification device generates a random number Rv

and encrypts with the triple DES keys generated.

Mvp = 3DES(Kab(Rv)).

(2) The passport decrypts it and verifies if the randomnumber matches. Rv encrypts with the triple DES keysgenerated.

Rv = 3DES−1(Kab(Rv)).

(3) Passport generates a random number Rp encrypts with thetriple DES keys.

Mpv = 3DES(Kab(Rp)).

(4) The verification device decrypts the challenge and verifiesif the randomnumbermatches. Rp encrypts with the tripleDES keys generated.

Rp = 3DES−1(Kab(Rp)).

(4) Message authentication: Every message between passportand the reader can be appended with a Message Authen-tication Code (MAC). The MAC is calculated per the ISO9797-1 MAC algorithm. The MAC is calculated using the DESalgorithm with Cipher Block Chaining (CBC). For all blocks ex-cept BN−1, Ka is used for encryption. For every block, an in-cremental counter is appended to the message to make itsMAC unique. This technique works well against message re-play attacks [14], which are common in wireless communi-cation. Note that the next to last block is encrypted using Kbinstead of Ka.(5) Security weaknesses

(a) Key generation: Both the encryption and the MAC keyare generated from the same seed key. Although there areadditional counters attached to generate the encryptionand MAC keys, the compromise of one single key Kseedcould be sufficient to break the encryption as well as themessage authentication code. Note that the counter is onlyan additional number incremented by one. To overcome thisthreat, the counters can be easily replaced by a randomnumber which can be either encrypted or attached to themessage.

(b) Key diversification: The seed key Kseed is diversifiedusing the passport holder’s name and date of birth. The keysmay be diversified using the passport’s information from thedata page. The entropy of the diversification information islimited. The diversification information is available in thedata page of the passport. This data in most cases areencoded in the machine-readable zone. Despite the use ofthe SHA 200 hashing algorithm, the key generated may notbe truly random.

(c) Cryptographic algorithm: The choice of cryptographicalgorithm has been DES, a well known and proven standardfor symmetric encryption/decryption of data. However, withRijndael’s algorithm already announced as the AES, the choiceof DES does not seem appropriate. AES has already beendesigned into some networking and banking protocols. AES’sstronger substitution permutation network structure and thefact that it can be implemented well on a medium- or small-sized chip, like the one used for passports, makes it a bettercandidate than DES. The lack of adoption of AES in theePassport standards should probably be revisited sometime.

Page 8: A survey of system security in contactless electronic passports

I N T E R N A T I O N A L J O U R N A L O F C R I T I C A L I N F R A S T R U C T U R E P R O T E C T I O N 4 ( 2 0 1 1 ) 1 5 4 – 1 6 4 161

(d) Chip and data cloning: The secure chip cannot be easilyprotected against a clone attack. A cloned chip is assumed tohave copied all data bit-wise and replicated to similar silicon.Detection of such clones is a challenge which industry ispresently facing. The anti-cloning solutionmay lie beyond thesecure chip is some special type of printing or material that isadded to passports.

5.3. Extended access control

Following roll out of US passports, the EU came up withits set of passport identification standards and securityprotocols [9,15]. EAC is designed for a second generation ofpassports which involves storing biometrics of the holder.The common biometrics used are either finger prints oriris images. Terminal Authentication is being implementedby EU countries with some country-specific extensions. EACkeys are exchanged bilaterally between the issuing andvisited state. The signed certificates must be available to theverification device for reading biometric information storedon the secure chip.

EAC replaces active authentication by chip authentication.As per [16], an EAC mutual authentication session consists ofthe following stages with mandatory and optional parts.

(1) BAC [Mandatory for all passports]: Establishes a securechannel with diversified keys.

(2) Chip authentication [Mandatory for second generationpassports]: EAC replaces active authentication by manda-tory chip authentication.

(3) Passive authentication [First generation passports]: Pas-sive authentication is performed as per ICAO 9303 spec-ifications.

(4) Terminal authentication [Mandatory for second genera-tion passports]: EAC adds terminal authentication to mu-tual authentication. All terminals are not trusted by thepassport, as is the case for first generation passports.

EAC [17] message exchange consists of two stages: chipauthentication followed by terminal authentication. The chipis “deduced” to be verified at the beginning of the secondstage since it is able to encrypt and decrypt messages usingsession keys negotiated in the first stage. The session keys areestablished in the chip authentication stage. The first stageconsists of an Elliptic Curve Diffie–Hellman or Diffie–Hellmankey exchange. The terminal authentication stage consists ofsignature verification using either RSA or ECDSA.(1) Security weaknesses

(a) Card verifiable certificates: EAC involves the useof card-verifiable certificates, which are not standard.Unlike X.509 and PGP certificates, such non-standardcertificates are not widely deployed. There have been limitedimplementations [18] of verification of X.509 certificates onsmart card chips. A card-verifiable certificate cannot berevoked. Its validity checked with time since cards do nothave a clock. This weakness limits the effectiveness ofsecurity mechanisms based on card-verifiable certificates.

(b) Loss of verification terminal: In extended authenticationschemes, a private key is stored in the terminal; therefore anytheft or loss of a verification terminal could jeopardize thesecurity of all passports using the corresponding public key.This could mean a breach of security; however, to overcomethis weakness, tamper-resistance mechanisms should bedeployed to secure storage of keys and sensitive information.

Table 4 – ePassport biometrics.

Name Classification

Facial image PublicEncoded finger PrivateEncoded iris/retina PrivateVisual mark PrivateSignature Private

6. Biometrics

Facial images and fingerprints are the most useful biometricsfor ePassports [19]. Biometrics add another dimension to theauthentication of ePassports by allowing checks for “whatyou have” and “what you are” at the same time. Biometricscan help to move from manned border crossing stationsto unmanned border verification stations. The automatedverification of credentials was first implemented by Malaysiaand followed by Australia. Brazil has decided to roll outits ePassports with all ten fingerprints and a facial imageencoded on the chip.

Many countries use biometrics for law enforcement, usinga one-to-many search-and-match to identify criminals. Sincecriminals often try to cross country borders, having similarmechanisms such as FIPS 201 or Personal Identity Verification(PIV) is useful for ePassports. A one-to-many comparisonrequires additional storage and computing for quick results.This can be achieved only by letting the minutiae out ofthe secure chip and matching them to the database of foulfingerprints. EAC grants or denies access based on biometricinformation stored in the secure chip. Just like electronicsignatures, a biometrics template is unique to the passportholder. Therefore, it raises different privacy concerns aboutthe distribution of template information. Storing biometricssecurely in the secure chip with access control is the best wayto maximize security and privacy concerns. As per ICAO, thefacial image of a passport holder is not sensitive or secretbiometric data. A facial image is used in BAC for personalidentification and therefore, it is not encrypted. Table 4 showsprovisions available in electronic passports for additionalbiometrics like an iris or retinal image and visual marks.

6.1. Electronic verification

Electronic verification is possible only if the passport holderis present. The verification station has necessary devicesto capture biometric data of the passport holder. If thebiometrics data is encrypted, it must be decrypted aftergenerating the diversified keys which are calculated only afterreading the MRZ. The biometrics of the passport holder iscaptured using a capturing station. It is matched againstthe templates stored in the secure chip. ICAO specificationsdo not mandate a comparison of biometrics on the securechip, commonly know as “match on chip” Since the matchis typically done on the verification device, to secure theverification the biometrics should be encrypted since they aretransmitted over a wireless link.

Besides the risk of losing minutiae to an illegitimateterminal, the verification of fingerprints at an unmannedstation introduces the ‘gelatin finger’ or ‘prosthetic finger’

Page 9: A survey of system security in contactless electronic passports

162 I N T E R N A T I O N A L J O U R N A L O F C R I T I C A L I N F R A S T R U C T U R E P R O T E C T I O N 4 ( 2 0 1 1 ) 1 5 4 – 1 6 4

threat. The threat of introducing a prosthetic or gelatin fingerwith ridges as per stolen images of an individual cannotbe easily mitigated. The author can propose reading morethan one finger to reduce the chances of such a threatsucceeding. Enrolling all ten fingers on the chip and randomlyselecting the finger to verify helps improve security. Thesecurity against this threat also improves if more than onefingerprint of the individual is verified. Extending this logic,if both the finger and facial biometrics are stored on thechip and electronically verified at the unmanned station, thegelatin finger threat is mitigated. Experts have argued that thefacial images could also be easily found and replicated to foolthe facial recognition systems; however, security with “dualchecks” should be an acceptable level of security.

6.2. Terminal verification

All terminals are usually not granted access to read thebiometric templates stored on the card. Some countries likeGermany have designed their systems to validate the accessrights of terminals to read the template before exposingtemplates to them. Terminal authentication is performed,and the access bits are decoded to check for the access rights.

7. Protection profiles

Common criteria profiles [20,21] have been defined for eachtype of ePassport access control. Most of the hardware,embedded software, manufacturing process and issuance,and handling systems are evaluated to meet high degreesof assurances. The two different protection profiles coverthreats as perceived by the developers of such profiles. Theprotection profiles may be comprehensive but may not becomplete. An example of such a threat is a side-channelattack. Protection against such an attack has been built inmost of the secure controllers.

8. Conclusions

Since ePassports are being issued in place of traditional paperpassports, which do not have secure RF-enabled contactlesschips, the security of ePassports must be better than paper-based passports, which are not vulnerable to skimming,eavesdropping, or tracking attacks. This is an unwritten andprobably unrealized expectation from the issuing countries,passport holders, and society. The world is seeing the first fewgenerations of RFID passports. The convenience and securityof contactless access control transactions are here to stay.The second generation passport with biometric access controlwill be more prevalent in the coming years. The future ofpassports may shift from single-chip electronics with RFIDto multi-chip modules. Such modules will have a combineddata storage capacity of multiple chips. Future ePassportsmay look like a secured solid disk with onboard sensorsand limited or no printed information. This would be atrue generation shift from paper electronic to fully electronicpassports. Such a passport may have its own sensors onboard to validate its holder. Some other interesting security

Table 5 – Generations of passport.

Generation Type

Generation 0 MRZGeneration 1 BAC + PA, EAGeneration 2 EAC + TA, CAGeneration 3 eVisasGeneration 4 Advanced electronics

features like RF-DNA [22,23] can be used as certificates ofauthenticity in lieu of electronic certificates. These methodsrely on physical creation of fingerprints which would identifyeach passport. See Table 5.

Appendix A. Construction

(1) Inlay: The tamper-proof chip embedded in a passportis connected to a coil and made into an inlay which isinserted on either the cover or first page of a machine-readable travel document (MRTD). The term MRTD refers toePassports as well as other travel authorization documentsincluding visas and permits for entry. The inlay is usuallycomposed of different layers of synthetic polymers. Thepolymers protect the coil, chip, and more importantly theinterconnect. The most important of all components is asecure RF-enabled tamper-proof chip which allows readingof data while securely storing it. An ePassport’s physicalconstruction is required to last for at least 10 years. Thephysical construction should be strong enough to survive thepressure and temperature that it could be subjected to inthose years [16].

The construction of a passport consists of layersof laminated poly-carbonate or polyester (PET/PETG) orsome other material which is a combination of similarmaterials [24]. The inlay is usually 300–480 µm thick,depending on the thickness of the silicon. The dimensionsof the inlay are about 600 × 400 mm in length and width.The chip is made into a module before bonding the antennato the module. Often, layers of different materials are usedto strengthen the composition of the inlay. An inlay goesthrough numerous test cycles, including the ISO 10373physical, temperature, magnetic, electric, and chemical tests.Besides this, an inlay must go through another importanttest known as the high-pressure impact or “stamping” test.Since passports are often stamped, they need to survive thestamping impact stress.(2) Antenna: The antenna is typically made of copper used toconstruct coil with right attenuation and RF characteristics.The dimensions of antenna for a passport are specified inISO 7810 ID-1. The size of such an antenna is between 85.60and 53.98 mm (3.370–2.125 in). The number of turns in thecoil is not specified but left to the antenna designer. Thesame goes for material used to manufacture the antenna. Theelectrical and magnetic characteristics of the magnetic fieldare specified in ISO 14443.(3) RF shield: An RF shield is a mesh of electro-magneticallyopaque material, usually put on the cover of a passportto avoid skimming and eavesdropping [25]. The shield,also known as a “Faraday Cage”, is often in the form of

Page 10: A survey of system security in contactless electronic passports

I N T E R N A T I O N A L J O U R N A L O F C R I T I C A L I N F R A S T R U C T U R E P R O T E C T I O N 4 ( 2 0 1 1 ) 1 5 4 – 1 6 4 163

Fig. 5 – Directions for measuring attenuation.

a pouch or cover on the passport [26]. The shield offers−40 to −60 dB attenuation in the frequency band around13.56 MHz to limit skimming or eavesdropping. This levelof attenuation is perceived to block the communicatingsignals between a passport and interrogating readers. AnRF shield is not fully effective in blocking communicationbetween a reader and a passport. A reader with strong signalcan be designed that could nullify attenuation provided byan RF shield when the ePassport is open. Shield is lesseffective if it is placed in the cover page and the coverpage is opened. The shield provides some safety but not thesurety of blocking communication between a passport anda rogue-interrogating reader. It should not be relied uponas the sole mechanism to avoid such attacks. The exactmethods of measuring the attenuation of electro magneticshielding are defined in [26]. For the geometry of the ID1format, attenuation should be calculated at all six sides andpreferably at regular angular intervals of inclination. Thedifferent directions of measurement are illustrated in Fig. 5.

(4) The secure chip: The secure chip module is usually smallerthan 20 mm2. Of six pins of a secure chip, only two areconnected to the antenna. Other pads that are not usedmust be secured against probing attacks. The contactlessair interface could be either Type A or B. Per ICAO, theminimum size of available persistent nonvolatile memory onthe chip should not be less than 30 kB. Chips with 30 kB ofavailable data space, are sufficient only for storing a minimalset of mandatory biometrics and can be used only for first-generation ePassports. Higher capacity chips are required forcountries intending to store visas and travel information onthe passport. The writable information on a chip includesdata groups DG17, DG18, and DG19. The significance ofeach data group is explained in Appendix B below. Insuch cases, the minimum size of persistent nonvolatilememory must be greater than 256 kB. The chip should becapable of generating random numbers. It should performat least DES/3DES cryptographic operations like encryption,hashing, and signing for BAC. The chip must be capable ofperforming asymmetric cryptographic operations like EllipticCurve Diffie–Hellman key exchange for EAC.

(5) Radio frequency: All ePassports are specified to work only at13.56 MHz for the advantages of high-frequency communica-tion over low frequency. The 13.56 MHz communication bandis more immune to processor noise, noise from the earth’sfield, and the surrounding environment, which is necessary

Table 6 – Mandatory logical data.

Location Group Type

MRZ + Chip DG1 Holder and passport info.Data page + Chip DG2 Encoded face of holder

Table 7 – Issuing state or organization logical data.

Name Data

DG3–DG7 Holder’s biometricsDG8 Data feature(s)DG9–DG14 Structure feature(s)DG10 Substance feature(s)DG11–DG14 Additional info/RFUDG15 Active authentication key infoDG16 Person to notify

for stable and consistent RF communication. The RF commu-nication is based on ISO 14443 standards developed for near-field inductively coupled systems. ICAO defines communica-tion to be either Type A or Type B. ICAO [27–29] has additionaltest standards for stronger adherence to field strengths andmodulation indices. Also defined are strong test criteria forits qualifications.

Appendix B. Logical data structure

To achieve interoperability, the LDS of electronic passports isdefined by an ICAO standard. The data structure has variousmandatory or optional components. Data groups DG 1-16 arewritten by the issuing country; data groups DG 17-19 arewritten by a receiving country.(1) Mandatory issuing state or organization data: The mandatoryencoded LDS is shown in Table 6. This includes two datagroups DG1 and DG2.(2) Optional logical data: The optional LDS which can beencoded is shown in Table 7.

Appendix C. Electronic passport public key infras-tructure

An ePassport requires a PKI for every issuing country and across state (central) repository to exchange any updates. APKI is required even for BAC and passive authentication ofePassports. Every issuing country has its own Country SigningCertificate Authority (CSCA) and Country Verifying CertificateAuthority (CVCA). A CSCA’s public signature key is denoted asKPuCSCA, and its private signature key is KPrCSCA. A CVCA’spublic signature key is denoted as KPuCVCA, and its privatesignature key is KPrCVCA.

A CSCA issues certificates to the document signer whichare used to sign the LDS. The document signer’s public keyis denoted as KPuDS and the private key is KPrDS. A CVCAissues certificates to a Document Verifier (DV), which may ormay not be the same entity as the document signer. For activeauthentication, an additional key pair is added. This key pairis only used in a challenge–response to actively authenticatethe ePassport chip. The public active authentication key

Page 11: A survey of system security in contactless electronic passports

164 I N T E R N A T I O N A L J O U R N A L O F C R I T I C A L I N F R A S T R U C T U R E P R O T E C T I O N 4 ( 2 0 1 1 ) 1 5 4 – 1 6 4

is denoted as KPuAA and the private key is denoted asKPrAA. The authenticity of an ePassports is verified by thedocument verifier. The issuing country can revoke certificatesand have a need to update the CRL and set of documentverification certificates. These certificates are normally storedin a common shared and secure repository, which is regularlyscanned for updates.

R E F E R E N C E S

[1] United States of America, Department of State, ElectronicPassport, 22 CFR Part 51 [Public Notice 5208] RIN 1400-AB93,Final rule, October 25, 2005.

[2] Department of Homeland Security Website.[3] E. Bjelksen, L.W. Olsen, Security Issues in ePassports — ICAO

Standard and National Implementations as Part of the USVisa-Waiver Program, May, 2006.

[4] Department of Homeland Security US-VISIT Program,http://www.dhs.gov/files/programs/usv.shtm, 2010.

[5] A. Juels, D. Molnar, D. Wagner, Security and Privacy Issues inePassport April 17, 1995.

[6] P. Kocher, J. Jaffe, B. Jun, Differential Power Analysis,Cryptography Research Inc., 1999.

[7] United States Department of Transportation, FAA Pri-vacy Impact Assessment of IDMS and PIV Cards,http://www.dot.gov/pia/faa_idms.htm, Feb. 2008.

[8] International Civil Aviation Organization, Machine ReadableTravel Documents (MRTDs): History, interoperability andimplementation. Release 1, Draft 1.4, March 23, 2007.

[9] BSI, Technical Guide TR 03110, Ver. 1.11 Advanced SecurityMechanism for Machine Readable Travel Documents —Enhanced Access Control, 2008.

[10] Federal Information Processing Standards (FIPS), Secure HashStandard, Publication 180-1, April 17, 1995.

[11] C. Mitchell, Limitations of Challenge Response EntityAuthentication, HP Laboratories, 1989.

[12] Dennis K. Kugler, Extended Access Control - Infrastructureand Protocol, Interop-Test, Federal Office for InformationSecurity, June 2006.

[13] B. Schneier, Schneier on Security, RFID Passport Se-curity http://www.schneier.com/blog/archives/2005/04/rfid_passport_s.html, April 28, 2005.

[14] Z. Cheng, R. Comley, Attacks on an ISO/IEC 11770-2 KeyEstablishment Protocol, Sept 23, 2004.

[15] T. Nguyen, Contactless Authentication Protocol for MRTDs:BAC & EAC, Bundesdruckerei GmbH, RFID Security, 2006 Graz.

[16] V. Krishnan, H. Wang, Security analysis of australian and E.U.e-passport implementation, Journal of Research and Practicein Information Technology 40 (3) (2008).

[17] M. Schlter, Z. Riha, B. Hofbauer, ePassports EAC Conformityand Interoperability Test Results, Prague 2008.

[18] O. Henniger, K. Lafou, D. Scheuermann, B. Struif, VerifyingX.509 Certificates on Smart Cards, HP Laboratories, 2006.

[19] M. Nüsken, Lecture Notes Electronic Passport & Biometrics,b-it Bonn-Aachen International Center for InformationTechnology Winter 2006/2007.

[20] Common Criteria, Common Criteria Protection Profile, MRTDBasic Access Control, Bundesamt für Sicherheit in derInformationstechnik, Version 1.0, August 2005.

[21] Common Criteria, Common Criteria Protection Profile, MRTDExtended Access Control, Bundesamt für Sicherheit in derInformationstechnik, Version 1.1, September 2006.

[22] G. DeJean, M.K. Mihcak, D. Kirovski, RF-DNA: Radio-Frequency Certificates of Authenticity, Cryptographic Hard-ware and Embedded Systems - CHES 2007, in: Lecture Notesin Computer Science, Volume 4727/2007, 2007.

[23] Y. Chen, M.K. Mihcak, D. Kirovski, Certifying authenticity viafiber infused paper, ACM SIGecom Exchanges 5 (3) (2005).

[24] Smartrac Website.[25] International Civil Aviation Organization, Doc 9303 Part 1,

Vol. 2, Specifications for electronically enabled passportswith biometric identification capability, 2006.

[26] IEEE, Standard Method for Measuring the Effectiveness ofElectromagnetic Shielding EnclosuresIEEE, 1997, pp. 299–2.

[27] International Civil Association Organization, RF protocol andapplication test standards for ePassport Part 2, Tests for airinterface initialization, anti-collision and transport protocol.Version 1.02, Feb 20, 2007.

[28] International Civil Association Organization, RF protocol andapplication test standards for ePassport Part 3, Tests for airinterface initialization, anti-collision and transport protocol,Tests for application protocol and logical data structure.Version 1.01, Feb 20, 2007.

[29] International Civil Association Organization, RF protocol andapplication test standards for ePassport Part 4, ePassportreader tests for air interface, initialization, anti-collision andtransport protocol. Version 1.01, Feb 20, 2007.