Skip to main content
SpringerLink
Log in

ePassport: Side Channel in the Basic Access Control

  • Conference paper
  • First Online:
Radio Frequency Identification: Security and Privacy Issues (RFIDSec 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8651))

Abstract

An electronic version of the traditional passport (ePassport) is nowadays issued by many countries to their citizens. A contactless chip storing personal details of the document holder is embedded in the ePassport cover. To prevent unauthorized reads of the chip’s content and to protect its communication with a legitimate reader the Basic Access Control (BAC) has been introduced. Thanks to the BAC, only those readers aware of the secret associated with an ePassport chip can access its content. In this paper we show that a side channel analysis can be carried out for some chips secured with the BAC. In particular we analyze the chip response time during BAC operations, showing how the collected data could be exploited to mount an attack in order to get access to the chip’s content. We have verified the presence of such side channel in real ePassports and stress that electronic Driving Licences could be affected as well, since the same access control mechanism is adopted for them.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. International Civil Aviation Organization: Machine Readable Travel Documents. Part 1, vol. 1, Sixth Edition (2006)

    Google Scholar 

  2. International Civil Aviation Organization: Machine Readable Travel Documents. Part 1, vol. 2, Sixth Edition (2006)

    Google Scholar 

  3. Juels, A., Molnar, D., Wagner, D.: Security and privacy issues in e-Passports. In: Proceedings of the IEEE 1st International Conference on Security and Privacy for Emerging Areas in Communications Networks, pp. 74–88 (2005)

    Google Scholar 

  4. Avoine, G., Kalach, K., Quisquater, J.-J.: ePassport: Securing international contacts with contactless chips. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 141–155. Springer, Heidelberg (2008)

    Google Scholar 

  5. Hoepman, J.-H., Hubbers, E., Jacobs, B., Oostdijk, M., Schreur, R.W.: Crossing borders: Security and privacy issues of the European e-Passport. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 152–167. Springer, Heidelberg (2006)

    Google Scholar 

  6. Liu, Y., Kasper, T., Lemke-Rust, K., Paar, C.: E-Passport: Cracking basic access control keys. In: Meersman, R. (ed.) OTM 2007, Part II. LNCS, vol. 4804, pp. 1531–1547. Springer, Heidelberg (2007)

    Google Scholar 

  7. Sportiello, L.: Weakening ePassports through bad implementations. In: Hoepman, J.-H., Verbauwhede, I. (eds.) RFIDSec 2012. LNCS, vol. 7739, pp. 123–136. Springer, Heidelberg (2013)

    Google Scholar 

  8. Chothia, T., Smirnov, V.: A traceability attack against e-Passports. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 20–34. Springer, Heidelberg (2010)

    Google Scholar 

  9. libnfc: Public platform independent Near Field Communication (NFC) library, Version 1.7.0 (2014). http://nfc-tools.org/

  10. Sportiello, L., Ciardulli, A.: Long distance relay attack. In: Hutter, M., Schmidt, J.-M. (eds.) RFIDsec 2013. LNCS, vol. 8262, pp. 69–85. Springer, Heidelberg (2013)

    Google Scholar 

  11. International Civil Aviation Organization: Supplemental Access Control for Machine Readable Travel Documents, version 1.01 (2010)

    Google Scholar 

  12. Commission Regulation (EU) No. 383/2012: Laying down technical requirements with regard to driving licences which include a storage medium (microchip), 4 May 2012

    Google Scholar 

  13. ISO/IEC 18013: Information Technology - Personal Identification - ISO-Compliant Driving Licence - Part 3: Access Control, Authentication and Integrity Validation (2009)

    Google Scholar 

Download references

Acknowledgments

We thank Philippe Teuwen for his suggestions about the use of libnfc.

Author information

Authors and Affiliations

  1. European Commission, Joint Research Centre, Via Enrico Fermi 2749, 21027, Ispra, VA, Italy

    Luigi Sportiello

Authors
  1. Luigi Sportiello
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Luigi Sportiello .

Editor information

Editors and Affiliations

  1. Computer & Information Science, University of Alabama, Birmingham, Alabama, USA

    Nitesh Saxena

  2. Technische Universität Darmstadt, Darmstadt, Germany

    Ahmad-Reza Sadeghi

Rights and permissions

Reprints and permissions

Copyright information

© 2014 European Union

About this paper

Cite this paper

Sportiello, L. (2014). ePassport: Side Channel in the Basic Access Control. In: Saxena, N., Sadeghi, AR. (eds) Radio Frequency Identification: Security and Privacy Issues. RFIDSec 2015. Lecture Notes in Computer Science(), vol 8651. Springer, Cham. https://doi.org/10.1007/978-3-319-13066-8_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-13066-8_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-13065-1

  • Online ISBN: 978-3-319-13066-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation