By Topic

Securing ePassport system: A proposed Anti-Cloning and Anti-Skimming Protocol

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Muhammad Qasim Saeed ; College of Signals, National University of Sciences and Technology, Rawalpindi, Pakistan ; Ashraf Masood ; Firdous Kausar

Despite the fact that RFID based ePassport (a.k.a biometric passport) has increased the efficiency of passport systems; it has created many new threats concerning personal data protection. Cryptographic tools are used to counter these threats but vulnerabilities are discovered in the implementation of these tools. For instance, basic access control (BAC) is used to thwart data skimming from the ePassport to an illegitimate reader. Study reveals that the BAC keys suffer from very low practical entropy, therefore BAC cannot be considered as an effective tool against skimming attacks. Moreover, active authentication (AA), a measure against chip cloning, can be bypassed by amending the EF.COM file of the passport chip. In this paper, an anti-cloning and anti-skimming protocol (ACASP) is proposed that provides a counter solution to the aforementioned vulnerabilities. It takes advantage of public-private key pair stored in the chip and optional data storage capacity in machine readable zone (MRZ) of the passport. It increases BAC keys entropy from 30-40 bits to 56 bits and provides an entirely different approach to avoid chip cloning. ACASP can be implemented without any change in hardware of reader and tag. It also requires no change in logical data structure (LDS) of the RFID chip. However, application software of reader and tag needs to be modified as required.

Published in:

Software, Telecommunications & Computer Networks, 2009. SoftCOM 2009. 17th International Conference on

Date of Conference:

24-26 Sept. 2009