CIS 4103Research Methods for Emerging Technologies

Phase 3

Privacy and security issues in RFID system; used in E-passport

Due Date: 9 Dec 2015

Instructor: Dr. Muawya Al Dalaien

Submitted by:

Khulood Salem H00224609

Fatima Younus H00224806

Hessa Issa H00234441

Sumaya Mohammad H00227566

1 | P a g e

Important - Academic Honesty

No part of this assignment has been copied from another source, (not from another group or student, an internet source or a book)

When another person’s words are used, this is shown in the text with “…” and referenced.

No part of this assignment has been written for me by any other person.

I have a copy of this assignment that I can produce if the first copy is lost or damaged.

The marker may choose not to mark this assignment if the above declaration is not signed.

If the declaration is found to be false, appropriate action will be taken. Plagiarism is copying and handing in someone’s work as your own

Any student found guilty of this type of cheating will be dismissed from the college.

Your grade on this assessment will be part of your final course mark.

The penalty for cheating is dismissal from the HCT

I have read and understood the above instructions and confirm that all of the material contained

in this assessed task is my own work and/or is appropriately sourced.

Student signature: _______________________________ Date: 08-12-2015

Student signature: _______________________________ Date: 08-12-2015

Student signature: _______________________________ Date: 08-12-2015

Student signature: _______________________________ Date: 08-12-2015

2 | P a g e

Contents

Abstract ........................................................................................................................................... 3

Key words ....................................................................................................................................... 3

1.0 Introduction ............................................................................................................................... 4

2.0 Research Questions ................................................................................................................... 5

2.1 RQ 1 ...................................................................................................................................... 5

2.2 RQ 2 ...................................................................................................................................... 6

3.0 Literature Review...................................................................................................................... 6

3.1 Skimming .............................................................................................................................. 6

3.1.1 Standardization ............................................................................................................... 6

3.1.2 Basic Access Control (BAC) .......................................................................................... 7

3.2 Biometric Data ...................................................................................................................... 7

3.2.1 Automation through Biometrics ..................................................................................... 7

3.2.2 Data Protection ............................................................................................................... 8

3.2.3 Restoring Privacy ........................................................................................................... 8

3.3 Partial Solution to cloning and counterfeiting....................................................................... 9

3.3.1 Passive Authentication ................................................................................................... 9

3.3.2 Active Authentication ..................................................................................................... 9

4.0 Summary ................................................................................................................................. 10

5.0 Method .................................................................................................................................... 10

6.0 Results ..................................................................................................................................... 12

6.1 Threats ................................................................................................................................. 12

6.2 Measures.............................................................................................................................. 13

7.0 Discussion ............................................................................................................................... 14

7.1 RQ 1 .................................................................................................................................... 14

7.2 RQ 2 .................................................................................................................................... 16

8.0 Conceptual Model ................................................................................................................... 17

9.0 Conclusion .............................................................................................................................. 18

10.0 References ............................................................................................................................. 19

3 | P a g e

Abstract

This research points out at the major threats related to e-passports and provides a

practical and an ideal solution for those problems. Therefore, primarily this research has been

focused on the security threats of e-passport and its solutions. Since the relevant information

pertaining to his research is available in the previous research, the secondary research method

was utilized to find the solution of the security and privacy problems.

The research shows that with the help of proper utilization of relevant authentication

keys, the problem of the security is solved to a large extent. The research also shows that there is

a need to enhance the entropy of Basic Access Control keys.

Key words

E-passport, Security, Privacy, Skimming, Biometric, Cloning, Counterfeiting,

Basic Access Control, and Enhanced Access Control.

4 | P a g e

1.0 Introduction

The e-passport utilizes an RFID card, which is scanned by relevant authorities to

retrieve the required information. Now, RFID is a relatively older technology, however

its utilization for the practical purposes has been fairly recent (Bolic, Simplot-Ryl, &

Stojmenovic´, 2010). The main reason for the introduction of this system was the

enhancement of security.

The primary feature of an RFID card is that it can be scanned wirelessly,

however, this feature has a high probability of getting attacked. In fact, due to this

feature, various researchers have claimed that the security via RDIF card is an

impossibility (van Deursen, 2011). There are two main types of attack that are possible

on the RFID card, namely, skimming and eavesdropping. In skimming the attacker

retrieves the information without the permission of the permission of the user, while in

eavesdropping the attacker takes the information during the time when the real

authentication process is undertaken (Hancke, 2011).

The attacker can also use other vulnerable areas to e-passport technology to carry

an attack. In these attacks, multiple types of information is compromised, namely,

availability, confidentiality, authorization, verification, consent, authentication,

verification, and integrity (Sinha, 2011).

In order to deal enhance the security of e-passports, the additional feature of

biometric data was added. However, the biometric data prove to be unfruitful, if the poor

quality of data has been uploaded (European Agency for the Management of Operational

5 | P a g e

Cooperation at the External Borders of the Member States of the European Union, 2011).

Additionally, it is also prone to all the above mentioned threats (Kolahan & Thapaliya,

2011). The biometric data is highly personal data and when it is stored in passports, it is

at a high risk of getting leaked either through some intruder or through some other

medium. Due to this reason, the idea of it is not very popular among masses (Beel, Gipp,

& Rössling, 2007).

In order to protect data, multiple security protocols have been developed and

suggested by researchers, overall these authentication protocols does not guarantee safety

in all security aspects. For example, one research suggested a protocol that provided

unclonable authentication, however, it was soon proved that the provided suggestion did

not solve the problem of information leakage (Habibi, Gardeshi, & Alaghband, 2011).

2.0 Research Questions

The following research questions need to be mentioned to have a complete idea about the

topic clearly:

2.1 RQ 1

What type of attacks that will expose the security and privacy of E-passport?

The new technology of e-passport was introduced to enhance the border security.

The idea was revolutionary was accepted immediately in all the technologically advanced

6 | P a g e

countries of the world. However, later researches pointed out that there were various gaps

present in the system, which can be used by the attackers to infiltrate the privacy and

security of the individual and the country. Therefore, before addressing any issues

relating to the e-passport technology, this issue needs to be addressed. Therefore, the

research first seeks to find the major and privacy and security threats related to e-

passports.

2.2 RQ 2

How to counter measure this attack?

The threats presented by the researchers and also from various attacks on the

individuals’ passports prompted the authorities to take measures in securing the e-

passport. As a result of this, a wide variety of research and experiments have been done

on the issue of e-passport. Due to this reason, this research focused on the secondary

research method to find out the counter measure for the attacks.

3.0 Literature Review

3.1 Skimming

Now, in order to stop skimming, certain protective mechanisms, such as Faraday

cage have been provided.

3.1.1 Standardization

7 | P a g e

Other than utilizing the method of Faraday cage, the following step has been

suggested to tackle the problem of skimming. This problem can be sorted by making a

standardized guidelines. The International Civil Aviation Organization (ICAO) has issued

specifications for a set of commands, however, for the commands that are not included in

the ICAO guidelines, the countries are free to implement their own responses. This has

created diversity in the implementation. Now, if ICAO includes specifications for all the

required responses, the probability of the mentioned problem would reduce to a large

extent (Richter, Mostowski, & Poll, 2008).

3.1.2 Basic Access Control (BAC)

BAC protocol is helpful in providing an encrypted flow of data between the

reader and the chip. In the e-passports utilizing this system, the undertaking of this

protocol becomes mandatory before the data transfer occurs (Liu, Kasper, Lemke-Rust, &

Paar, 2007). The e-passport and the reading machine both carries a particular key. During

the process of initiation, if the both the keys matches then further process is continued.

As a result of this, the e-passport holder has no security risk of skimming

(Pasupathinathan, Pieprzyk, & Wang, 2008).

3.2 Biometric Data

3.2.1 Automation through Biometrics

The combination of RFID and biometrics have opened many directions and are

effectively changing the functioning of the airports. For example, with the help of these

information, machine readable travel documents can be created. This system can be

8 | P a g e

created with file systems with directories which are called dedicated files and data

groups. The data of the directory can be read with the help of optics (Rana & Luigi,

2014). These changes are already visible in the airports of the airports of Malaysia,

however they have introduced new forms of threats. For instance, increasing reliance on

automation can make it convening for various people to steal somebody else’s identity

and eventually present a security threat (Juels, Molnar, & Wagner, 2005).

3.2.2 Data Protection

To protect the biometric data, multiple researches have been done and steps taken.

The Extended Access Control (EAC) was primarily introduced to work upon

supplemental access control and basic access control. This was done to ensure the control

over the secondary biometric data (Chaabouni & Vaudenay, 2010). EAC 1 was

introduced to enhance protection for data groups that were not mandatory, such as,

fingerprint. The EAC 1 added various features like, secure messaging, terminal

authentication protocol, and security against cloning (Chaabouni & Vaudenay, 2010).

The system was further updated and was termed as EAC 2. This update eliminated the

weakness of unreliable clock that occurred due to terminal authentication.

3.2.3 Restoring Privacy

In spite of people’s skepticisms, steps must be taken to provide biometric data

security in e-passports. Now, a completely different approach for the security of this

information can be taken. The authorities can issue a unique validation code for each user

in a printed form. This code is to be obtained only upon validation. Now, if such a system

9 | P a g e

is established then the attacker don’t have any way left than to steal the passport

physically (Kumar, Srinivasan, & Narendran, 2012).

3.3 Partial Solution to cloning and counterfeiting

3.3.1 Passive Authentication

One of the basic method for the authentication of the RFID chip is passive

authentication. The primary function of this authentication process is the authentication

of the data transfer between the chip and the reader. Once the passive authentication is

done, the reader will be able to get all the necessary information, such as, iris, fingerprint,

photograph, and so on from the chip (Kumar & Srinivasan, 2011). This final

authentication is done with the already stored hashed value in the reader’s system. With

the utilization of this method, the reader will be able to find whether the revived data is

correct or not.

3.3.2 Active Authentication

One other method that is applied for authentication is called active authentication.

The active authentication method is primarily designed to check whether the chip of the

e-passport is the original one or has been replaced. The authentication in this method is

carried with the help of exclusive cryptographic key pair, namely, KPuAA, and KPrAA.

Here, KPuAA is the active authentication public key. This key is stored at the 15 Data

Group (DG 15). The final verification is done through cross-referencing the user’s key

(Sinha, 2011). In brief, first of all a request is sent to DG 15, which in turn verifies the

signature. The terminal then sends the authentication data to the passport, and in the final

stage, both the passport and terminal compute the data. But, this method provides security

10 | P a g e

only in certain areas of the first generation passports. This is primarily because the first

generation e-passports do not possess sensitive biometric data.

4.0 Summary

Therefore, from the above literature review, it can be seen that multiple system

like biometric system have evolved. However, these systems presented new difficulties,

and to tackle which, other data protection systems were developed. The literature also

shows the means through which threats like skimming, cloning, etc. could be dealt with.

Finally, it shows the authentication processes that have been developed to deal with the

privacy and security threats and it also presents various low-cost security alternatives.

5.0 Method

A proper selection of methodology is crucial for any research work. In most of the cases,

the methodology is adopted by considering the research aim. For this research, the

method of secondary research has been considered. This particular method was selected

as it best suited the research aim. A considerable amount of researches have been

conducted on various security and privacy aspects of e-passport. This research utilizes the

previous research to find a solution to the privacy and security of major aspects of e-

passport.

11 | P a g e

Due to this reason, the method of secondary research has been adopted for the research.

The research also provides a conceptual model of the security system that should be

utilized to enhance the present security system of the e-passports. The focus of the

presented of the presented information will be inclined towards the descriptive aspect.

Most of the presented inferred descriptive data has been collected from the previous

literature.

There are primarily three problems, or rather considerations, associated with the

secondary research. The first problem is that the researcher has to locate truly relevant

data that are useful for the undertaken research. The second problem is that the researcher

should be able to retrieve all the important and necessary data from the selected literature.

Finally, the collected data must be evaluated with reference to the undertaken research

(Hox & Boeije, 2005).

All the data that has been collected in this research deals with the problem of privacy and

security issues in e-passport. Extreme care has been taken while selecting the previous

researches. All the data that has been utilized have already been published in well-

recognized journals, and most of them, have been cited in other research works. The

previous research that has been cited in the literature review and the research section of

this work contained a wide variety of issues related to the privacy and security of e-

passport, however, to make this research flow in a productive dimension, only the most

prominent issues related to the security and privacy has been considered. The literature

review of this work has also been divided as per the selected major issues, namely,

skimming, biometric data protection, and protection against cloning and counterfeiting.

Finally, the problem has been analyzed by taking the different perspectives and solutions,

12 | P a g e

eventually, the collected data has been synthesized to generate a system that is highly

efficient in providing privacy and security in the all the mentioned domains.

6.0 Results

6.1 Threats

What types of attacks will expose the security and privacy of e-passports?

Let us first focus our attention on one of the major security issue facing the e-

passports, i.e. skimming. In brief, skimming is the type of attack in which the query is

made on the e-passport without the permission of the user (Avoine, Kalach, &

Quisquater, 2008).

As a protective measure against skimming, the ICAO has suggested guidelines

that requires the utilization of digital signature in e-passports. Also, ICAO has suggested

a specific UID that is utilized for link-layer collision. However, this guideline is not

sufficient for the protection of the e-passport, as the UID value provided to each passport

remains constant (Juels, Molnar, & Wagner, 2005). The attacker can benefit from this

constant value and attack the passport conveniently. The other method that has been

suggested to protect the data is using the Basic Access Control (BAC) keys. The problem

that this method faces is that the entropy of the BAC keys is very low. Additionally, there

are multiple countries that have not adopted the BAC key system in their e-passport

ubiquitously. Such pattern can be seen in the countries, such as, Belgium (Avoine,

Kalach, & Quisquater, 2008).

13 | P a g e

The introduction of the biometric data has presented multiple security threats.

Before, the introduction of the biometric data has enhanced the security of the border

control, but has depleted the personal security and privacy. Therefore, if the attack

happens on the biometric passport then all that biometric data of that person will reach to

the attacker (Pieprzyk, Vijayakrishnan, & Wang, 2008). This problems gets enhanced

because, various private and government organizations have started utilizing biometric

data for their internal security purposes (Juels, Molnar, & Wagner, 2005). Therefore, the

attacker who has gained access to the biometric data can be able to intrude in the

organization.

The security and privacy issue of cloning and counterfeiting is foundational as it

has its roots in the manipulation of RFID chip. In one of the investigative report, it was

said observed that the data from the e-passports can be retrieved very easily with the

instruments easily available online (Reid, 2006). After the retrieval the data can be easily

cloned. Also, the previously mentioned threats of biometric data is also applicable in this

threat (Pieprzyk, Vijayakrishnan, & Wang, 2008).

6.2 Measures

How to counter measure this attack?

The skimming can be prevented to a large extent by implementing BAC keys.

With the help of the BAC keys, the data on the e-passport will be only be accessed by the

verified control agencies. This is because in the BAC keys, the cryptographic keys,

namely, Kenc and Kmac are used (Juels, Molnar, & Wagner, 2005). With the inclusion of

these keys, it becomes very difficult for the attacker to access the private information of

14 | P a g e

the e-passport. The method of active authentication method discussed in the literature

review can also be utilized to take measure against skimming. However, due to the

aforementioned problem of low entropy, the security measures remain far from complete.

This however can be changed by increasing the value of entropy in the BAC keys.

This same measure of increasing the entropy can help in protecting the e-passport

against the cloning and eavesdropping. Before, the application of this measure, the

pervasiveness of the BAC keys system has to be increased. Therefore, all the countries

utilizing e-passports must take steps in this direction.

Now, in the e-passports that contains multiple sensitive information, such as,

finger prints, iris data, and so on, enhanced security measures are required. Many e-

passports nominally sensitive data, such as, photograph and other personal details, which

can also be accessed through other mediums. Therefore, for such e-passports, the BAC

keys will suffice the security requirement. On the other hand, additional layer of security

is required for the passports containing biometric data. This requirement can be fulfilled

with the application of Extended Access Control Keys (EAC) (Chaabouni & Vaudenay,

2010).Therefore, these are the primary measures that should be taken in order to secure

the information of e-passport.

7.0 Discussion

In this section the discussion on the findings of both the research questions will be done.

7.1 RQ 1

15 | P a g e

The presence of the sensitive information and the ease with which it can be taken

away has posed many eminent question concerning the continued utilization of this

technology of e-passport. This issue has its implication on multiple domains, such as,

social, technical, ethical, and economic. The social issue that emerges duet to the

considered threat is that with the help of counterfeiting and skimming, the attackers can

illegally enter into foreign lands and may do some illegal activities. This may disrupt the

social order and peace of that country, and if appropriate measures are not taken then the

problem might start expanding on a global scale.

Science and technology are ever evolving subjects, and therefore, it is not wrong

to use the current technology, however, a global effort and coordination must be made to

utilize the present technology in the most effective manner and also to take steps; spend

resources in the further enhancement of the technology.

The ethical question that is raised from this threat is that whether the authorities

are right in perpetuating the use of this technology in spite of being well aware of the

privacy threats. The answer lies in the previous solution, and that is that effective

utilization of the technology must be made, and the authorities must make it sure that the

private data of their citizens are not at stake.

The increased use of biometric data in securing the organizational and personal

data has raised economic concerns. The attacker who has attacked the e-passport and

gained the biometric data can steal the precious data or assets of that person and the

organization from which s/he belongs.

16 | P a g e

7.2 RQ 2

The results of the research shows that it is possible to fight the eminent threats of

skimming, counterfeiting, cloning, and the loss of biometric data. The results shows that

the mentioned threats can be eliminated by utilizing better authentication systems. The e-

passports utilized all over the world belong to different generations of technology.

Therefore, the research points that for nominally sensitive data, the utilization of the BAC

keys should be done and for highly sensitive data, the utilization of EAC keys must be

done. Additionally, it suggest that the entropy of the BAC keys must be enhanced to

further secure the sensitive data.

The solution also has various implications on all the previously discussed

domains. The civil society have to get actively involved in the process of securing the e-

passport. This active participation must be done with the coordination of the government.

The mentioned coordination becomes necessary, if the technology utilized in the e-

passport has to be made universal. The universality of the technology is essential to

enhance the security measures.

The technical domain is the most important aspect in maintaining and enhancing

the security of e-passports. Without this domain, it is impossible to achieve security of

the e-passports. However, care must be taken regarding economic aspect, i.e. the funding

of this domain. As already mentioned, the technological department must be funded

appropriately to assist its continuous evolution.

If the suggested measures are applied, the security system becomes highly

efficient. Therefore, the ethical question is diverted towards the authorities. Since the

17 | P a g e

authorities will have all the sensitive data of the citizens, it becomes their responsibility

further protect it and not misuse it.

8.0 Conceptual Model

18 | P a g e

9.0 Conclusion

On the basis of the aforementioned research it can be said that the enhancing the

security of e-passport is quite possible. The primary requirement for this is utilizing

effective authentication scheme, and slightly modifying the existing technology. That is

to say, enhancing the entropy of the of BAC keys. Two authentication keys have been

mentioned in the research for the different types of e-passport. However, they both can be

used interchangeably. In the ideal case, all the e-passport must inculcate the most

advanced technology of the time. This measure in the present times is not feasible,

however, with global coordination it can be done.

Therefore, the research provided both a practical and an ideal solution for

enhancing the security of e-passport. Considering the size of the research, only the major

threats pertaining e-passports were considered. Therefore, the limitation of this study was

the lack of the considerations of all the threats.

Finally, this work paves the way for further research in which all the aspects of

the threats are considered and consequently a design is created which addresses all or

almost all the threats pertaining e-passports.

19 | P a g e

10.0 References Avoine, G., Kalach, K., & Quisquater, J.-J. (2008). ePassport: Securing International Contacts

with Contactless Chips. Financial Cryptography and Data Security, 141-155.

Bela Gipp, J. B. (2007). ePassport: The World's New Electronic Passport. Retrieved 11 30,

2015, from epassport-book: http://www.epassport-book.com/download.php

Bolic, M., Simplot-Ryl, D., & Stojmenovic´, I. (2010). RFID systems: Reserach trends and

challenges. Chichester: John Wiley & Sons Ltd.

Vaudenay, R. C. (2007). The Extended Access Control for Machine Readable Travel. 11.

European Agency for the Management of Operational Cooperation at the External Borders of the

Member States of the European Union. (2011). Operational and Technical security of

Electronic Passports. Warsaw: http://frontex.europa.eu/.

Habibi, M. &. (2011, January 1). Practical Attacks on a RFID Authentication. Retrieved Dec 1,

2015, from airccse: http://airccse.org/journal/iju/papers/2111iju01.pdf

Hancke, G. P. (2011). Practical eavesdropping and skimming attacks on high-frequency RFID

tokens, 259-288 .

Hox, J. J., & Boeije, H. R. (2005). Data Collection, Primary vs. Secondary. In K. Kempf-

Leonard, Encyclopedia of Social Measurement (pp. 593-599). Elsevier, Inc.

Juels, A., Molnar, D., & Wagner, D. (2005). Security and Privacy Issues in E-passports.

SecureComm (pp. 74-88). IEEE.

Hesam Kolahan, T. T. (2011 , Dec 1). Biometric Passport: Security And Privacy Aspects Of

Machine Readable Travel Documents. Retrieved 11 30, 2015, from

https://diuf.unifr.ch/main/is/sites/diuf.unifr.ch.main.is/files/documents/student-

projects/eGov_2011_Hesam_Kolahan_&_Tejendra_Thapaliya.pdf

NARENDIRA KUMAR, B. S. (2012, Feb). Efficient Implementation of Electronic Passport

Scheme Using Cryptographic Security Along With Multiple Biometrics. Retrieved Oct 22,

2015, from mecs-press: http://www.mecs-press.org/ijieeb/ijieeb-v4-n1/IJIEEB-V4-N1-

3.pdf

Kumar, V. N., & Srinivasan, B. (2011). Design and implementation of e-passport scheme using

cryptographic algorithm along with multimodal biometrics technology. International

Journal of Advanced Information Technology, 33-42.

20 | P a g e

Lee, Y.-C. (2012). Two Ultralightweight Authentication Protocols for Low Cost RFID Tags.

Applied Mathematics & Information Sciences, 425-431.

Liu, Y., Kasper, T., Lemke-Rust, K., & Paar, C. (2007). E-Passport: Cracking Basic Access

Control Keyswith COPACOBANA. SHARC2007.

Pasupathinathan, V., Pieprzyk, J., & Wang, H. (2008). Security Analysis of Australian and E.U.

E-passport Implementation. Journal of Research and Practice in Information

Technology, 187-205.

Phan, R. C., Wu, J., Ouafi, K., & Stinson, D. R. (2011). Privacy Analysis of Forward and

Backward Untraceable RFID Authentication Schemes. Wireless Personal

Communication, 69-81.

Pieprzyk, J., Vijayakrishnan, P., & Wang, H. (2008). Formal Security Analysis of Australian E-

passport Implementation. Information Security, 75.

Rana, A., & Luigi, S. (2014). Implementation of security and privacy in ePassports and the

extended access control infrastructure. International Journal of Critical Infrastructure

Protection, 233-243.

Reid, D. (2006, December 15). ePassports 'at risk' from cloning. Retrieved from BBC:

http://news.bbc.co.uk/2/hi/programmes/click_online/6182207.stm

Richter, H., Mostowski, W., & Poll, E. (2008). Fingerprinting Passports. Spring Conferece on

security.

Sinha, A. (2011). A Survey of System Security in Contactless Electronic Passports. International

Journal of Critical Innfrastructure Protection, 154-164.

Sivasankari, N., & Kannan, M. (2014). Improving the Security of E-Passports with WDDL

Logic and Elliptic Curve Cryptography. International Journal of Technological

Exploration and Learning , 172-175.

van Deursen, T. (2011). 50 ways to break RFID privacy. Privacy and Identity Management for

Life, 1-14.