phase3 full paper
TRANSCRIPT
CIS 4103Research Methods for Emerging Technologies
Phase 3
Privacy and security issues in RFID system; used in E-passport
Due Date: 9 Dec 2015
Instructor: Dr. Muawya Al Dalaien
Submitted by:
Khulood Salem H00224609
Fatima Younus H00224806
Hessa Issa H00234441
Sumaya Mohammad H00227566
1 | P a g e
Important - Academic Honesty
No part of this assignment has been copied from another source, (not from another group or student, an internet source or a book)
When another person’s words are used, this is shown in the text with “…” and referenced.
No part of this assignment has been written for me by any other person.
I have a copy of this assignment that I can produce if the first copy is lost or damaged.
The marker may choose not to mark this assignment if the above declaration is not signed.
If the declaration is found to be false, appropriate action will be taken. Plagiarism is copying and handing in someone’s work as your own
Any student found guilty of this type of cheating will be dismissed from the college.
Your grade on this assessment will be part of your final course mark.
The penalty for cheating is dismissal from the HCT
I have read and understood the above instructions and confirm that all of the material contained
in this assessed task is my own work and/or is appropriately sourced.
Student signature: _______________________________ Date: 08-12-2015
Student signature: _______________________________ Date: 08-12-2015
Student signature: _______________________________ Date: 08-12-2015
Student signature: _______________________________ Date: 08-12-2015
2 | P a g e
Contents
Abstract ........................................................................................................................................... 3
Key words ....................................................................................................................................... 3
1.0 Introduction ............................................................................................................................... 4
2.0 Research Questions ................................................................................................................... 5
2.1 RQ 1 ...................................................................................................................................... 5
2.2 RQ 2 ...................................................................................................................................... 6
3.0 Literature Review...................................................................................................................... 6
3.1 Skimming .............................................................................................................................. 6
3.1.1 Standardization ............................................................................................................... 6
3.1.2 Basic Access Control (BAC) .......................................................................................... 7
3.2 Biometric Data ...................................................................................................................... 7
3.2.1 Automation through Biometrics ..................................................................................... 7
3.2.2 Data Protection ............................................................................................................... 8
3.2.3 Restoring Privacy ........................................................................................................... 8
3.3 Partial Solution to cloning and counterfeiting....................................................................... 9
3.3.1 Passive Authentication ................................................................................................... 9
3.3.2 Active Authentication ..................................................................................................... 9
4.0 Summary ................................................................................................................................. 10
5.0 Method .................................................................................................................................... 10
6.0 Results ..................................................................................................................................... 12
6.1 Threats ................................................................................................................................. 12
6.2 Measures.............................................................................................................................. 13
7.0 Discussion ............................................................................................................................... 14
7.1 RQ 1 .................................................................................................................................... 14
7.2 RQ 2 .................................................................................................................................... 16
8.0 Conceptual Model ................................................................................................................... 17
9.0 Conclusion .............................................................................................................................. 18
10.0 References ............................................................................................................................. 19
3 | P a g e
Abstract
This research points out at the major threats related to e-passports and provides a
practical and an ideal solution for those problems. Therefore, primarily this research has been
focused on the security threats of e-passport and its solutions. Since the relevant information
pertaining to his research is available in the previous research, the secondary research method
was utilized to find the solution of the security and privacy problems.
The research shows that with the help of proper utilization of relevant authentication
keys, the problem of the security is solved to a large extent. The research also shows that there is
a need to enhance the entropy of Basic Access Control keys.
Key words
E-passport, Security, Privacy, Skimming, Biometric, Cloning, Counterfeiting,
Basic Access Control, and Enhanced Access Control.
4 | P a g e
1.0 Introduction
The e-passport utilizes an RFID card, which is scanned by relevant authorities to
retrieve the required information. Now, RFID is a relatively older technology, however
its utilization for the practical purposes has been fairly recent (Bolic, Simplot-Ryl, &
Stojmenovic´, 2010). The main reason for the introduction of this system was the
enhancement of security.
The primary feature of an RFID card is that it can be scanned wirelessly,
however, this feature has a high probability of getting attacked. In fact, due to this
feature, various researchers have claimed that the security via RDIF card is an
impossibility (van Deursen, 2011). There are two main types of attack that are possible
on the RFID card, namely, skimming and eavesdropping. In skimming the attacker
retrieves the information without the permission of the permission of the user, while in
eavesdropping the attacker takes the information during the time when the real
authentication process is undertaken (Hancke, 2011).
The attacker can also use other vulnerable areas to e-passport technology to carry
an attack. In these attacks, multiple types of information is compromised, namely,
availability, confidentiality, authorization, verification, consent, authentication,
verification, and integrity (Sinha, 2011).
In order to deal enhance the security of e-passports, the additional feature of
biometric data was added. However, the biometric data prove to be unfruitful, if the poor
quality of data has been uploaded (European Agency for the Management of Operational
5 | P a g e
Cooperation at the External Borders of the Member States of the European Union, 2011).
Additionally, it is also prone to all the above mentioned threats (Kolahan & Thapaliya,
2011). The biometric data is highly personal data and when it is stored in passports, it is
at a high risk of getting leaked either through some intruder or through some other
medium. Due to this reason, the idea of it is not very popular among masses (Beel, Gipp,
& Rössling, 2007).
In order to protect data, multiple security protocols have been developed and
suggested by researchers, overall these authentication protocols does not guarantee safety
in all security aspects. For example, one research suggested a protocol that provided
unclonable authentication, however, it was soon proved that the provided suggestion did
not solve the problem of information leakage (Habibi, Gardeshi, & Alaghband, 2011).
2.0 Research Questions
The following research questions need to be mentioned to have a complete idea about the
topic clearly:
2.1 RQ 1
What type of attacks that will expose the security and privacy of E-passport?
The new technology of e-passport was introduced to enhance the border security.
The idea was revolutionary was accepted immediately in all the technologically advanced
6 | P a g e
countries of the world. However, later researches pointed out that there were various gaps
present in the system, which can be used by the attackers to infiltrate the privacy and
security of the individual and the country. Therefore, before addressing any issues
relating to the e-passport technology, this issue needs to be addressed. Therefore, the
research first seeks to find the major and privacy and security threats related to e-
passports.
2.2 RQ 2
How to counter measure this attack?
The threats presented by the researchers and also from various attacks on the
individuals’ passports prompted the authorities to take measures in securing the e-
passport. As a result of this, a wide variety of research and experiments have been done
on the issue of e-passport. Due to this reason, this research focused on the secondary
research method to find out the counter measure for the attacks.
3.0 Literature Review
3.1 Skimming
Now, in order to stop skimming, certain protective mechanisms, such as Faraday
cage have been provided.
3.1.1 Standardization
7 | P a g e
Other than utilizing the method of Faraday cage, the following step has been
suggested to tackle the problem of skimming. This problem can be sorted by making a
standardized guidelines. The International Civil Aviation Organization (ICAO) has issued
specifications for a set of commands, however, for the commands that are not included in
the ICAO guidelines, the countries are free to implement their own responses. This has
created diversity in the implementation. Now, if ICAO includes specifications for all the
required responses, the probability of the mentioned problem would reduce to a large
extent (Richter, Mostowski, & Poll, 2008).
3.1.2 Basic Access Control (BAC)
BAC protocol is helpful in providing an encrypted flow of data between the
reader and the chip. In the e-passports utilizing this system, the undertaking of this
protocol becomes mandatory before the data transfer occurs (Liu, Kasper, Lemke-Rust, &
Paar, 2007). The e-passport and the reading machine both carries a particular key. During
the process of initiation, if the both the keys matches then further process is continued.
As a result of this, the e-passport holder has no security risk of skimming
(Pasupathinathan, Pieprzyk, & Wang, 2008).
3.2 Biometric Data
3.2.1 Automation through Biometrics
The combination of RFID and biometrics have opened many directions and are
effectively changing the functioning of the airports. For example, with the help of these
information, machine readable travel documents can be created. This system can be
8 | P a g e
created with file systems with directories which are called dedicated files and data
groups. The data of the directory can be read with the help of optics (Rana & Luigi,
2014). These changes are already visible in the airports of the airports of Malaysia,
however they have introduced new forms of threats. For instance, increasing reliance on
automation can make it convening for various people to steal somebody else’s identity
and eventually present a security threat (Juels, Molnar, & Wagner, 2005).
3.2.2 Data Protection
To protect the biometric data, multiple researches have been done and steps taken.
The Extended Access Control (EAC) was primarily introduced to work upon
supplemental access control and basic access control. This was done to ensure the control
over the secondary biometric data (Chaabouni & Vaudenay, 2010). EAC 1 was
introduced to enhance protection for data groups that were not mandatory, such as,
fingerprint. The EAC 1 added various features like, secure messaging, terminal
authentication protocol, and security against cloning (Chaabouni & Vaudenay, 2010).
The system was further updated and was termed as EAC 2. This update eliminated the
weakness of unreliable clock that occurred due to terminal authentication.
3.2.3 Restoring Privacy
In spite of people’s skepticisms, steps must be taken to provide biometric data
security in e-passports. Now, a completely different approach for the security of this
information can be taken. The authorities can issue a unique validation code for each user
in a printed form. This code is to be obtained only upon validation. Now, if such a system
9 | P a g e
is established then the attacker don’t have any way left than to steal the passport
physically (Kumar, Srinivasan, & Narendran, 2012).
3.3 Partial Solution to cloning and counterfeiting
3.3.1 Passive Authentication
One of the basic method for the authentication of the RFID chip is passive
authentication. The primary function of this authentication process is the authentication
of the data transfer between the chip and the reader. Once the passive authentication is
done, the reader will be able to get all the necessary information, such as, iris, fingerprint,
photograph, and so on from the chip (Kumar & Srinivasan, 2011). This final
authentication is done with the already stored hashed value in the reader’s system. With
the utilization of this method, the reader will be able to find whether the revived data is
correct or not.
3.3.2 Active Authentication
One other method that is applied for authentication is called active authentication.
The active authentication method is primarily designed to check whether the chip of the
e-passport is the original one or has been replaced. The authentication in this method is
carried with the help of exclusive cryptographic key pair, namely, KPuAA, and KPrAA.
Here, KPuAA is the active authentication public key. This key is stored at the 15 Data
Group (DG 15). The final verification is done through cross-referencing the user’s key
(Sinha, 2011). In brief, first of all a request is sent to DG 15, which in turn verifies the
signature. The terminal then sends the authentication data to the passport, and in the final
stage, both the passport and terminal compute the data. But, this method provides security
10 | P a g e
only in certain areas of the first generation passports. This is primarily because the first
generation e-passports do not possess sensitive biometric data.
4.0 Summary
Therefore, from the above literature review, it can be seen that multiple system
like biometric system have evolved. However, these systems presented new difficulties,
and to tackle which, other data protection systems were developed. The literature also
shows the means through which threats like skimming, cloning, etc. could be dealt with.
Finally, it shows the authentication processes that have been developed to deal with the
privacy and security threats and it also presents various low-cost security alternatives.
5.0 Method
A proper selection of methodology is crucial for any research work. In most of the cases,
the methodology is adopted by considering the research aim. For this research, the
method of secondary research has been considered. This particular method was selected
as it best suited the research aim. A considerable amount of researches have been
conducted on various security and privacy aspects of e-passport. This research utilizes the
previous research to find a solution to the privacy and security of major aspects of e-
passport.
11 | P a g e
Due to this reason, the method of secondary research has been adopted for the research.
The research also provides a conceptual model of the security system that should be
utilized to enhance the present security system of the e-passports. The focus of the
presented of the presented information will be inclined towards the descriptive aspect.
Most of the presented inferred descriptive data has been collected from the previous
literature.
There are primarily three problems, or rather considerations, associated with the
secondary research. The first problem is that the researcher has to locate truly relevant
data that are useful for the undertaken research. The second problem is that the researcher
should be able to retrieve all the important and necessary data from the selected literature.
Finally, the collected data must be evaluated with reference to the undertaken research
(Hox & Boeije, 2005).
All the data that has been collected in this research deals with the problem of privacy and
security issues in e-passport. Extreme care has been taken while selecting the previous
researches. All the data that has been utilized have already been published in well-
recognized journals, and most of them, have been cited in other research works. The
previous research that has been cited in the literature review and the research section of
this work contained a wide variety of issues related to the privacy and security of e-
passport, however, to make this research flow in a productive dimension, only the most
prominent issues related to the security and privacy has been considered. The literature
review of this work has also been divided as per the selected major issues, namely,
skimming, biometric data protection, and protection against cloning and counterfeiting.
Finally, the problem has been analyzed by taking the different perspectives and solutions,
12 | P a g e
eventually, the collected data has been synthesized to generate a system that is highly
efficient in providing privacy and security in the all the mentioned domains.
6.0 Results
6.1 Threats
What types of attacks will expose the security and privacy of e-passports?
Let us first focus our attention on one of the major security issue facing the e-
passports, i.e. skimming. In brief, skimming is the type of attack in which the query is
made on the e-passport without the permission of the user (Avoine, Kalach, &
Quisquater, 2008).
As a protective measure against skimming, the ICAO has suggested guidelines
that requires the utilization of digital signature in e-passports. Also, ICAO has suggested
a specific UID that is utilized for link-layer collision. However, this guideline is not
sufficient for the protection of the e-passport, as the UID value provided to each passport
remains constant (Juels, Molnar, & Wagner, 2005). The attacker can benefit from this
constant value and attack the passport conveniently. The other method that has been
suggested to protect the data is using the Basic Access Control (BAC) keys. The problem
that this method faces is that the entropy of the BAC keys is very low. Additionally, there
are multiple countries that have not adopted the BAC key system in their e-passport
ubiquitously. Such pattern can be seen in the countries, such as, Belgium (Avoine,
Kalach, & Quisquater, 2008).
13 | P a g e
The introduction of the biometric data has presented multiple security threats.
Before, the introduction of the biometric data has enhanced the security of the border
control, but has depleted the personal security and privacy. Therefore, if the attack
happens on the biometric passport then all that biometric data of that person will reach to
the attacker (Pieprzyk, Vijayakrishnan, & Wang, 2008). This problems gets enhanced
because, various private and government organizations have started utilizing biometric
data for their internal security purposes (Juels, Molnar, & Wagner, 2005). Therefore, the
attacker who has gained access to the biometric data can be able to intrude in the
organization.
The security and privacy issue of cloning and counterfeiting is foundational as it
has its roots in the manipulation of RFID chip. In one of the investigative report, it was
said observed that the data from the e-passports can be retrieved very easily with the
instruments easily available online (Reid, 2006). After the retrieval the data can be easily
cloned. Also, the previously mentioned threats of biometric data is also applicable in this
threat (Pieprzyk, Vijayakrishnan, & Wang, 2008).
6.2 Measures
How to counter measure this attack?
The skimming can be prevented to a large extent by implementing BAC keys.
With the help of the BAC keys, the data on the e-passport will be only be accessed by the
verified control agencies. This is because in the BAC keys, the cryptographic keys,
namely, Kenc and Kmac are used (Juels, Molnar, & Wagner, 2005). With the inclusion of
these keys, it becomes very difficult for the attacker to access the private information of
14 | P a g e
the e-passport. The method of active authentication method discussed in the literature
review can also be utilized to take measure against skimming. However, due to the
aforementioned problem of low entropy, the security measures remain far from complete.
This however can be changed by increasing the value of entropy in the BAC keys.
This same measure of increasing the entropy can help in protecting the e-passport
against the cloning and eavesdropping. Before, the application of this measure, the
pervasiveness of the BAC keys system has to be increased. Therefore, all the countries
utilizing e-passports must take steps in this direction.
Now, in the e-passports that contains multiple sensitive information, such as,
finger prints, iris data, and so on, enhanced security measures are required. Many e-
passports nominally sensitive data, such as, photograph and other personal details, which
can also be accessed through other mediums. Therefore, for such e-passports, the BAC
keys will suffice the security requirement. On the other hand, additional layer of security
is required for the passports containing biometric data. This requirement can be fulfilled
with the application of Extended Access Control Keys (EAC) (Chaabouni & Vaudenay,
2010).Therefore, these are the primary measures that should be taken in order to secure
the information of e-passport.
7.0 Discussion
In this section the discussion on the findings of both the research questions will be done.
7.1 RQ 1
15 | P a g e
The presence of the sensitive information and the ease with which it can be taken
away has posed many eminent question concerning the continued utilization of this
technology of e-passport. This issue has its implication on multiple domains, such as,
social, technical, ethical, and economic. The social issue that emerges duet to the
considered threat is that with the help of counterfeiting and skimming, the attackers can
illegally enter into foreign lands and may do some illegal activities. This may disrupt the
social order and peace of that country, and if appropriate measures are not taken then the
problem might start expanding on a global scale.
Science and technology are ever evolving subjects, and therefore, it is not wrong
to use the current technology, however, a global effort and coordination must be made to
utilize the present technology in the most effective manner and also to take steps; spend
resources in the further enhancement of the technology.
The ethical question that is raised from this threat is that whether the authorities
are right in perpetuating the use of this technology in spite of being well aware of the
privacy threats. The answer lies in the previous solution, and that is that effective
utilization of the technology must be made, and the authorities must make it sure that the
private data of their citizens are not at stake.
The increased use of biometric data in securing the organizational and personal
data has raised economic concerns. The attacker who has attacked the e-passport and
gained the biometric data can steal the precious data or assets of that person and the
organization from which s/he belongs.
16 | P a g e
7.2 RQ 2
The results of the research shows that it is possible to fight the eminent threats of
skimming, counterfeiting, cloning, and the loss of biometric data. The results shows that
the mentioned threats can be eliminated by utilizing better authentication systems. The e-
passports utilized all over the world belong to different generations of technology.
Therefore, the research points that for nominally sensitive data, the utilization of the BAC
keys should be done and for highly sensitive data, the utilization of EAC keys must be
done. Additionally, it suggest that the entropy of the BAC keys must be enhanced to
further secure the sensitive data.
The solution also has various implications on all the previously discussed
domains. The civil society have to get actively involved in the process of securing the e-
passport. This active participation must be done with the coordination of the government.
The mentioned coordination becomes necessary, if the technology utilized in the e-
passport has to be made universal. The universality of the technology is essential to
enhance the security measures.
The technical domain is the most important aspect in maintaining and enhancing
the security of e-passports. Without this domain, it is impossible to achieve security of
the e-passports. However, care must be taken regarding economic aspect, i.e. the funding
of this domain. As already mentioned, the technological department must be funded
appropriately to assist its continuous evolution.
If the suggested measures are applied, the security system becomes highly
efficient. Therefore, the ethical question is diverted towards the authorities. Since the
17 | P a g e
authorities will have all the sensitive data of the citizens, it becomes their responsibility
further protect it and not misuse it.
8.0 Conceptual Model
18 | P a g e
9.0 Conclusion
On the basis of the aforementioned research it can be said that the enhancing the
security of e-passport is quite possible. The primary requirement for this is utilizing
effective authentication scheme, and slightly modifying the existing technology. That is
to say, enhancing the entropy of the of BAC keys. Two authentication keys have been
mentioned in the research for the different types of e-passport. However, they both can be
used interchangeably. In the ideal case, all the e-passport must inculcate the most
advanced technology of the time. This measure in the present times is not feasible,
however, with global coordination it can be done.
Therefore, the research provided both a practical and an ideal solution for
enhancing the security of e-passport. Considering the size of the research, only the major
threats pertaining e-passports were considered. Therefore, the limitation of this study was
the lack of the considerations of all the threats.
Finally, this work paves the way for further research in which all the aspects of
the threats are considered and consequently a design is created which addresses all or
almost all the threats pertaining e-passports.
19 | P a g e
10.0 References Avoine, G., Kalach, K., & Quisquater, J.-J. (2008). ePassport: Securing International Contacts
with Contactless Chips. Financial Cryptography and Data Security, 141-155.
Bela Gipp, J. B. (2007). ePassport: The World's New Electronic Passport. Retrieved 11 30,
2015, from epassport-book: http://www.epassport-book.com/download.php
Bolic, M., Simplot-Ryl, D., & Stojmenovic´, I. (2010). RFID systems: Reserach trends and
challenges. Chichester: John Wiley & Sons Ltd.
Vaudenay, R. C. (2007). The Extended Access Control for Machine Readable Travel. 11.
European Agency for the Management of Operational Cooperation at the External Borders of the
Member States of the European Union. (2011). Operational and Technical security of
Electronic Passports. Warsaw: http://frontex.europa.eu/.
Habibi, M. &. (2011, January 1). Practical Attacks on a RFID Authentication. Retrieved Dec 1,
2015, from airccse: http://airccse.org/journal/iju/papers/2111iju01.pdf
Hancke, G. P. (2011). Practical eavesdropping and skimming attacks on high-frequency RFID
tokens, 259-288 .
Hox, J. J., & Boeije, H. R. (2005). Data Collection, Primary vs. Secondary. In K. Kempf-
Leonard, Encyclopedia of Social Measurement (pp. 593-599). Elsevier, Inc.
Juels, A., Molnar, D., & Wagner, D. (2005). Security and Privacy Issues in E-passports.
SecureComm (pp. 74-88). IEEE.
Hesam Kolahan, T. T. (2011 , Dec 1). Biometric Passport: Security And Privacy Aspects Of
Machine Readable Travel Documents. Retrieved 11 30, 2015, from
https://diuf.unifr.ch/main/is/sites/diuf.unifr.ch.main.is/files/documents/student-
projects/eGov_2011_Hesam_Kolahan_&_Tejendra_Thapaliya.pdf
NARENDIRA KUMAR, B. S. (2012, Feb). Efficient Implementation of Electronic Passport
Scheme Using Cryptographic Security Along With Multiple Biometrics. Retrieved Oct 22,
2015, from mecs-press: http://www.mecs-press.org/ijieeb/ijieeb-v4-n1/IJIEEB-V4-N1-
3.pdf
Kumar, V. N., & Srinivasan, B. (2011). Design and implementation of e-passport scheme using
cryptographic algorithm along with multimodal biometrics technology. International
Journal of Advanced Information Technology, 33-42.
20 | P a g e
Lee, Y.-C. (2012). Two Ultralightweight Authentication Protocols for Low Cost RFID Tags.
Applied Mathematics & Information Sciences, 425-431.
Liu, Y., Kasper, T., Lemke-Rust, K., & Paar, C. (2007). E-Passport: Cracking Basic Access
Control Keyswith COPACOBANA. SHARC2007.
Pasupathinathan, V., Pieprzyk, J., & Wang, H. (2008). Security Analysis of Australian and E.U.
E-passport Implementation. Journal of Research and Practice in Information
Technology, 187-205.
Phan, R. C., Wu, J., Ouafi, K., & Stinson, D. R. (2011). Privacy Analysis of Forward and
Backward Untraceable RFID Authentication Schemes. Wireless Personal
Communication, 69-81.
Pieprzyk, J., Vijayakrishnan, P., & Wang, H. (2008). Formal Security Analysis of Australian E-
passport Implementation. Information Security, 75.
Rana, A., & Luigi, S. (2014). Implementation of security and privacy in ePassports and the
extended access control infrastructure. International Journal of Critical Infrastructure
Protection, 233-243.
Reid, D. (2006, December 15). ePassports 'at risk' from cloning. Retrieved from BBC:
http://news.bbc.co.uk/2/hi/programmes/click_online/6182207.stm
Richter, H., Mostowski, W., & Poll, E. (2008). Fingerprinting Passports. Spring Conferece on
security.
Sinha, A. (2011). A Survey of System Security in Contactless Electronic Passports. International
Journal of Critical Innfrastructure Protection, 154-164.
Sivasankari, N., & Kannan, M. (2014). Improving the Security of E-Passports with WDDL
Logic and Elliptic Curve Cryptography. International Journal of Technological
Exploration and Learning , 172-175.
van Deursen, T. (2011). 50 ways to break RFID privacy. Privacy and Identity Management for
Life, 1-14.