A Traceability Attack against e-Passports

11 years 12 months ago
A Traceability Attack against e-Passports
Since 2004, many nations have started issuing “e-passports” containing an RFID tag that, when powered, broadcasts information. It is claimed that these passports are more secure and that our data will be protected from any possible unauthorised attempts to read it. In this paper we show that there is a flaw in one of the passport’s protocols that makes it possible to trace the movements of a particular passport, without having to break the passport’s cryptographic key. All an attacker has to do is to record one session between the passport and a legitimate reader, then by replaying a particular message, the attacker can distinguish that passport from any other. We have implemented our attack and tested it successfully against passports issued by a range of nations.
Tom Chothia, Vitaliy Smirnov
Added 15 Aug 2010
Updated 15 Aug 2010
Type Conference
Year 2010
Where FC
Authors Tom Chothia, Vitaliy Smirnov
Comments (0)