Since 2004, many nations have started issuing "e-passports" containing an RFID tag that, when powered, broadcasts information. It is claimed that these passports are more secure and that our data will be protected from any possible unauthorised attempts to read it. In this paper we show that there is a flaw in one of the passport's protocols that makes it possible to trace the movements of a particular passport, without having to break the passport's cryptographic key. All an attacker has to do is to record one session between the passport and a legitimate reader, then by replaying a particular message, the attacker can distinguish that passport from any other. We have implemented our attack and tested it successfully against passports issued by a range of nations. © 2010 Springer-Verlag Berlin Heidelberg.
CITATION STYLE
Chothia, T., & Smirnov, V. (2010). A traceability attack against e-passports. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6052 LNCS, pp. 20–34). https://doi.org/10.1007/978-3-642-14577-3_5
Mendeley helps you to discover research relevant for your work.