The recent introduction of electronic passports (e-Passports) motivates the need of a thorough investigation on potential security and privacy issues. In this paper, we focus on the e-Passport implementation adopted in Italy. Leveraging previous attacks to e-Passports adopted in other countries, we analyze (in)security of Italian e-Passports and we investigate additional critical issues. Our work makes several contributions. 1 We show that in some concrete scenarios, Italian e-Passports are prone to eavesdropping attacks, where one can unnoticeably obtain private data stored in the e-Passport using RF communication, while the passport is stored in a bag/pocket. Moreover, we show how to trace e-Passports by successfully linking two or more communication transcripts related to the same e-Passport. 1 We propose a set of open-source tools that build successful attacks to the security of Italian e-Passports. Among them, we provide a simulator that produces attacks without requiring physical passports and RFID equipment. 1 We show that the random number generator included in the RFID chips produces bits that are noticeably far from the uniform distribution, thus potentially exposing Italian e-Passports to several other attacks © 2010 Springer-Verlag Berlin Heidelberg.
CITATION STYLE
Auletta, V., Blundo, C., De Caro, A., De Cristofaro, E., Persiano, G., & Visconti, I. (2010). Increasing privacy threats in the cyberspace: The case of italian E-passports. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6054 LNCS, pp. 94–104). https://doi.org/10.1007/978-3-642-14992-4_9
Mendeley helps you to discover research relevant for your work.