Enhancing the security of e-passports using a secure key management framework

Sadaf Abidin


E-passport or biometric passport is a hybrid document that combines paper format with electronic capabilities. They have been adopted by more than 45 countries to avoid counterfeiting of regular passports. MRTDs were introduced by the International Civil Aviation Organization (ICAO) in its Document 9303 which provides a set of rules and standards for e-passports. E-passports are based on the RFID technology, where the reader and the chip communicate through a wireless channel. Thus, an access control mechanism is necessary for privacy protection. In the early versions of e-passports, it was reported that various kind of security attacks was possible. BAC was proposed by ICAO and provides a mutual authentication and an encrypted communication channel between the IS and e-passport to prevent skimming and eavesdropping. In this paper, certain security weaknesses of e-passports have been discussed and their possible solutions are proposed. The Basic Access Control is also discussed in detail since it forms the basis for our proposed solution. Finally, we propose an alternative method for the generation and management of the initial access key (Kseed) which is input to the BAC algorithm.


MRTDs, BAC, ICAO, Extended Access Control (EAC), Supplemental Access Control (SAC).

Full Text:


DOI: https://doi.org/10.26483/ijarcs.v8i5.3390


  • There are currently no refbacks.

Copyright (c) 2017 International Journal of Advanced Research in Computer Science