Enhancing the security of e-passports using a secure key management framework
Main Article Content
Abstract
E-passport or biometric passport is a hybrid document that combines paper format with electronic capabilities. They have been adopted by more than 45 countries to avoid counterfeiting of regular passports. MRTDs were introduced by the International Civil Aviation Organization (ICAO) in its Document 9303 which provides a set of rules and standards for e-passports. E-passports are based on the RFID technology, where the reader and the chip communicate through a wireless channel. Thus, an access control mechanism is necessary for privacy protection. In the early versions of e-passports, it was reported that various kind of security attacks was possible. BAC was proposed by ICAO and provides a mutual authentication and an encrypted communication channel between the IS and e-passport to prevent skimming and eavesdropping. In this paper, certain security weaknesses of e-passports have been discussed and their possible solutions are proposed. The Basic Access Control is also discussed in detail since it forms the basis for our proposed solution. Finally, we propose an alternative method for the generation and management of the initial access key (Kseed) which is input to the BAC algorithm.
Downloads
Download data is not yet available.
Article Details
Section
Articles
COPYRIGHT
Submission of a manuscript implies: that the work described has not been published before, that it is not under consideration for publication elsewhere; that if and when the manuscript is accepted for publication, the authors agree to automatic transfer of the copyright to the publisher.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work
- The journal allows the author(s) to retain publishing rights without restrictions.
- The journal allows the author(s) to hold the copyright without restrictions.