Title: An investigative analysis of the security weaknesses in the evolution of RFID enabled passport

Authors: Eyad Abdullah Bogari; Pavol Zavarsky; Dale Lindskog; Ron Ruhl

Addresses: Information Systems Security Management, Concordia University College of Alberta, 7128 Ada Boulevard, Edmonton, Alberta, T5B 4E4, Canada ' Faculty of Professional Education Department, Concordia University College of Alberta, 7128 Ada Boulevard, Edmonton, Alberta, T5B 4E4, Canada ' Faculty of Professional Education Department, Concordia University College of Alberta, 7128 Ada Boulevard, Edmonton, Alberta, T5B 4E4, Canada ' Faculty of Professional Education Department, Concordia University College of Alberta, 7128 Ada Boulevard, Edmonton, Alberta, T5B 4E4, Canada

Abstract: Since the introduction of radio frequency identification (RFID) enabled passports, the system has been plagued with various vulnerability issues that prove to compromise the e-passport security. To date, three generations of e-passports have been introduced by the International Civil Aviation Organization (ICAO) and the European Union (EU). The first two generations of e-passports are being issued worldwide. This paper presents the evolution of these passports over the years to develop taxonomy of the weaknesses and to serve as a reference point detailing security vulnerabilities linked to the RFID e-passport features in the three generations. The findings can also assist in profiling possible attack vectors on the existing RFID enabled passports and in developing comprehensive RFID e-passport risk mitigation strategies. To illustrate the importance of a comprehensive risk strategy when using RFID e-passport, the attack process modelling method is used to highlight the possible attacks and weaknesses which could result from not using one or more security features.

Keywords: radio frequency identification; RFID; e-passport security features; e-passport vulnerabilities; International Civil Aviation Organization; ICAO; PKI; security weaknesses; RFID enabled passports; electronic passports; risk mitigation; attack mitigation; attack process modelling.

DOI: 10.1504/IJITST.2012.054060

International Journal of Internet Technology and Secured Transactions, 2012 Vol.4 No.4, pp.290 - 311

Received: 11 Oct 2012
Accepted: 11 Oct 2012

Published online: 09 Aug 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article