A Traceability Attack Against e-Passports

Download Now Date Added: Mar 2010
Format: PDF

Since 2004, many nations have started issuing "e-passports" containing an RFID tag that, when powered, broadcasts information. It is claimed that these passports are more secure and that the authors' data will be protected from any possible unauthorised attempts to read it. In this paper, the authors show that there is a flaw in one of the passport's protocols that makes it possible to trace the movements of a particular passport, without having to break the passport's cryptographic key. All an attacker has to do is to record one session between the passport and a legitimate reader, and then by replaying a particular message, the attacker can distinguish that passport from any other.