Breaking Unlinkability of the ICAO 9303 Standard for e-Passports using Bisimilarity

HORNE, Ross James; MAUW, Sjouke; SMITH, Zachary Daniel

doi:10.1007/978-3-030-29959-0_28

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

Breaking Unlinkability of the ICAO 9303 Standard for e-Passports using Bisimilarity

HORNE, Ross James; MAUW, Sjouke; SMITH, Zachary Daniel et al.

2019 • In Breaking Unlinkability of the ICAO 9303 Standard for e-Passports using Bisimilarity

Peer reviewed

Permalink
https://hdl.handle.net/10993/41606

DOI
10.1007/978-3-030-29959-0_28

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

esorics-2019-unlinkability.pdf

Author postprint (254.91 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Security Protocols; e-passports; bisimilarity

Abstract :

[en] We clear up confusion surrounding privacy claims about the ICAO 9303 standard for e-passports. The ICAO 9303 standard includes a Basic Access Control (BAC) protocol that should protect the user from being traced from one session to another. While it is well known that there are attacks on BAC, allowing an attacker to link multiple uses of the same passport, due to differences in implementation; there still remains confusion about whether there is an attack on unlinkability directly on the BAC protocol as specified in the ICAO 9303 standard. This paper clarifies the nature of the debate, and sources of potential confusion. We demonstrate that the original privacy claims made are flawed, by uncovering attacks on a strong formulation of unlinkability. We explain why the use of the bisimilarity equivalence technique is essential for uncovering our attacks. We also clarify what assumptions lead to proofs of formulations of unlinkability using weaker notions of equivalence. Furthermore, we propose a fix for BAC within the scope of the standard, and prove that it is correct, again using a state-of-the-art approach to bisimilarity.

Disciplines :

Computer science

Author, co-author :

HORNE, Ross James ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

MAUW, Sjouke ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

SMITH, Zachary Daniel ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

Other collaborator :

Filimonov, Ihor; University of Luxembourg > Master's Student

External co-authors :

Language :

English

Title :

Breaking Unlinkability of the ICAO 9303 Standard for e-Passports using Bisimilarity

Publication date :

23 September 2019

Event name :

The European Symposium on Research in Computer Security

Event organizer :

University of Luxembourg

Event place :

Luxembourg, Luxembourg

Event date :

from 23-09-2019 to 27-09-2019

Audience :

International

Main work title :

Breaking Unlinkability of the ICAO 9303 Standard for e-Passports using Bisimilarity

Pages :

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Available on ORBilu :

since 15 January 2020

Statistics

Number of views

90 (6 by Unilu)

Number of downloads

223 (3 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

WoS citations^™