Secure E-Passport Access Methods
MetadataShow full item record
The main goal of upgrading passports to an electronic version is making it hard for criminals or anybody to counterfeit or illegally duplicate them. A practical way of doing so is through the use of digital signatures because it is computationally hard to counterfeit them. So all the contents of e-passports are now digitally signed by the Document Signer of the issuing country. The e-passport has thus achieved its central objective however it suffers from several security and privacy issues. Many of these issues are due to the technology being used in it. For example, use of RFID provides platform for skimming, tracking and hotlisting etc. Similarly, possibility of eavesdropping in the communication is always there. The current protocols used by the e-passports have also not been designed with adequate security. The standard put forward by International Civil Aviation Organization (ICAO), the body responsible for standardizing protocols related to e-passports, suffers from several security issues. Many of these issues threaten the privacy of the e-passport owner. An improved version of it, as proposed by European Union (EU) is known as Enhanced Access Control (EAC). But it also suffers from some inaccuracies. So it very important to analyze these issues and put forward a better solution. This thesis analyzes the security and privacy issues in these protocols. It highlights several weaknesses in the ICAO s protocol and EAC. It then proposes a more secure and better protocol, named Secure Electronic Passport Access Protocol (SEPAP). SEPAP makes the terminal authentication more accurate and the design of the protocol itself mandates terminal to be authenticated before the e-passport chip. So, it is more dependable then EAC or other e-passport protocols. In addition to informal analyses, the thesis also performs formal verification of this proposed protocol. Formal verification has been done with ProVerif and Scyther. It is equally important to see if the primitives necessary for the protocol can be practically implemented. So the thesis also provides a sample implementation of the protocol. Finally, the thesis attempts to see if e-passports can be used in other areas as well, besides border control. As a case study, the thesis performs this analysis on electronic voting and puts forward some recommendations on how e-passports, following different e-passport protocols, may be used with different e-voting schemes.