Security analysis of Australian and E.U. e-passport implementation

Pasupathinathan, Vijayakrishnan, Pieprzyk, Josef, & Wang, Huaxiong (2008) Security analysis of Australian and E.U. e-passport implementation. Journal of Research and Practice in Information Technology, 40(3), pp. 187-205.

View at publisher (open access)

Abstract

This paper makes a formal security analysis of the current Australian e-passport implementation using model checking tools CASPER/CSP/FDR. We highlight security issues in the current implementation and identify new threats when an e-passport system is integrated with an automated processing system like SmartGate. The paper also provides a security analysis of the European Union (EU) proposal for Extended Access Control (EAC) that is intended to provide improved security in protecting biometric information of the e-passport bearer.

The current e-passport specification fails to provide a list of adequate security goals that could be used for security evaluation. We fill this gap; we present a collection of security goals for evaluation of e-passport protocols. Our analysis confirms existing security weaknesses that were previously identified and shows that both the Australian e-passport implementation and the EU proposal fail to address many security and privacy aspects that are paramount in implementing a secure border control mechanism.

ACM Classification C.2.2 (Communication/Networking and Information Technology – Network Protocols – Model Checking), D.2.4 (Software Engineering – Software/Program Verification – Formal Methods), D.4.6 (Operating Systems – Security and Privacy Protection – Authentication)

Impact and interest:

4 citations in Scopus
Search Google Scholar™
2 citations in Web of Science®

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

ID Code: 70074
Item Type: Journal Article
Refereed: Yes
Additional URLs:
ISSN: 1443-458X
Divisions: Current > Schools > School of Electrical Engineering & Computer Science
Current > QUT Faculties and Divisions > Science & Engineering Faculty
Copyright Owner: Copyright 2008 Australian Computer Society Inc.
Deposited On: 10 Apr 2014 23:53
Last Modified: 23 Apr 2014 03:39

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page