Fingerprinting Passports

Passports issued nowadays have an embedded RFID chip that carries digitally signed biometric information. Access to this chip is wireless, which introduces a security risk, in that an attacker could access a person’s passport without the owner knowing. While there are measures in place to prevent unauthorised access to the data in the passport, we show that it is easy to remotely detect the presence of a passport and determine its nationality. Although all passports implement the same international standard, experiments with passports from ten different countries show that characteristics of each implementation provide a fingerprint that is unique to passports of a particular country.

[1]  John Viega,et al.  19 Deadly Sins of Software Security , 2005 .

[2]  Avishai Wool,et al.  Picking Virtual Pockets using Relay Attacks on Contactless Smartcard , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[3]  Bart Jacobs,et al.  Crossing Borders: Security and Privacy Issues of the European e-Passport , 2006, IWSEC.

[4]  Gerhard P. Hancke Practical attacks on proximity identification systems , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[5]  Avishai Wool,et al.  How to Build a Low-Cost, Extended-Range RFID Skimmer , 2006, USENIX Security Symposium.

[6]  Jean-Jacques Quisquater,et al.  ePassport: Securing International Contacts with Contactless Chips , 2008, Financial Cryptography.