Breaking unlinkability of the ICAO 9303 standard for e-passports using bisimilarity

Ihor Filimonov, Ross Horne, Sjouke Mauw, Zach Smith

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

13 Citations (Scopus)


We clear up confusion surrounding privacy claims about the ICAO 9303 standard for e-passports. The ICAO 9303 standard includes a Basic Access Control (BAC) protocol that should protect the user from being traced from one session to another. While it is well known that there are attacks on BAC, allowing an attacker to link multiple uses of the same passport, due to differences in implementation; there still remains confusion about whether there is an attack on unlinkability directly on the BAC protocol as specified in the ICAO 9303 standard. This paper clarifies the nature of the debate, and sources of potential confusion. We demonstrate that the original privacy claims made are flawed, by uncovering attacks on a strong formulation of unlinkability. We explain why the use of the bisimilarity equivalence technique is essential for uncovering our attacks. We also clarify what assumptions lead to proofs of formulations of unlinkability using weaker notions of equivalence. Furthermore, we propose a fix for BAC within the scope of the standard, and prove that it is correct, again using a state-of-the-art approach to bisimilarity.

Original languageEnglish
Title of host publicationComputer Security – ESORICS 2019 - 24th European Symposium on Research in Computer Security, Proceedings
EditorsKazue Sako, Steve Schneider, Peter Y.A. Ryan
Place of PublicationCham
Number of pages18
ISBN (Electronic)9783030299590
ISBN (Print)9783030299583
Publication statusPublished - 15 Sept 2019
Event24th European Symposium on Research in Computer Security, ESORICS 2019 - Luxembourg, Luxembourg
Duration: 23 Sept 201927 Sept 2019

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11735 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference24th European Symposium on Research in Computer Security, ESORICS 2019


  • ICAO 9303 Standard
  • e-passports
  • privacy
  • bisimilarity
  • Basic Access Control (BAC) protocol
  • bisimilarity equivalence technique
  • machine readable travel documents
  • security
  • security breaches


Dive into the research topics of 'Breaking unlinkability of the ICAO 9303 standard for e-passports using bisimilarity'. Together they form a unique fingerprint.

Cite this