TY - GEN
T1 - Breaking unlinkability of the ICAO 9303 standard for e-passports using bisimilarity
AU - Filimonov, Ihor
AU - Horne, Ross
AU - Mauw, Sjouke
AU - Smith, Zach
N1 - Publisher Copyright: © 2019, Springer Nature Switzerland AG.
Filimonov, I., Horne, R., Mauw, S., Smith, Z. (2019). Breaking Unlinkability of the ICAO 9303 Standard for e-Passports Using Bisimilarity. In: Sako, K., Schneider, S., Ryan, P. (eds) Computer Security – ESORICS 2019. ESORICS 2019. Lecture Notes in Computer Science(), vol 11735. Springer, Cham. https://doi.org/10.1007/978-3-030-29959-0_28
PY - 2019/9/15
Y1 - 2019/9/15
N2 - We clear up confusion surrounding privacy claims about the ICAO 9303 standard for e-passports. The ICAO 9303 standard includes a Basic Access Control (BAC) protocol that should protect the user from being traced from one session to another. While it is well known that there are attacks on BAC, allowing an attacker to link multiple uses of the same passport, due to differences in implementation; there still remains confusion about whether there is an attack on unlinkability directly on the BAC protocol as specified in the ICAO 9303 standard. This paper clarifies the nature of the debate, and sources of potential confusion. We demonstrate that the original privacy claims made are flawed, by uncovering attacks on a strong formulation of unlinkability. We explain why the use of the bisimilarity equivalence technique is essential for uncovering our attacks. We also clarify what assumptions lead to proofs of formulations of unlinkability using weaker notions of equivalence. Furthermore, we propose a fix for BAC within the scope of the standard, and prove that it is correct, again using a state-of-the-art approach to bisimilarity.
AB - We clear up confusion surrounding privacy claims about the ICAO 9303 standard for e-passports. The ICAO 9303 standard includes a Basic Access Control (BAC) protocol that should protect the user from being traced from one session to another. While it is well known that there are attacks on BAC, allowing an attacker to link multiple uses of the same passport, due to differences in implementation; there still remains confusion about whether there is an attack on unlinkability directly on the BAC protocol as specified in the ICAO 9303 standard. This paper clarifies the nature of the debate, and sources of potential confusion. We demonstrate that the original privacy claims made are flawed, by uncovering attacks on a strong formulation of unlinkability. We explain why the use of the bisimilarity equivalence technique is essential for uncovering our attacks. We also clarify what assumptions lead to proofs of formulations of unlinkability using weaker notions of equivalence. Furthermore, we propose a fix for BAC within the scope of the standard, and prove that it is correct, again using a state-of-the-art approach to bisimilarity.
KW - ICAO 9303 Standard
KW - e-passports
KW - privacy
KW - bisimilarity
KW - Basic Access Control (BAC) protocol
KW - bisimilarity equivalence technique
KW - machine readable travel documents
KW - security
KW - security breaches
UR - http://www.scopus.com/inward/record.url?scp=85075603788&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-29959-0_28
DO - 10.1007/978-3-030-29959-0_28
M3 - Conference contribution book
AN - SCOPUS:85075603788
SN - 9783030299583
VL - 11735
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 577
EP - 594
BT - Computer Security – ESORICS 2019 - 24th European Symposium on Research in Computer Security, Proceedings
A2 - Sako, Kazue
A2 - Schneider, Steve
A2 - Ryan, Peter Y.A.
PB - Springer
CY - Cham
T2 - 24th European Symposium on Research in Computer Security, ESORICS 2019
Y2 - 23 September 2019 through 27 September 2019
ER -