EU e-passports use so-called Basic Access Control to prevent reading of the e-passport content without the owner's consent: to access the smartcard one must visually read some information printed in the passport. Subsequent communication between passport and reader is encrypted to prevent eavesdropping.
Weaknesses in this encryption mechanism have already been reported: for passports from several countries brute force attacks are feasible. Root cause of this problem is that passport serial numbers are handed out in sequence.
We report on a different issue: the possibility to detect e-passports and determine their nationality. This turns out to be surprisingly easy to do. Although e-passports all implement the same standard, there are differences that can be detected, especially by sending malformed requests.
While not an immediate security threat to the e-passport itself, it could be a concern to the passport holder: this functionality is clearly useful for passport thieves. It strengthens the case for metal shielding in the passport to prevent any communication with the RFID smartcard when the passport is closed. More generally, it is another example of problems associated with making communication wireless.
Henning Richter is a student at the Lausitz University of Applied Sciences,
Germany. The research for his Bachelor thesis, entitled "Communication
behaviour of the new electronic passports", which he carried out at the Radboud
University in the fall of 2007, forms the basis of this article.
Wojtek Mostowski and Erik Poll are researchers in the Digital Security group at the Radboud University, where they specialise in software verification and specification, in particular for Java, and smartcards. The work of Wojtek Mostowski is supported by the Sentinels research programme in computer security, financed by the Technology Foundation STW, the Netherlands Organisation for Scientific Research (NWO), and the Dutch Ministry of Economic Affairs.
