An On-Line Secure E-Passport Protocol

Pasupathinathan, Vijayakrishnan; Pieprzyk, Josef; Wang, Huaxiong

doi:10.1007/978-3-540-79104-1_2

Cited by 12 publications

(7 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The OSEP protocol drops the access control flexibility of EAC and a terminal sends private information from the eMRTD to the country's embassy. In contrast to Pasupathinathan et al [28] we think that both facts raise privacy concerns: a terminal, which needs access to the document holder's name stored on the chip, should not automatically get access to the sensitive fingerprints. Furthermore countries, which may track travellers through their embassies, is a show-stopper for any travelling privacy.…”

Section: Related Workmentioning

confidence: 60%

“…Although EAC and its Verifying PKI is used within the European Union, there is no discussion about the aforementioned drawbacks in the standardisation documents. Although the scientific community identified some weaknesses and came up with solution candidates (e.g., [9,13,26,28]) there is no evaluation of the candidates and thus no best recommendation. Additionally if a solution is given, it is usually selfcreated instead of using well-established standards.…”

Section: Motivationmentioning

confidence: 99%

“…Pasupathinathan et al [28] present a self-made protocol called On-line Secure EPassport Protocol (OSEP Protocol). The authors claim to solve weaknesses of EAC.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Towards a more secure and scalable verifying PKI of eMRTD

Buchmann

Baier

2014

JCS

View full text Add to dashboard Cite

The new electronic passport stores biometric data on a contactless readable chip to uniquely link the travel document to its holder. This sensitive data is protected by a complex protocol called Extended Access Control (EAC) against unlawful readouts. EAC is manifold and thus needs a complex public key infrastructure (PKI). Additionally EAC is known to suffer from unsolved weaknesses, e.g., stolen (mobile) passport inspection systems due to its missing revocation mechanism. The article at hand seeks for potential approaches to solve these shortcomings. As a result we present an evaluation framework with special focus on security and scalability to assess the different candidates and to give a best recommendation. Instead of creating new protocols, we focus on solutions, which are based on well-known protocols from the Internet domain like the Network Time Protocol (NTP), the Online Certificate Status Protocol (OCSP), and the Server-based Certificate Validation Protocol (SCVP). These protocols are openly standardised, thoroughly tested, interoperable, and with the exception of SCVP all widely deployed. In addition to these Internet protocols we evaluate state-of-the-art security protocols proposed by the scientific community, e.g., the Hoepman protocol, the BioPACE V2 protocol and the On-line Secure E-Passport Protocol (OSEP). Our recommendation is that the EU EAC PKI would benefit most from introducing NTP and OCSP, or if fine-grained access control of EAC are considered dispensable by introducing the BioPACE V2 protocol.

show abstract

Section: Related Workmentioning

confidence: 60%

Section: Motivationmentioning

confidence: 99%

See 1 more Smart Citation

Towards a more secure and scalable verifying PKI of eMRTD

Buchmann

Baier

2014

JCS

View full text Add to dashboard Cite

show abstract

“…Biometric enabled passports are described as E-passports [4]. Worldwide, such applications are handled by the government agencies.…”

Section: Literature Surveymentioning

confidence: 99%

Cancelable Biometric Transformations for E-Passport Security

Punithavathi¹,

Geetha²

2019

IJEAT

View full text Add to dashboard Cite

E-Passport or Electronic Passport is comprised of a microprocessor chip which contains biometric data used to authenticate the identity of passport holder. Facial image, fingerprint image and palm-print image are some of the currently standardized biometric modalities, embedded in the E-Passports. The privacy of the biometric data becomes a problem during storage and transmission. The biometric data cannot be revoked or re-issued unlike tokens or passwords, if compromised. The possibility of producing cancelable templates from the biometric features of user has been studied, thus eliminating threats to privacy and security of the biometric features. Cancelable template is obtained from original biometric image after intentional/repeated distortions (based on user-specific key), and thereby providing security to the templates. The distortions can be implemented either at signal or at feature level. The cancelable templates can be revoked or re-issued whenever required just by changing the user-specific key. The probability of applying cancelable transformations to secure the privacy of the biometric features in E-passport has been explored in the article

show abstract

“…Vijayakrishnan et al [11] In this paper author has described about security and privacy issue of proposed technique for first and second generation e-passport i.e. Extended Access Control (EAC) proposed by the European Union (EU), for protecting the biometric information.…”

Section: Literature Reviewmentioning

confidence: 99%