Discovering ePassport Vulnerabilities using Bisimilarity

02/18/2020 ∙ by Ross Horne, et al. ∙ 0

We uncover privacy vulnerabilities in the ICAO 9303 standard implemented by ePassports worldwide. These vulnerabilities, confirmed by ICAO, enable an ePassport holder who recently passed through a checkpoint to be reidentified without openning their ePassport. This paper explains how bisimilarity was used to discover these vulnerabilities. In order to tackle such bisimilarity problems, we develop here a chain of methods for the applied pi-calculus including a symbolic under approximation of bisimilarity, called open bisimilarity, and a modal logic, called classical FM, for describing and certifying attacks. Evidence is provided to argue for a new scheme for specifying such unlinkability problems that more accurately reflects the capabilities of an attacker.



There are no comments yet.


page 1

page 2

page 3

page 4

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.