Discovering ePassport Vulnerabilities using Bisimilarity

by   Ross Horne, et al.

We uncover privacy vulnerabilities in the ICAO 9303 standard implemented by ePassports worldwide. These vulnerabilities, confirmed by ICAO, enable an ePassport holder who recently passed through a checkpoint to be reidentified without openning their ePassport. This paper explains how bisimilarity was used to discover these vulnerabilities. In order to tackle such bisimilarity problems, we develop here a chain of methods for the applied pi-calculus including a symbolic under approximation of bisimilarity, called open bisimilarity, and a modal logic, called classical FM, for describing and certifying attacks. Evidence is provided to argue for a new scheme for specifying such unlinkability problems that more accurately reflects the capabilities of an attacker.


page 1

page 2

page 3

page 4


Reviewing KLEE's Sonar-Search Strategy in Context of Greybox Fuzzing

Automatic test-case generation techniques of symbolic execution and fuzz...

A Survey of Privacy Infrastructures and Their Vulnerabilities

Over the last two decades, the scale and complexity of Anonymous network...

InSpectre: Breaking and Fixing Microarchitectural Vulnerabilities by Formal Analysis

The recent Spectre attacks has demonstrated the fundamental insecurity o...

Common Privacy Weaknesses and Vulnerabilities in Software Applications

In this digital era, our privacy is under constant threat as our persona...

L2Fuzz: Discovering Bluetooth L2CAP Vulnerabilities Using Stateful Fuzz Testing

Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) is a wireless technolog...

Attacks Against Security Context in 5G Network

The security context used in 5G authentication is generated during the A...

A Bisimilarity Congruence for the Applied pi-Calculus Sufficiently Coarse to Verify Privacy Properties

This paper is the first thorough investigation into the coarsest notion ...

Please sign up or login with your details

Forgot password? Click here to reset