DeepAI AI Chat
Log In Sign Up

Discovering ePassport Vulnerabilities using Bisimilarity

02/18/2020
by   Ross Horne, et al.
0

We uncover privacy vulnerabilities in the ICAO 9303 standard implemented by ePassports worldwide. These vulnerabilities, confirmed by ICAO, enable an ePassport holder who recently passed through a checkpoint to be reidentified without openning their ePassport. This paper explains how bisimilarity was used to discover these vulnerabilities. In order to tackle such bisimilarity problems, we develop here a chain of methods for the applied pi-calculus including a symbolic under approximation of bisimilarity, called open bisimilarity, and a modal logic, called classical FM, for describing and certifying attacks. Evidence is provided to argue for a new scheme for specifying such unlinkability problems that more accurately reflects the capabilities of an attacker.

READ FULL TEXT

page 1

page 2

page 3

page 4

03/13/2018

Reviewing KLEE's Sonar-Search Strategy in Context of Greybox Fuzzing

Automatic test-case generation techniques of symbolic execution and fuzz...
12/15/2018

A Survey of Privacy Infrastructures and Their Vulnerabilities

Over the last two decades, the scale and complexity of Anonymous network...
11/03/2019

InSpectre: Breaking and Fixing Microarchitectural Vulnerabilities by Formal Analysis

The recent Spectre attacks has demonstrated the fundamental insecurity o...
12/28/2021

Common Privacy Weaknesses and Vulnerabilities in Software Applications

In this digital era, our privacy is under constant threat as our persona...
07/30/2022

L2Fuzz: Discovering Bluetooth L2CAP Vulnerabilities Using Stateful Fuzz Testing

Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) is a wireless technolog...
03/20/2023

Attacks Against Security Context in 5G Network

The security context used in 5G authentication is generated during the A...
12/01/2019

SPEECHMINER: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities

SPEculative Execution side Channel Hardware (SPEECH) Vulnerabilities hav...