Skip to main content
SpringerLink
Log in

Breaking Unlinkability of the ICAO 9303 Standard for e-Passports Using Bisimilarity

  • Conference paper
  • First Online:
Book cover Computer Security – ESORICS 2019 (ESORICS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11735))

Included in the following conference series:

Abstract

We clear up confusion surrounding privacy claims about the ICAO 9303 standard for e-passports. The ICAO 9303 standard includes a Basic Access Control (BAC) protocol that should protect the user from being traced from one session to another. While it is well known that there are attacks on BAC, allowing an attacker to link multiple uses of the same passport, due to differences in implementation; there still remains confusion about whether there is an attack on unlinkability directly on the BAC protocol as specified in the ICAO 9303 standard. This paper clarifies the nature of the debate, and sources of potential confusion. We demonstrate that the original privacy claims made are flawed, by uncovering attacks on a strong formulation of unlinkability. We explain why the use of the bisimilarity equivalence technique is essential for uncovering our attacks. We also clarify what assumptions lead to proofs of formulations of unlinkability using weaker notions of equivalence. Furthermore, we propose a fix for BAC within the scope of the standard, and prove that it is correct, again using a state-of-the-art approach to bisimilarity.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    This information on an old bug in ProVerif is due to Stéphanie Delaune and Vincent Cheval.

  2. 2.

    https://github.com/ZDSmith/bac-protocol-unlinkability.

  3. 3.

    https://github.com/tananaev/passport-reader.

References

  1. Machine readable travel documents. part 11: Security mechanisms for MRTDs. Technical report Doc 9303. Seventh Edition, International Civil Aviation Organization (ICAO) (2015). https://www.icao.int/publications/Documents/9303_p11_cons_en.pdf

  2. ISO 15408–2: Common criteria for information technology security evaluation. part 2: Security functional requirements. Technical report. CCMB-2017-04-002, ISO/IEC standard (2017). https://www.commoncriteriaportal.org/files/ccfiles/CCPART2V3.1R5.pdf

  3. Abadi, M., Blanchet, B., Fournet, C.: The applied pi calculus: mobile values, new names, and secure communication. J. ACM 65(1), 1:1–1:41 (2017)

    Article  MathSciNet  Google Scholar 

  4. Arapinis, M., Chothia, T., Ritter, E., Ryan, M.: Analysing unlinkability and anonymity using the applied pi calculus. In: 2010 23rd IEEE Computer Security Foundations Symposium (CSF), pp. 107–121. IEEE (2010)

    Google Scholar 

  5. Avoine, G., Beaujeant, A., Hernandez-Castro, J., Demay, L., Teuwen, P.: A survey of security and privacy issues in epassport protocols. ACM Comput. Surv. 48(3), 47:1–47:37 (2016)

    Article  Google Scholar 

  6. Bender, J., Fischlin, M., Kügler, D.: Security analysis of the PACE key-agreement protocol. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 33–48. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04474-8_3

    Chapter  MATH  Google Scholar 

  7. Briais, S., Nestmann, U.: Open bisimulation, revisited. Theor. Comput. Sci. 386(3), 236–271 (2007)

    Article  MathSciNet  Google Scholar 

  8. Brusó, M., Chatzikokolakis, K., Etalle, S., den Hartog, J.: Linking unlinkability. In: Palamidessi, C., Ryan, M.D. (eds.) TGC 2012. LNCS, vol. 8191, pp. 129–144. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41157-1_9

    Chapter  Google Scholar 

  9. Cheval, V.: Automatic verification of cryptographic protocols: privacy-type properties. PhD thesis, Laboratoire Spécification et Vérification, ENS Cachan (2012)

    Google Scholar 

  10. Cheval, V.: APTE: an algorithm for proving trace equivalence. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014. LNCS, vol. 8413, pp. 587–592. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54862-8_50

    Chapter  Google Scholar 

  11. Cheval, V., Comon-Lundh, H., Delaune, S.: A procedure for deciding symbolic equivalence between sets of constraint systems. Inf. Comput. 255(Part 1), 94–125 (2017)

    Article  MathSciNet  Google Scholar 

  12. Cheval, V., Kremer, S., Rakotonirina, I.: DEEPSEC: Deciding equivalence properties in security protocols theory and practice. In: 2018 IEEE Symposium on Security and Privacy (S&P), pp. 529–546 (2018)

    Google Scholar 

  13. Chothia, T.: Analysing the MUTE anonymous file-sharing system using the pi-calculus. In: Najm, E., Pradat-Peyre, J.-F., Donzeau-Gouge, V.V. (eds.) FORTE 2006. LNCS, vol. 4229, pp. 115–130. Springer, Heidelberg (2006). https://doi.org/10.1007/11888116_9

    Chapter  Google Scholar 

  14. Chothia, T., Smirnov, V.: A traceability attack against e-passports. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 20–34. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14577-3_5

    Chapter  Google Scholar 

  15. Cortier, V., Rusinowitch, M., Zalinescu, E.: Relating two standard notions of secrecy. Log. Methods Comput. Sci. 3(3), 1–29 (2007)

    Article  MathSciNet  Google Scholar 

  16. Cremers, C.J.F.: The scyther tool: verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70545-1_38

    Chapter  Google Scholar 

  17. Dolev, D., Yao, A.: On the security of public-key protocols. IEEE Trans. Inf. Theory 2(29), 198–208 (1983)

    Article  MathSciNet  Google Scholar 

  18. Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong authentication for RFID systems using the AES algorithm. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 357–370. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_26

    Chapter  MATH  Google Scholar 

  19. Hirschi, L., Baelde, D., Delaune, S.: A method for verifying privacy-type properties: the unbounded case. In: 2016 IEEE Symposium on Security and Privacy (S&P), pp. 564–581. IEEE (2016)

    Google Scholar 

  20. Hirschi, L., Baelde, D., Delaune, S.: A method for unbounded verification of privacy-type properties. J. Comput. Secur. 27(3), 277–342 (2019)

    Article  Google Scholar 

  21. Horne, R.: A bisimilarity congruence for the applied \(\pi \)-calculus sufficiently coarse to verify privacy properties, (arXiv:1811.02536) (2018), https://arxiv.org/abs/1811.02536

  22. Horne, R., Ahn, K.Y., Lin, S.W., Tiu, A.: Quasi-open bisimilarity with mismatch is intuitionistic. In: Dawar, A., Grädel, E. (eds.) Proceedings of 33rd Annual ACM/IEEE Symposium on Logic in Computer Science, Oxford, United Kingdom, 9–12 July 2018, pp. 26–35 (2018)

    Google Scholar 

  23. Kanellakis, P.C., Smolka, S.A.: CCS expressions, finite state processes, and three problems of equivalence. Inf. Comput. 86(1), 43–68 (1990)

    Article  MathSciNet  Google Scholar 

  24. Milner, R., Parrow, J., Walker, D.: Modal logics for mobile processes. Theor. Comput. Sci. 114(1), 149–171 (1993)

    Article  MathSciNet  Google Scholar 

  25. Sangiorgi, D.: A theory of bisimulation for the \(\pi \)-calculus. Acta Informatica 33(1), 69–97 (1996)

    Article  MathSciNet  Google Scholar 

  26. Tiu, A., Dawson, J.: Automating open bisimulation checking for the spi calculus. In: 2010 23rd IEEE Computer Security Foundations Symposium. pp. 307–321. IEEE (2010)

    Google Scholar 

Download references

Acknowledgements

We thank the following people for their time and knowledge during the investigation of these results: Vincent Cheval, Ugo Chirico, Stéphanie Delaune, Lucca Hirschi, and Steve Kremer.

Author information

Authors and Affiliations

  1. Computer Science and Communications, University of Luxembourg, Esch sur Alzette, Luxembourg

    Ihor Filimonov, Ross Horne, Sjouke Mauw & Zach Smith

Authors
  1. Ihor Filimonov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ross Horne
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sjouke Mauw
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zach Smith
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ross Horne .

Editor information

Editors and Affiliations

  1. NEC Corporation, Kawasaki, Japan

    Kazue Sako

  2. University of Surrey, Guildford, UK

    Steve Schneider

  3. University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Peter Y. A. Ryan

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Filimonov, I., Horne, R., Mauw, S., Smith, Z. (2019). Breaking Unlinkability of the ICAO 9303 Standard for e-Passports Using Bisimilarity. In: Sako, K., Schneider, S., Ryan, P. (eds) Computer Security – ESORICS 2019. ESORICS 2019. Lecture Notes in Computer Science(), vol 11735. Springer, Cham. https://doi.org/10.1007/978-3-030-29959-0_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-29959-0_28

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-29958-3

  • Online ISBN: 978-3-030-29959-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation