Wikipedia

Basic access control: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Rescuing 0 sources and tagging 1 as dead. #IABot (v1.4.1)
m updated reference link from using http to https
Line 7:
== Security ==
 
There is a replay attack against the basic access control protocol that allows an individual passport to be traced.<ref>{{cite web|last=Goodin |first=Dan |url=httphttps://www.theregister.co.uk/2010/01/26/epassport_rfid_weakness/ |title=Defects in e-passports allow real-time tracking, The Register, Dan Goodin, 26th Jan 2010 |publisher=Theregister.co.uk |date=2010-01-26 |accessdate=2012-01-15}}</ref><ref>{{cite web|url=http://www.cs.bham.ac.uk/~tpc/Papers/PassportTrace.pdf |title=A Traceability Attack Against e-Passports, Tom Chothia and Vitaliy Smirnov, 14th International Conference on Financial Cryptography and Data Security 2010 |format=PDF |date= |accessdate=2012-01-15}}</ref> The attack is based on being able to distinguish a failed nonce check from a failed MAC check and works against passports with randomized unique identifiers and hard to guess keys.
 
The basic access control mechanism has been criticized as offering too little protection from unauthorized interception. Researchers claim <ref>{{cite web|last=Hancke|first=Gerhard|url=http://www.rfidblog.org.uk/Hancke-IEEESP-RFIDPracAttacks.pdf |title=Practical Attacks on Proximity Identification Systems (Short Paper), Security and Privacy, 2006 IEEE Symposium on, Gerhard Hancke, 10 April 2012 |publisher=Security and Privacy, 2006 IEEE Symposium on |date=2006 |accessdate=2012-05-10}}</ref> that because there are only limited numbers of passport issued, many theoretically possible passport numbers will not be in use in practice. The limited range of human age ranges further reduce the space of possibilities.
Retrieved from "https://en.wikipedia.org/wiki/Basic_access_control"