Discovering ePassport Vulnerabilities using Bisimilarity

02/18/2020
by   Ross Horne, et al.
0

We uncover privacy vulnerabilities in the ICAO 9303 standard implemented by ePassports worldwide. These vulnerabilities, confirmed by ICAO, enable an ePassport holder who recently passed through a checkpoint to be reidentified without openning their ePassport. This paper explains how bisimilarity was used to discover these vulnerabilities. In order to tackle such bisimilarity problems, we develop here a chain of methods for the applied pi-calculus including a symbolic under approximation of bisimilarity, called open bisimilarity, and a modal logic, called classical FM, for describing and certifying attacks. Evidence is provided to argue for a new scheme for specifying such unlinkability problems that more accurately reflects the capabilities of an attacker.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
03/13/2018

Reviewing KLEE's Sonar-Search Strategy in Context of Greybox Fuzzing

Automatic test-case generation techniques of symbolic execution and fuzz...
research
12/15/2018

A Survey of Privacy Infrastructures and Their Vulnerabilities

Over the last two decades, the scale and complexity of Anonymous network...
research
11/03/2019

InSpectre: Breaking and Fixing Microarchitectural Vulnerabilities by Formal Analysis

The recent Spectre attacks has demonstrated the fundamental insecurity o...
research
12/28/2021

Common Privacy Weaknesses and Vulnerabilities in Software Applications

In this digital era, our privacy is under constant threat as our persona...
research
07/30/2022

L2Fuzz: Discovering Bluetooth L2CAP Vulnerabilities Using Stateful Fuzz Testing

Bluetooth Basic Rate/Enhanced Data Rate (BR/EDR) is a wireless technolog...
research
03/20/2023

Attacks Against Security Context in 5G Network

The security context used in 5G authentication is generated during the A...
research
11/06/2018

A Bisimilarity Congruence for the Applied pi-Calculus Sufficiently Coarse to Verify Privacy Properties

This paper is the first thorough investigation into the coarsest notion ...

Please sign up or login with your details

Forgot password? Click here to reset