P
Password
papers point out this issue and explain how bypassing BAC
guessing the Document Basic Access Keys [
,
,
,
,
,
].
Information leakage and malicious traceability have
also been shown as potential threats. As illustration, when
the unique identifier of the IC is not generated randomly
on-the-fly, it may be used to track the ePassport [
,
].
Active authentication may also leak digital evidence
[
,
], and it has been shown that EAC also suffers from
information leakage, e.g., the hash of the fingerprints can
be obtained from EF.SOD without passing EAC [
,
].
Finally, several weaknesses in the implementation of
DOC have been exposed. One of the main issues is
the deficient deployment of the CSCA certificates. With-
out these root certificates, ePassports can be very easily
counterfeited. Denials of service and bugs also represent an
engineering task to be seriously considered. The interop-
erability test operated in Prague in [
] so underlined
the poor quality of many commercial softwares for reading
and checking ePassports.
To summarize, up to now, although several security
weaknesses have been raised, no (known) practical attack
succeeded in counterfeiting an ePassport, assuming all
the ICAO recommendations are applied. However, privacy
problems definitely occur, and many works proved that
the ePassport leaks personal information, although EAC
clearly tends to improve the situation.
Probably for some privacy reasons, Switzerland orga-
nized on , May , a vote in favor of the introduction
of the new generation ePassport, i.e., with biometrics and
EAC: .% of the ballots were “against” the new genera-
tion ePassport [
].
