This document provides an overview of the evolution of cryptographic protocols used in electronic passports (ePassports) over three generations from 2004 to 2008. It summarizes the technologies used in ePassports including biometrics, RFID, and public key infrastructure. It then analyzes the cryptographic protocols of the first generation ePassport specifications from 2004, the Extended Access Control (EAC) specifications from 2006 for the second generation, and the EAC v2.1 specifications from 2008 for the third generation. It also discusses some vulnerabilities that remained even with the third generation specifications.
DESIGN AND IMPLEMENTATION OF E-PASSPORT SCHEME USING CRYPTOGRAPHIC ALGORITHM ...ijait
Advancements in technology have created the possibility of greater assurance of proper travel document ownership, but some concerns regarding security and effectiveness remain unaddressed. Electronic passports have known a wide and fast deployment all around the world since the International Civil
Aviation Organization the world has adopted standards whereby passports can store biometric identifiers. The use of biometrics for identification has the potential to make the lives easier, and the world people live in a safer place. The purpose of biometric passports is to prevent the illegal entry of traveler into a specific
country and limit the use of counterfeit documents by more accurate identification of an individual. This paper analyses the face, fingerprint, palmprint and iris biometric e-passport design. This papers focus on privacy and personal security of bearers of e-passports, the actual security benefit countries obtained by
the introduction of e-passports using face, fingerprint, palmprint and iris recognition systems. Researcher analyzed its main cryptographic features; the face fingerprint, palmprint and iris biometrics currently used with e-passports and considered the surrounding procedures. Researcher focused on vulnerabilities since anyone willing to bypass the system would choose the same approach. On the contrary, solely relying on them may pose a risk that did not exist with previous passports and border controls. The paper also provides a security analysis of the e-passport using face fingerprint, palmprint and iris biometric that are intended to provide improved security in protecting biometric information of the e-passport bearer.
Safe, Clean and Unbiased Elections with Encrypted QR Code Voter Cardsijcisjournal
The aim of this paper is to propose a novel approach to conducting safe, clean and unbiased elections by
issuing Voter Cards with encrypted QR codes and including a new device called Voter Card Processor
(VCAP) for verifying the issued voter cards at polling stations during elections. Detailed descriptions are
provided of how to generate encrypted QR code voter cards, and how the VCAP functions in detecting
fraudulent voter cards and repeat voters. This approach enables polling officers to automatically verify
forgery of voter cards, identify and stop repeat voters, and also prevent rigging and compromised voting
that could be possible due to corruption, bribery, intimidation and muscle power.
Security and Authentication of Internet of Things (IoT) DevicesSanjayKumarYadav58
The proposed scheme deals with an authentication and security model for IoT applications. It is based on protecting the network from the intruders, decrease the authentication complexity and increase the communication efficiency of network devices. A signature based authentication scheme proposed for mutual authentication among users and devices in the network. The output of proposed scheme gives the better output compare to existing solutions in terms of End-To-End (E2E), Throughput, and Packet Delivery ratio. The proposed scheme implemented on Network Simulator (NS2).
DESIGN AND IMPLEMENTATION OF E-PASSPORT SCHEME USING CRYPTOGRAPHIC ALGORITHM ...ijait
Advancements in technology have created the possibility of greater assurance of proper travel document ownership, but some concerns regarding security and effectiveness remain unaddressed. Electronic passports have known a wide and fast deployment all around the world since the International Civil
Aviation Organization the world has adopted standards whereby passports can store biometric identifiers. The use of biometrics for identification has the potential to make the lives easier, and the world people live in a safer place. The purpose of biometric passports is to prevent the illegal entry of traveler into a specific
country and limit the use of counterfeit documents by more accurate identification of an individual. This paper analyses the face, fingerprint, palmprint and iris biometric e-passport design. This papers focus on privacy and personal security of bearers of e-passports, the actual security benefit countries obtained by
the introduction of e-passports using face, fingerprint, palmprint and iris recognition systems. Researcher analyzed its main cryptographic features; the face fingerprint, palmprint and iris biometrics currently used with e-passports and considered the surrounding procedures. Researcher focused on vulnerabilities since anyone willing to bypass the system would choose the same approach. On the contrary, solely relying on them may pose a risk that did not exist with previous passports and border controls. The paper also provides a security analysis of the e-passport using face fingerprint, palmprint and iris biometric that are intended to provide improved security in protecting biometric information of the e-passport bearer.
Safe, Clean and Unbiased Elections with Encrypted QR Code Voter Cardsijcisjournal
The aim of this paper is to propose a novel approach to conducting safe, clean and unbiased elections by
issuing Voter Cards with encrypted QR codes and including a new device called Voter Card Processor
(VCAP) for verifying the issued voter cards at polling stations during elections. Detailed descriptions are
provided of how to generate encrypted QR code voter cards, and how the VCAP functions in detecting
fraudulent voter cards and repeat voters. This approach enables polling officers to automatically verify
forgery of voter cards, identify and stop repeat voters, and also prevent rigging and compromised voting
that could be possible due to corruption, bribery, intimidation and muscle power.
Security and Authentication of Internet of Things (IoT) DevicesSanjayKumarYadav58
The proposed scheme deals with an authentication and security model for IoT applications. It is based on protecting the network from the intruders, decrease the authentication complexity and increase the communication efficiency of network devices. A signature based authentication scheme proposed for mutual authentication among users and devices in the network. The output of proposed scheme gives the better output compare to existing solutions in terms of End-To-End (E2E), Throughput, and Packet Delivery ratio. The proposed scheme implemented on Network Simulator (NS2).
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...Csaba Krasznay
The huge project of the MEKIK (Hungarian Electronic Public Administration Interoperability Framework) has already been started; the next steps were the specification of the middleware and MEKIK portal and the pilot implementation of technical standards catalogue that would be accessible via this portal. These requirements affected the work in connection with the secure communication and the usage of electronic signature in the public administration. The project – correspondingly to the standards of the catalogue – also covered the general conception of security framework, requirements of certification service providers, signature creation application and devices, cryptographic protocols, legal aspects and secures mobile communication. This article introduces the actualities in connection with the interoperability of electronic public administration.
Cognitive Secure Shield – A Machine Learning enabled threat shield for resour...hanumayamma
The Internet of things (IoT) devices come in various operating form factors. Some are operated on unconstrained resources by directly connecting to the electrical grid with Cloud Compute driven memory and processing capacities; others, operated on constrained resources by connecting to finite battery sources and limited memory and compute. Whatever the form factors are, importantly, the expectations from consumers are the IoT devices must be secured – both in terms of data and in terms of safety and efficiency.
For securing IoT devices with unconstrained resources, there are many tools and compute technologies are available. On the other hand, Securing IoT devices with constrained resources, the options are few and pose huge challenges in terms of price, performance, and service costs. In this research paper, we propose machine learning enabled cognitive secure shield that secures the Dairy IoT devices operating under constrained resources. Our innovation is in the design of Secure shield framework that enhances security posture of our Dairy IoT device without affecting Useful Life of the device (ULD). Finally, the paper presents Secure shield ML prototyping.
IoT is referred as Internet of objects and wireless sensor networks and RFID are enabled in the fields of education, health, agriculture and entertainment. The IoT is the development production of the computer science and communication technology. The vulnerable nature of IoT is related to the security and privacy issues. The user may face as the consequence of the spread of IoT technology. The survey is focused on security loopholes arising out of the information exchange technologies used in IoT. Data analytics utilizes IoT and Big Data and it faces security challenges to protect their important data. In 2020, the wide amount of data could be generated by using the technologies of IoT and Big Data. The purpose of this survey is to analyze the vulnerable security issues and risk involved in each layer of the IoT as per to our knowledge the first survey with some goals. Dr. E. J. Thomson Fedrik | A. Vinitha | B. Vanitha ""Review on Vulnerabilities of IoT Security"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-4 , June 2019, URL: https://www.ijtsrd.com/papers/ijtsrd24020.pdf
Paper URL: https://www.ijtsrd.com/computer-science/computer-network/24020/review-on-vulnerabilities-of-iot-security/dr-e-j-thomson-fedrik
Sbvlc secure barcode based visible light communication for smartphonesLeMeniz Infotech
Sbvlc secure barcode based visible light communication for smartphones
Do Your Projects With Technology Experts
To Get this projects Call : 9566355386 / 99625 88976
Web : http://www.lemenizinfotech.com
Web : http://www.ieeemaster.com
Mail : projects@lemenizinfotech.com
Blog : http://ieeeprojectspondicherry.weebly.com
Blog : http://www.ieeeprojectsinpondicherry.blogspot.in/
Youtube:https://www.youtube.com/watch?v=eesBNUnKvws
Secured e-payment system based on automated authentication data and iterated ...TELKOMNIKA JOURNAL
Electronic payment has been considered as one of the most significant and convenient applications of modern electronic services e-University compared to traditional methods that impose time-consuming, human resources, and inefficiency. Different automatic identification technologies have been widely used, such as radio frequency identification (RFID). Extensive research and several applications are focusing on taking the maximum advantage of RFID technology. Data and information security had considered a crucial role when information concerning e-commerce, e-banking, or e-payments, especially due to it required real data to establish accessed illegally. Hence, data originality and security fall a very significant and critical issue in data communication services in recent years. Applications such as e-banking or e-commerce regularly contain sensitive and personal information that should be managed and controlled by authorized persons. Thus, keeping a secure password is important to prevent unauthorized users from illegal access. The password hashing is one of the safety methods and means of preventing attacks. In this article, focuses on proposing an RFID based electronic payment and also provide multi-level security privileges for an academic domain by using RFID technology besides the programmable logic circuit as well the system used C# language in visual studio environment also desktop and web-based application for system working purposes. The proposed system aims to manage student payments in a secure manner and provides the capabilities of getting a bus ticket, copying books, buying food, paying registration fees, and other services. The results have shown the system is secured by using the confirmation code in addition to password encryption.
The advancement of IIoT 4.0 for smart factories, cities and buildings ushers in many exciting possibilities for improved automation and capabilities. IoT devices are unlocking the great potential for improved efficiency and improved user experiences. However, there are many different IoT protocols, network topologies and frequency bands, making IoT an intranet of things and not an internet of things. Therefore, in order to determine which IoT technology to use in solving your use case and future proofing your investment, an understanding of the IoT ecosystem is needed. This is the first in a series of papers describing the different protocols, topologies and frequency bands used in IoT deployments.
Security Issues and Challenges in Internet of Things – A ReviewIJERA Editor
The Internet of Things (IoT) alludes to the continually developing system of physical articles that component an
IP address for web availability, and the correspondence that happens between these items and other Web
empowered gadgets and frameworks. The security issues of the Internet of Things (IoT) are straight forwardly
identified with the wide utilization of its framework. IoT securities and enhancing the design and several
elements of this work showcases various security issues with respect to IoT and thinks of solutions for the issues
under the advancements included. Here we are going to do a study of all the security issues existing in the
Internet of Things (IoT) alongside an examination of the protection issues that an end-client might confront as
an outcome of the spread of IoT. Most of the overview is centred around the security emerging out of the data
trade innovations utilized as a part of Internet of Things. As a piece of IoTs, genuine concerns are raised over
access of individual data relating to gadget and individual protection. This review tells about the security and
protection issues of IoT.
Hardware based cryptography: technological advances for applications in Colom...IJECEIAES
To have totally independent systems that offer a sufficient security scheme has become a necessity in Colombia, this because of the proliferation of IoT type systems and similar; In general, it is required to make stand-alone systems totally independent and distributed to offer users a solution to this need, this work offers the analysis and comparison of two security schemes type digital signature and/or hardware security module (HSM) and its variations, made on embedded platforms type microcontroller software, which shows the strategy to provide information protection, In addition, it is analyzed how each implementation was executed, in which devices and metrics of interest, in the first application the cryptography schemes were made using a deep programming that describes the algorithms in C++ language and in the second implementation the use of the dedicated hardware that the embedded platform type microcontroller had is detailed; In both cases, solutions with an acceptable throughput were generated, allowing to obtain comparable solutions and the same style as those made in a PC or similar hardware. On the other hand, an exhaustive review of this type of solutions in the country-region was made, in order to have a reference as to the possible use of this type of applications.
Biometric System and Recognition Authentication and Security Issuesijtsrd
In recent days Biometric has become the most popular technique used. The purpose of biometric systems is used to achieve high security, authentication and many more. Through this scheme or technique it ensures that the services are accessed only by the authorized persons. This system works effectively and is user friendly. Biometric systems are progressively exchanging the ongoing password and authentication token based system. Authentication and Security recognition are the two most essential characteristic to consider in scheming a biometric system. In this paper, a broad review is presented to illuminate on the latest technologies in the study of fingerprint based biometric covering these two characteristic with a view to improving system security and authentication recognition. Shweta Naik ""Biometric System and Recognition: Authentication and Security Issues"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-2 , February 2020,
URL: https://www.ijtsrd.com/papers/ijtsrd30195.pdf
Paper Url : https://www.ijtsrd.com/computer-science/computer-security/30195/biometric-system-and-recognition-authentication-and-security-issues/shweta-naik
PREMIA GROUP - THE REAL ESTATE GURU PROFILEpremiaprojects
Premia Group is into Real Estate, Healthcare, Entertainment, Hospitality, Energy Sector.
Premia Group is a vibrant and dynamic corporate real estate group headquartered in the heart of Delhi NCR-Noida. It has good experience in real estate construction and development, with a pan India presence. The organization is into luxurious and ultra luxurious real estate projects across India.
Premia Group has a very strong and rich think-tank of renowned international and national level architects, engineers, interior designers, landscape consultants etc. who remain at the core of their innovatively designed world class real estate projects.
Premia Group has launched India’s 1st Corporate City “Premia Corporate City” in Greater Noida West. This prestigious project offers a complete corporate city experience that includes 5 Star Hotel, Corporate Offices, Service Studios, Villas, Retail Mall, Golf Course, Amusement Park, Theme Based Restaurants, Cultural Food Courts, Clubs and an endless list of one-of-a-kind facilities & services. Now Premia Group brings to you Crown Of Noida in Sec – 62, Noida.
Las Torres de Hanoi es un juego de mesa solitario se trata de 3 o mas discos de radio creciente que se apilan insertándose en una de las tres estacas de un tablero.
Hungarian Electronic Public Administration Interoperability Framework (MEKIK)...Csaba Krasznay
The huge project of the MEKIK (Hungarian Electronic Public Administration Interoperability Framework) has already been started; the next steps were the specification of the middleware and MEKIK portal and the pilot implementation of technical standards catalogue that would be accessible via this portal. These requirements affected the work in connection with the secure communication and the usage of electronic signature in the public administration. The project – correspondingly to the standards of the catalogue – also covered the general conception of security framework, requirements of certification service providers, signature creation application and devices, cryptographic protocols, legal aspects and secures mobile communication. This article introduces the actualities in connection with the interoperability of electronic public administration.
Cognitive Secure Shield – A Machine Learning enabled threat shield for resour...hanumayamma
The Internet of things (IoT) devices come in various operating form factors. Some are operated on unconstrained resources by directly connecting to the electrical grid with Cloud Compute driven memory and processing capacities; others, operated on constrained resources by connecting to finite battery sources and limited memory and compute. Whatever the form factors are, importantly, the expectations from consumers are the IoT devices must be secured – both in terms of data and in terms of safety and efficiency.
For securing IoT devices with unconstrained resources, there are many tools and compute technologies are available. On the other hand, Securing IoT devices with constrained resources, the options are few and pose huge challenges in terms of price, performance, and service costs. In this research paper, we propose machine learning enabled cognitive secure shield that secures the Dairy IoT devices operating under constrained resources. Our innovation is in the design of Secure shield framework that enhances security posture of our Dairy IoT device without affecting Useful Life of the device (ULD). Finally, the paper presents Secure shield ML prototyping.
IoT is referred as Internet of objects and wireless sensor networks and RFID are enabled in the fields of education, health, agriculture and entertainment. The IoT is the development production of the computer science and communication technology. The vulnerable nature of IoT is related to the security and privacy issues. The user may face as the consequence of the spread of IoT technology. The survey is focused on security loopholes arising out of the information exchange technologies used in IoT. Data analytics utilizes IoT and Big Data and it faces security challenges to protect their important data. In 2020, the wide amount of data could be generated by using the technologies of IoT and Big Data. The purpose of this survey is to analyze the vulnerable security issues and risk involved in each layer of the IoT as per to our knowledge the first survey with some goals. Dr. E. J. Thomson Fedrik | A. Vinitha | B. Vanitha ""Review on Vulnerabilities of IoT Security"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-4 , June 2019, URL: https://www.ijtsrd.com/papers/ijtsrd24020.pdf
Paper URL: https://www.ijtsrd.com/computer-science/computer-network/24020/review-on-vulnerabilities-of-iot-security/dr-e-j-thomson-fedrik
Sbvlc secure barcode based visible light communication for smartphonesLeMeniz Infotech
Sbvlc secure barcode based visible light communication for smartphones
Do Your Projects With Technology Experts
To Get this projects Call : 9566355386 / 99625 88976
Web : http://www.lemenizinfotech.com
Web : http://www.ieeemaster.com
Mail : projects@lemenizinfotech.com
Blog : http://ieeeprojectspondicherry.weebly.com
Blog : http://www.ieeeprojectsinpondicherry.blogspot.in/
Youtube:https://www.youtube.com/watch?v=eesBNUnKvws
Secured e-payment system based on automated authentication data and iterated ...TELKOMNIKA JOURNAL
Electronic payment has been considered as one of the most significant and convenient applications of modern electronic services e-University compared to traditional methods that impose time-consuming, human resources, and inefficiency. Different automatic identification technologies have been widely used, such as radio frequency identification (RFID). Extensive research and several applications are focusing on taking the maximum advantage of RFID technology. Data and information security had considered a crucial role when information concerning e-commerce, e-banking, or e-payments, especially due to it required real data to establish accessed illegally. Hence, data originality and security fall a very significant and critical issue in data communication services in recent years. Applications such as e-banking or e-commerce regularly contain sensitive and personal information that should be managed and controlled by authorized persons. Thus, keeping a secure password is important to prevent unauthorized users from illegal access. The password hashing is one of the safety methods and means of preventing attacks. In this article, focuses on proposing an RFID based electronic payment and also provide multi-level security privileges for an academic domain by using RFID technology besides the programmable logic circuit as well the system used C# language in visual studio environment also desktop and web-based application for system working purposes. The proposed system aims to manage student payments in a secure manner and provides the capabilities of getting a bus ticket, copying books, buying food, paying registration fees, and other services. The results have shown the system is secured by using the confirmation code in addition to password encryption.
The advancement of IIoT 4.0 for smart factories, cities and buildings ushers in many exciting possibilities for improved automation and capabilities. IoT devices are unlocking the great potential for improved efficiency and improved user experiences. However, there are many different IoT protocols, network topologies and frequency bands, making IoT an intranet of things and not an internet of things. Therefore, in order to determine which IoT technology to use in solving your use case and future proofing your investment, an understanding of the IoT ecosystem is needed. This is the first in a series of papers describing the different protocols, topologies and frequency bands used in IoT deployments.
Security Issues and Challenges in Internet of Things – A ReviewIJERA Editor
The Internet of Things (IoT) alludes to the continually developing system of physical articles that component an
IP address for web availability, and the correspondence that happens between these items and other Web
empowered gadgets and frameworks. The security issues of the Internet of Things (IoT) are straight forwardly
identified with the wide utilization of its framework. IoT securities and enhancing the design and several
elements of this work showcases various security issues with respect to IoT and thinks of solutions for the issues
under the advancements included. Here we are going to do a study of all the security issues existing in the
Internet of Things (IoT) alongside an examination of the protection issues that an end-client might confront as
an outcome of the spread of IoT. Most of the overview is centred around the security emerging out of the data
trade innovations utilized as a part of Internet of Things. As a piece of IoTs, genuine concerns are raised over
access of individual data relating to gadget and individual protection. This review tells about the security and
protection issues of IoT.
Hardware based cryptography: technological advances for applications in Colom...IJECEIAES
To have totally independent systems that offer a sufficient security scheme has become a necessity in Colombia, this because of the proliferation of IoT type systems and similar; In general, it is required to make stand-alone systems totally independent and distributed to offer users a solution to this need, this work offers the analysis and comparison of two security schemes type digital signature and/or hardware security module (HSM) and its variations, made on embedded platforms type microcontroller software, which shows the strategy to provide information protection, In addition, it is analyzed how each implementation was executed, in which devices and metrics of interest, in the first application the cryptography schemes were made using a deep programming that describes the algorithms in C++ language and in the second implementation the use of the dedicated hardware that the embedded platform type microcontroller had is detailed; In both cases, solutions with an acceptable throughput were generated, allowing to obtain comparable solutions and the same style as those made in a PC or similar hardware. On the other hand, an exhaustive review of this type of solutions in the country-region was made, in order to have a reference as to the possible use of this type of applications.
Biometric System and Recognition Authentication and Security Issuesijtsrd
In recent days Biometric has become the most popular technique used. The purpose of biometric systems is used to achieve high security, authentication and many more. Through this scheme or technique it ensures that the services are accessed only by the authorized persons. This system works effectively and is user friendly. Biometric systems are progressively exchanging the ongoing password and authentication token based system. Authentication and Security recognition are the two most essential characteristic to consider in scheming a biometric system. In this paper, a broad review is presented to illuminate on the latest technologies in the study of fingerprint based biometric covering these two characteristic with a view to improving system security and authentication recognition. Shweta Naik ""Biometric System and Recognition: Authentication and Security Issues"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-2 , February 2020,
URL: https://www.ijtsrd.com/papers/ijtsrd30195.pdf
Paper Url : https://www.ijtsrd.com/computer-science/computer-security/30195/biometric-system-and-recognition-authentication-and-security-issues/shweta-naik
PREMIA GROUP - THE REAL ESTATE GURU PROFILEpremiaprojects
Premia Group is into Real Estate, Healthcare, Entertainment, Hospitality, Energy Sector.
Premia Group is a vibrant and dynamic corporate real estate group headquartered in the heart of Delhi NCR-Noida. It has good experience in real estate construction and development, with a pan India presence. The organization is into luxurious and ultra luxurious real estate projects across India.
Premia Group has a very strong and rich think-tank of renowned international and national level architects, engineers, interior designers, landscape consultants etc. who remain at the core of their innovatively designed world class real estate projects.
Premia Group has launched India’s 1st Corporate City “Premia Corporate City” in Greater Noida West. This prestigious project offers a complete corporate city experience that includes 5 Star Hotel, Corporate Offices, Service Studios, Villas, Retail Mall, Golf Course, Amusement Park, Theme Based Restaurants, Cultural Food Courts, Clubs and an endless list of one-of-a-kind facilities & services. Now Premia Group brings to you Crown Of Noida in Sec – 62, Noida.
Las Torres de Hanoi es un juego de mesa solitario se trata de 3 o mas discos de radio creciente que se apilan insertándose en una de las tres estacas de un tablero.
Safety Measures and Privacy in E-Passport Scheme using Cryptographic Protocol...ijcisjournal
Electronic passports have known a wide and fast employment all around the world since the International Civil Aviation Organization (ICAO) the human race has adopted standards whereby electronic passports can store biometrics identifiers. The purpose of electronic passports is to prevent the illegal entry of traveler into a particular country and frontier the use of counterfeit documents by more accurate recognition of an individual. The electronic passport, as it is sometimes called, represents a bold initiative in the employment of two new technologies: Cryptography protocols and biometrics. An electronic passport contains the significant personal information of holder such as photo, name, date of birth and place, nationality, date of issue, date of expiry, authority and so on. The goal of the adoption of the electronic passport is not only to expedite dealing out at border crossings, but also to increase safety measures and privacy. Important in their own right, electronic passports are also the harbinger of a wave of nextgeneration electronic passports: numerous national governments plan to set up electronic passport integrating cryptography safety measures algorithm and biometrics. We walk around the privacy and safety measures implications of this impending worldwide experiment in biometrics certification technology. We describe privacy issues that apply to electronic passports, and then analyze these issues in the context of the ICAO standard for electronic passports. An overall safety measures process that involves people, technology and procedures can overcome limitations of the cryptography protocols and biometrics technologies.
AN INTERNET OF THINGS BASED VEHICLE PERMIT VERIFICATION SYSTEM WITH DIGITAL D...ijujournal
The vehicle permit system enables any person to obtain permission to transport timbers around Sri Lanka.
The persons can apply for vehicle licenses/permits via the forest department and verify them by the police.
It has been realized that the vehicle verification process is still done by stopping vehicles by local police
officers. The process of applying for licenses/permits is still done by visiting the divisional forest office, and
the records are maintained paper-based. This paper presents a novel concept for an Online real-time
permit verification system for Sri Lanka, and there is no ongoing system or architecture to do this concept
up to now. Two digital devices and a web portal were used for this concept to become a reality. Once
devices are powered ON, complete permit verifications can be automatically recorded into the web portal.
For example, if there is a police checkpoint with a checking device and a vehicle arriving towards the
checkpoint that has a vehicle device powered ON, once the vehicle reaches a 50m radius area, it transmits
a signal to the checkpoint device. With that signal, police officers can identify whether the arriving vehicle
has a valid permit. Also, they can get a fully detailed view of the permit. The permit issuing and verification
portal were hosted in a live environment and ready to receive signals from verification units in real-time.
Further development of this system uses the blockchain concept to share and save details among vehicles.
AN INTERNET OF THINGS BASED VEHICLE PERMIT VERIFICATION SYSTEM WITH DIGITAL D...ijujournal
The vehicle permit system enables any person to obtain permission to transport timbers around Sri Lanka.
The persons can apply for vehicle licenses/permits via the forest department and verify them by the police.
It has been realized that the vehicle verification process is still done by stopping vehicles by local police
officers. The process of applying for licenses/permits is still done by visiting the divisional forest office, and
the records are maintained paper-based. This paper presents a novel concept for an Online real-time
permit verification system for Sri Lanka, and there is no ongoing system or architecture to do this concept
up to now. Two digital devices and a web portal were used for this concept to become a reality. Once
devices are powered ON, complete permit verifications can be automatically recorded into the web portal.
For example, if there is a police checkpoint with a checking device and a vehicle arriving towards the
checkpoint that has a vehicle device powered ON, once the vehicle reaches a 50m radius area, it transmits
a signal to the checkpoint device. With that signal, police officers can identify whether the arriving vehicle
has a valid permit. Also, they can get a fully detailed view of the permit. The permit issuing and verification
portal were hosted in a live environment and ready to receive signals from verification units in real-time.
Further development of this system uses the blockchain concept to share and save details among vehicles.
Face Recognition Using ML in Public Transportsijtsrd
Modernization of railways has forever been an issue focused on the development of the fundamental infrastructure of a nation. Since the railways represent one of the most effective modes of transport offered to the people, It is important to keep a check on the security issues that are arising in todays world. According to the need there must be an upgradation in systems we use. One such upgradation is that the role of Artificial Intelligence and e ticketing that is achieved with the assistance of face recognition technology. This technology has been extensively employed as a biometric method and hence can be used for passenger verification. Mangal Kotkar | Shubham Gawade | Shubham Mandavkar | Prathamesh Gujar "Face Recognition Using ML in Public Transports" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-6 , October 2021, URL: https://www.ijtsrd.com/papers/ijtsrd47656.pdf Paper URL : https://www.ijtsrd.com/engineering/information-technology/47656/face-recognition-using-ml-in-public-transports/mangal-kotkar
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...ijcisjournal
Cloud computing technology provides various internet-based services. Many cloud computing vendors are offering cloud services through their own service mechanism. These mechanisms consist of various service parameters such as authentication, security, performance, availability, etc. Customer can access these cloud services through web browsers using http protocols. Each protocol has its own way of achieving the request-response services, authentication, confidentiality and etc. Cloud computing is an internet-based technology, which provides Infrastructure, Storage, Platform services on demand through a browser using HTTP protocols. These protocol features can be enhanced using cloud specific protocol, which provides strong authentication, confidentiality, security, integrity, availability and accessibility. We are proposing and presenting the secure cloud transmission protocol (SCTP) engineering phases which sits on top of existing http protocols to provide strong authentication security and confidentiality using multi-models. SCTP has multi-level and multi-dimensional approach to achieve strong authentication and multi-level security technique to achieve secure channel. This protocol can add on to existing http protocols. It can be used in any cloud services. This paper presents proposed Protocol engineering phases such as Service Specification, Synthesis, Analysis, Modelling, and Implementation model with test suites. This paper is represents complete integration of our earlier proposed and published multilevel techniques
Design and develop authentication in electronic payment systems based on IoT ...TELKOMNIKA JOURNAL
Biometrics is a highly reliable technology where it has become possible to use the characteristics of a person or user (biometrics) along with traditional passwords, and we can even say that it has become an indispensable complement in modern authentication systems today, especially with regard to bank accounts, banks, financial technology (FinTech) internet of things (IoT) devices and all a process related to money and privacy, and biometric methods are multiple and increasing day by day, the most famous of which is (iris, face chart, palm, fingerprint, and others). Biometric systems are immune and immune from modern electronic attacks, such as plagiarism or electronic theft, because the authentication here takes place when all conditions are met. Then the authentication is done and the process is completed, and the aim is to reach the highest levels of accuracy and security and to make the user more comfortable to deal with these modern systems that provide him with many advantages and high privacy.
An efficient implementation for key management technique using smart card and...ijctcm
A Elliptic curve cryptosystem are become popular because of the reduced number of keys bits required in
Comparision to other cryptosystem. In existing work ECC technique are used to describe the encryption
data to provide a security over a network. ECC satisfy the Smart cards requirements in term of memory,
processing and cost. In existing work ECC cryptographic Algorithm work with a smart card technique.
Many existing approaches work with smart card with various Technique and produce a better efficient
result. In these review paper, we Define a smart card technique using a ECIES cryptographic algorithm. So
These Technique key management using smart card and ECIES.ECC basically based on a discrete
logarithm over appoint on an elliptic curve. The ECIES is standard elliptic curve that is totally based on
encryption algorithm. Smart Card using ECIES technique in key management technique.
Secured authentication of radio-frequency identification system using PRESENT...IJECEIAES
The internet of things (IoT) is an emerging and robust technology to interconnect billions of objects or devices via the internet to communicate smartly. The radio frequency identification (RFID) system plays a significant role in IoT systems, providing most features like mutual establishment, key establishment, and data confidentiality. This manuscript designed secure authentication of IoT-based RFID systems using the lightweight PRESENT algorithm on the hardware platform. The PRESENT-256 block cipher is considered in this work, and it supports 64-bit data with a 256-key length. The PRESENT-80/128 cipher is also designed along with PRESENT-256 at electronic codebook (ECB) mode for Secured mutual authentication between RFID tag and reader for IoT applications. The secured authentication is established in two stages: Tag recognition from reader, mutual authentication between tag and reader using PRESENT80/128/256 cipher modules. The complete secured authentication of IoTbased RFID system simulation results is verified using the chip-scope tool with field-programmable gate array (FPGA) results. The comparative results for PRESENT block cipher with existing PRESENT ciphers and other lightweight algorithms are analyzed with resource improvements. The proposed secured authentication work is compared with similar RFID-mutual authentication (MA) approaches with better chip area and frequency improvements.
Design of Mobile Public Key Infrastructure (M-PKI) Using Elliptic Curve Crypt...ijcisjournal
Recently the demand of mobile phones and their applications are increasing rapidly and as a result, it
becomes essential to design and/or improve the existing PKI (Public Key Infrastructure) useful for mobile
phones or devices. Since a mobile phone has small screen, low computing power, small storage capacity
etc, the present paper proposes an ECC-based mobile-PKI that overcomes these limitations and supports
various mobile-based applications, because the use of ECC significantly reduces the computation cost,
message size and transmission overhead over RSA based PKI as 160-bit key-size in ECC provides
comparable security with 1024-bit key in RSA. Also the proposed method includes a Mobile Home Agent
(MHA) per user and a Registration Authority (RA) that further minimize the major work/processing loads
of mobile phone and Certificate Authority (CA), respectively. This paper addresses a secure
implementation of the proposed M-PKI, whose security analysis against different attacks shows that all
attacks are protected. Finally, a comparative study of the M-PKI with the existing PKI is done, which gives
satisfactory performance.
Ethical hacking, the way to get product & solution confidence and trust in an...Pierre-Jean Verrando
Presentation by Dr. Detlef Houdeau, Eurosmart Vice-President at the 2018 eID Forum
The Performing Ethical Hacking on critical hardware and software, has allowed main critical sectors such as financial transaction, communication transaction, electronic documents, qualified signature devices and HSM to be immune from significant attacks.
Europe is the worldwide leader in Ethical Hacking for Hardware and Embedded Software thanks to the 20 years of expertise created by the SOGIS MRA.
Secure Code Generation for Multi-level Mutual AuthenticationTELKOMNIKA JOURNAL
Any secured system requires one or more logging policies to make that system safe. Static
passwords alone cannot be furthermore enough for securing systems, even with strong passwords illegal
intrusions occur or it suffers the risk of forgotten. Authentication using many levels (factors) might
complicate the steps when intruders try to reach system resources. Any person to be authorized for
logging-in a secured system must provide some predefined data or present some entities that identify
his/her authority. Predefined information between the client and the system help to get more secure level
of logging-in. In this paper, the user that aims to log-in to a secured system must provide a recognized
RFID card with a mobile number, which is available in the secured systems database, then the secured
system with a simple algorithm generates a One-time Password that is sent via GSM Arduino compatible
shield to the user announcing him/her as an authorized person.
A novel multi-biometric technique for verification of secure e-documentIJECEIAES
Extracting unique and distinctive traits is one of the most important challenges that researchers face, who rely on biometrics to extract exceptional traits for an individual. A large amount of biometric evidence that can be identified and found in various research has been done. In this paper, a biometrics system is proposed that combines the benefits of fingerprinting and uses a novel strategy to combine it with the image-based fingerprint vein feature set. The proposed system is fast and performs effective personal identification by combining both features. The features extracted from the venous print and fingerprint are matched to the nearest neighbors of the authorized person forms to verify the identity of the person. Several experiments have been performed on selected datasets to evaluate the performance of the new biometrics system. The obtained results prove that our proposed system is superior to biometric systems that use the feature of single biometrics. However, our goal is to set up an algorithm that is inexpensive in terms of time complexity while keeping it at the required security levels.
Torun Center Residences Istanbul - Listing TurkeyListing Turkey
THERE IS LIFE IN ITS CENTER!
The most energetic spot of the city that will add utterly different pleasures to your life, with a park that will make Istanbul breathe, delighting indoor and outdoor bistros, cafes, restaurants, the brand-new Food Hall concept, where dozens of unique tastes are served together, market area, cinema, theater, fitness club, SPA and event venue...
All the pleasures that will enrich your lives are awaiting you on the most beautiful side of the city, at Torun Center Residences. In Mecidiyeköy, where the heart of Istanbul beats, business, life and entertainment opportunities are located at the exact center, at Torun Center, the most beautiful side of the city.
Penthouse apartments and different styles of flats from 1 + 1 to 4 + 1, from 100 to 425 square meters in a 42-story residence tower, have been designed for those who want to live in the center of magnificence. Torun Center is the redefinition of a better life with specially landscaped floor gardens, apartment options with private balconies, and automatic glass systems equipped with Trickle Ventilation that offers clean air comfort.
Business and life in the same place
Excellent service
Torun Center has many delightful details, from a swimming pool to sunbathing and resting terrace. With 24/7 concierge services, 24/7 security, valet, technical service, closed-circuit camera system (CCTV), central heating and cooling system, it makes your life easier.
Delightful details
The two-story Torun Center Lounge, with its indoor and outdoor seating areas, children's playroom, private dining and TV lounge, promises unforgettable memories to you and your loved ones with its unique Istanbul view.
Neighboring to the most pleasant square of Istanbul
A few steps from the Torun Center Residences, you can reach the city's most modern city square and open the doors of a quality city life. Torun Center Residences brings together on the same project the long-awaited city life for Istanbul and gourmet restaurants, cafes, gym and SPA, and state-of-the-art cinema and Artı Stage, hosting the most famous plays of the season.
Located at the intersection of alternative public transportation options such as the metro and Metrobus, Torun Center comes to the fore as the most accessible office for both sides of Istanbul. With a central location and rich transportation lines, Torun Center offices make life easier for employees and increase productivity.
Green Homes, Islamabad Presentation .pdfticktoktips
Green Homes Islamabad offers beautifully designed 5, 8, and 10 Marla homes near the airport and motorway. Enjoy luxury, convenience, and high rental returns in a prime location.
One FNG by Group 108 Sector 142 Noida Construction UpdateOne FNG
One FNG by Group 108 is launching a new commercial project in Sector 142 Noida. Office space and high street retail shops on the FNG and Noida Expressway. For more information visit the website https://www.onefng.com/
Presentation to Windust Meadows HOA Board of Directors June 4, 2024: Focus o...Joseph Lewis Aguirre
Presentation to Windust Meadows HOA Board of Directors June 4, 2024: Focus on Public Safety as Job #1, Engagement, Wealth of HOA, Branding, Communication, Culture, Civic Responsibility
The KA Housing - Catalogue - Listing TurkeyListing Turkey
Welcome to KA Housing, a distinguished real estate development nestled in the heart of Eyüpsultan, one of Istanbul’s most promising districts.
Just 10 minutes from the bustling city center, Eyüpsultan offers a serene escape with the convenience of urban living. The direct metro line ensures seamless connectivity to all parts of Istanbul, making it an ideal location for residents who seek both tranquility and vibrancy.
KA Housing boasts unparalleled accessibility, with proximity to Istanbul Airport only 30 minutes away, facilitating easy international travel. Effortless city access is guaranteed by direct metro and transportation links to Istanbul’s cultural and commercial hubs. Quick access to key metro lines connects you to every corner of the city within minutes, making commuting and exploring the city hassle-free.
The development offers luxurious living spaces with a range of unit layouts from 1+1 to 4+1, designed with meticulous attention to detail. Each unit features balconies or terraces, providing stunning vistas of Istanbul and enhancing the living experience. High-quality materials and superior craftsmanship ensure durability and elegance, while sound-proof insulation and high ceilings (2.95 m) offer comfort and sophistication.
Residents of KA Housing enjoy exclusive on-site amenities, including a state-of-the-art gym, outdoor swimming pool, yoga area, and walking paths. Entertainment options abound with a private cinema, children’s playground, and a variety of dining options including a café and restaurant. Security and convenience are paramount with 24/7 security, a dedicated carpark garage, and an IP intercom system.
KA Housing represents a prime investment opportunity with limited availability in a high-demand area, ensuring enduring value and potential for lucrative returns. Homes in this development provide exceptional value without compromising on quality, offering affordable luxury for discerning buyers. The construction is of the highest quality, built to the latest seismic and disaster resistance standards, ensuring safety and resilience.
The community and surroundings of KA Housing are enriched by close proximity to prestigious universities such as Haliç University, Bilgi University, and Istanbul Ticaret University, making it an ideal location for students and academics. The development is adjacent to the Alibeyköy stream leading into the Halic waters, offering serene natural escapes amidst lush greenery. Residents can enjoy the cultural richness of the area, surrounded by historical and cultural landmarks that blend leisure, nature, and culture seamlessly.
https://listingturkey.com/property/the-ka-housing/
Referans Bahcesehir which is being constructed, in the center of the most regional destination as Bahçeşehir, shines out with its central location and unique landscape including social facilities such as a fitness center, sauna, sports facilities, children’s playground and recreational areas.
Not only drawing attention for immediate surroundings including commercial centers and private schools but also providing the easily accessible location with closeness to Tem Highway and connection roads, ongoing construction of 3rd Bridge Connection roads and Metro Projects
Bahcesehir is a rising value in the great city of Istanbul… Located at a new transportation junction in the northwest of the City… Located at such a spot that the access roads for the 3rd bridge and for the 3rd Airport will reach the region in 2016. The Marmaray and the Subway will extend all the way to Referans Bahcesehir respectively in 2018 and 2019.
465 flats and 34 stores are designed with an outstanding approach and arranged with a unique perspective offering the following options: 1 plus 1, 2 plus 1, 3 plus 1, 3.5 plus 1, 4 plus 1, and 4.5 plus 1. It is planned so as to safeguard you and your loved ones based upon a modern, technological safety approach. As you experience the joy and luxury here, you will be content and feet at ease.
It is worth seeing both inside and outside with heart-warming cafes, tasty restaurants and elegant stores… And it is ready to offer a vivacious social life with a warm and cozy space design.
A folding swimming pool and indoor swimming pools, playgrounds, Turkish bath, sauna… It has them all. Everything you need for your well-being and for having a pleasant time will be at your service. You simply need to align the rhythm of life with the rhythm of Referans Bahcesehir.
https://listingturkey.com/property/referans-bahcesehir/
Lixin Azarmehr, a Los Angeles-based real estate development trailblazer, co-founded JL Real Estate Development (JL RED) in 2015 and serves as its CEO. Her expertise has propelled the firm to specialize in luxury residential and mixed-use commercial projects, with a portfolio that features upscale retail spaces and sophisticated care facilities.
Flat available for sale
Location- Tupudana, Ranchi
Savitri enclave
Area- 3BHK
Rate- 4000/sq.ft.
Super Build Up Area-1629 sq.ft.
Build-up area-1253 sq.ft.
Rate- 65lakh16k(approx)
Floor available- Flat available in all floor(G+12)
Balcony- 2
Washroom- 2
Parking - CAR PARKING
Amenities- Joggers track,temple, children's park,gym,banquet hall (5 Lakh)
Possession year (Handover year)- Dec 2025
Outside View from the apartment and flat balcony is very beautiful.
For more information contact AASHIYANA STAR PROPERTIES
7766900371
Keep Your Home Naturally Cool and Warm Out Change in Seasons
Vinra Construction is a private limited company registered under the ROC. The management has an experience of over 15 years of understanding the needs and delivering apt solutions to the end users We are providing turnkey solutions in construction fields. like Construction, Interior Designing Facility Management, Plantation Management, etc..
Vinra Construction Tech Enabled Company for Eco-Friendly Home Construction
Contact With Vinra for a Greener Future >>> Call us @ 888 4898 765
Elegant Evergreen Homes - Luxury Apartments Redefining Comfort in Yelahanka, ...JagadishKR1
Experience unmatched luxury at Elegant Evergreen Homes, offering exquisite 2, 3, and 4 BHK apartments in the serene locality of Yelahanka, Bangalore. These meticulously crafted homes blend modern design with timeless elegance, providing a harmonious living environment. Enjoy top-tier amenities and a prime location, making Elegant Evergreen Homes the ideal choice for discerning homeowners.
Rixos Tersane Istanbul Residences Brochure_May2024_ENG.pdfListing Turkey
Tersane Suites Residences is a luxurious real estate project located in the heart of Istanbul, next to the beautiful Golden Horn. This unique development offers hotel concept residences with Rixos management, making it the perfect choice for both homeowners and investors.
The Tersane Suites Residences offers a wide range of options, from studio apartments to spacious four-bedroom units, all designed to the highest standard. The suites are finished with high-quality materials and feature modern, open-plan living spaces, fully-equipped kitchens, and large balconies with stunning views of the city and sea.
One of the standout features of Tersane Suites Residences is the Rixos management, which provides a truly exclusive and upscale living experience. Residents will have access to a range of luxury amenities, including a fitness center, spa, and indoor and outdoor swimming pools. Plus, the on-site restaurants and cafes provide a taste of the local and international cuisine.
The Tersane Suites Residences also offers a great opportunity for investors, as it provides a rental guarantee program. This means that investors can enjoy a steady income stream, with the peace of mind that their property is being managed by a reputable and experienced team.
The location of Tersane Suites Residences is also unbeatable, with easy access to the city’s main transportation links and within close proximity to the historic center, making it the perfect base for exploring all that Istanbul has to offer.
Sense Levent Kagithane Catalog - Listing TurkeyListing Turkey
Sense Levent offers a luxurious living experience in the heart of Istanbul’s vibrant Levent district.
This cutting-edge development seamlessly integrates modern design with natural elements, featuring live evergreen plants maintained by an advanced irrigation system, ensuring lush greenery year-round.
The building’s elegant ceramic balconies are both stylish and durable, enhancing the overall aesthetic and functionality. Residents can enjoy the 700m Sky Lounge, which provides breathtaking views of Istanbul and a perfect space to relax and unwind.
Sense Levent promotes a healthy and active lifestyle with a full gym, swimming pool, sauna, and steam room, all available in the building. The interiors are crafted with high-quality materials, ensuring a luxurious and inviting living space.
Designed with young professionals in mind, Sense Levent features 1+1 and 2+1 units with smart floor plans and balconies. The project promises high investment returns, with an expected annual return of 6.5-7%, significantly above Istanbul’s average ROI.
Located in the rapidly growing and highly desirable Levent area, the development benefits from ongoing urban regeneration projects. Its prime location offers proximity to shopping malls, municipal buildings, universities, and public transportation, adding immense value to your investment.
Early investors can take advantage of discounted units during the construction phase, with an expected capital appreciation of +45% USD upon completion. Property Turkey provides comprehensive rental management services, ensuring a seamless and profitable investment experience.
Additionally, robust legal support and significant tax advantages are available through Property Turkey’s licensed Real Estate Investment Fund. Levent is a dynamic urban hub, ideal for young professionals with its numerous corporate headquarters and shopping malls.
Sense Levent is more than just a residence; it’s a place where dreams and opportunities come to life. Contact us today to secure your place in this exclusive development and experience the best of Istanbul living. Sense Levent: Sense the Opportunity. Live the Dream.
https://listingturkey.com/property/sense-levent/
Investing In The US As A Canadian… And How To Do It RIGHT!! (feat. Erwin Szet...Volition Properties
=== Investing In The US As A Canadian… And How To Do It RIGHT!! (feat. Erwin Szeto) ===
Ever been curious about Real Estate Investing in the US?? At Volition, for the past 14 years, we have been focused on helping investors invest in over $250M of real estate and generate $100M of wealth in the Toronto market, but we are always open to learning more about other business models and learning from other investors.
The US has always been an intriguing market to invest in. But the US is a big place… if you’re interested in investing in the US, you probably have a lot of questions, like:
☑️ Specifically WHERE should you invest?
☑️ What are the best markets to invest in and why?
☑️ How much are property prices there?
☑️ What are the returns like?
☑️ What is cashflow like?
☑️ Compared to investing in Toronto or other cities in Ontario, what are the benefits / tradeoffs?
☑️ What ownership structure should I use?
☑️ What are the tax implications?
☑️ Can I get financing?
☑️ What are tenants like?
Enter Erwin Szeto, a longtime friend of Volition. Since 2005, Erwin Szeto and his team have navigated the challenging landscape of being landlords in Ontario. Now, they are shifting their focus and guiding their clients' investments toward the more landlord-friendly environment of the USA. This decision comes after assisting Canadian clients in transacting over $440,000,000 in income properties. Faced with issues like affordability constraints, tenant-friendly laws, rent control, and rental licensing in Canada, Erwin sees a clear opportunity in the U.S. Here, there is a significant influx of investments leading to the creation of high-paying manufacturing jobs. Erwin and his clients are poised to capitalize on these opportunities where landlord rights are stronger and there is no rent control.
To facilitate this transition, Erwin has partnered with and become a client of SHARE, a one-stop-shop U.S. Asset Manager. Founded by Canadians for Canadians, SHARE enables as passive an ownership experience as possible for landlords in the U.S., while still maintaining direct, 100% ownership.
Erwin is “Making Real Estate Investing Great Again”!!
Website: https://www.infinitywealth.ca/
Facebook: https://www.facebook.com/iwinrealestate and https://www.facebook.com/ErwinSzetoOfficial
Podcast: https://www.truthaboutrealestateinvesting.ca/
Instagram: https://www.instagram.com/iwinrealestate/ and https://www.instagram.com/erwinszeto/
Need MCA leads? No sweat! MCAs are great for small biz funding. Learn how to snag top-notch leads: businesses needing cash, with repayment ability, decision-makers, and accurate contacts. Use content, social ads, lead platforms, partnerships, and capture processes for quality leads.
https://www.leadgeneration.media/blog/b/streamline-your-mca-sales-process-with-pre-qualified-leads
Scanning tenants in NYC requires a thorough and compliant approach to ensure you find reliable renters. For a positive rental experience, consider hiring a property management service. Belgium Management LLC specializes in NYC rental property management and tenant relationship management. We prioritize tenant satisfaction, making us a trusted name in New York property management. Our dedicated team ensures tenants feel valued and supported throughout their lease.
BricknBolt Understanding Load-Bearing Walls and Their Structural Support in H...BrickAndBolt
Load-bearing walls are the backbone of any home construction, providing crucial structural support that carries the weight of the house above. For companies like Brick and Bolt Mysore and Bricknbolt Faridabad, understanding and properly implementing these elements are key to constructing safe and durable buildings.
Hawthorn Module 1 Coverted to Slide Show - 04.06.2024.docx
200
1. A Survey on the Evolution of Cryptographic Protocols in
ePassports
Rishab Nithyanand
University of California - Irvine
rishabn@uci.edu
Abstract. ePassports are biometric identification documents that contain RFID Tags and are
primarily used for border security. The embedded RFID Tags are capable of storing data, per-
forming low cost computations and cryptography, and communicating wirelessly. Since 2004, we
have witnessed the development and widespread deployment of three generations of electronic
passports - The ICAO First Generation ePassport (2004), Extended Access Control (EAC v1.0)
ePassports (2006), and Extended Access Control with Password Authentication and Connec-
tion Establishment (EAC v2.1) ePassports (2008). Currently, over thirty million ePassports have
been issued around the world. In this paper, we provide an introductory study of the technologies
implemented in ePassports - Biometrics, RFID, and Public Key Infrastructures; and then go on
to analyze the protocols implemented in each of the three generations of ePassports, finally we
point out their shortcomings and scope for future related research.
1 Introduction
An electronic passport (ePassport) is an identification document which possesses relevant bio-
graphic and biometric information of its bearer. It also has embedded in it a Radio Frequency
Identification (RFID) Tag which is capable of cryptographic functionality. The successful im-
plementation of Biometric and RFID technologies in documents such as ePassports aim to
strengthen border security by reducing forgery and establishing without doubt the identity
of the documents’ bearer.
RFID enabled passports were first adopted by Malaysia in 1998 [1]. However, until 2002,
these passports failed to maintain basic security requirements since the passport holder in-
formation was not encrypted. The only security measure that was implemented was a digital
signature on all the data to ensure that information could not be modified by adversaries.
This was largely inadequate since it did not prevent passports from being cloned, or illegal
data gathering through passport skimming.
Later in 2004, as a guideline, the International Civil Aviation Organization issued a set of
design guidelines and protocol specifications for nations that wished to implement RFID en-
abled passports. This was done in an attempt to standardize passport design while making
them more secure. The security goals of the ICAOs ePassport specifications were identified as:
Data Confidentiality, Data Integrity, Data Origin Authentication, Non Repudiation, Mutual
Authentication, and Key Integrity.
Soon after the ICAO released their ePassport specifications, the first major initiative towards
the global implementation of ePassports for increased border security was taken by the United
States in 2006. It mandated the adoption of the ICAO specification by the twenty-seven na-
tions in its Visa Waiver Program (VWP) [2]. As the US goverment pushed for the global
adoption of ICAO’s ePassport standards, evidence of inadequate data protection aroused me-
dia attention and public concern [3]. As a result of these concerns, a new specification which
2. included a set of protocols called Extended Access Control (EAC) that mitigated some of the
privacy issues in the first generation of ePassports was proposed in 2006 [4]. The EAC proto-
col stack introduced the concept of mutual authentication which allowed the authentication
of a Tag and Reader to each other. After its release, there were several proposals for the third
generation ePassport scheme which included authentication protocols such as OSEP (Online
Secure ePassport Protocol [5]) and an online authentication mechanism based on the Elliptic
Curve Diffie-Hellman key agreement [6].
Finally, in October 2008 a new protocol stack was released by the Bundesamt fur Sicherheit
in der Informationstechnik (BSI) - Germany called EAC v2.1. This protocol introduced a
new version of Tag and Reader authentication which fixed some issues present in the orig-
inal EAC proposal. In addition, a new protocol called Password Authenticated Connection
Establishment (PACE) was added to the EAC protocol stack. This protocol aimed to further
improve security through stronger user authentication.
1.1 Contributions
Through this paper we provide an introduction to the three constituent technologies in ePass-
ports - Biometrics, Public Key Infrastructure, and RFID. We also effectively summarize the
contents of three technical reports which describe the protocols and the functioning of the
ICAO first generation ePassport specifications [7], the EAC ePassport specifications [8], and
the EAC v2.1 ePassport specifications [9]. This is the first work that analyses the protocols
behind the third generation ePassport. We also present some feasible threats to the EAC v2.1
protocol.
1.2 Related Work
RFID Security, Privacy, and Authentication: The implications of large scale infiltra-
tion of RFID Tags in the consumer market on security and privacy of individuals was first
considered in [10, 11]. Since then there has been work in the area of developing security
measures for EPC Tags (Electronic Product Code) which use RFID to replace barcodes for
inventorying and product identification. These include anti-cloning protocols [12–14], cryp-
tographic tools and protocols for use in EPCs and other low power Tags [15], authentication
protocols [16, 17], and protocols to prevent anauthorized tracking of EPC Tags [18]. Many
of these are applicable even to ePassports, eIDs, and ePassport cards [19].
ePassport Security : Juels et al. presented the first analysis of the security of the cryp-
tographic protocols used in first generation ePassports in [20]. This work was followed by
[21], which illustrated some hypothetical scenarios that could cause a compromise in security
and privacy of the holders of first generation ePassports and eIDs. Carluccio et al. presented
some unique tracking attacks on the first generation ePassport in [22].
Soon after the EAC specifications for second generation ePassport were released, its vulner-
abilities were exposed, and a new ePassport protocol - OSEP was proposed in [5]. Other
researchers exposed the weaknesses of the ePassport implementation in Europe [23]. In other
work, Lekkas and Gritzalis studied the possibility of extending the ePassport PKI to other
applications such as POS and online transactions [24]. Recently, Kalman and Noll analysed
the feasibility of implementing watermarking technologies on ePassports to prevent biometric
data leakage [25].
3. 1.3 Organization
In section 2, we provide a brief introduction to Biometrics, Public Key Infrastructures (PKIs),
and RFIDs. In section 3, we describe the Logical data Structure (LDS) in ePassports, in-
troduce the ICAO 14443 specification and their implications on ePassport communication,
and derive a power-distance relationship for ePassports. In section 4, we describe the cryp-
tographic protocols behind the first generation ePassport and its operation procedure. In
section 5 and 6, we do the same for the second and third generation ePassports respectively.
In section 7, we go over the vulnerabilities of each generation of ePassports and describe some
attacks that are still feasible even with EAC v2.1 ePassports. Finally in section 8, we make
our conclusions and discuss some future avenues for research.
2 ePassport Technologies
Electronic passports incorporate three technologies to help deal with user authentication
and fraud management problems: Biometrics, Public Key Infrastructures (PKI), and Radio
Frequency Identification (RFID). In this section we will provide a brief description of these
technologies.
2.1 Biometrics
Fig. 1. Biometric Registration and Verification
A Biometric is a measurable physiological or behavioural trait that can be used to identify
or verify the identity of an individual. Biometric Authentication is the process of authenticat-
ing individuals to computers using biological or physiological characteristics. They are fast
becoming the prefered technique for user authentication in personal devices such as phones,
laptops, etc. This may be attributed towards their resistance to forgery.
Commonly used biometrics include head shots, fingerprints, palm-prints, iris images, thermo-
grams, hand geometry, retinal scans, DNA, and voice. ePassports favor the use of fingerprints
as the primary biometric. The choice of the most effective biometric for an application is based
4. on certain characteristics such as - Universality, Uniqueness, Permanence, Performance, Col-
lectability, Acceptability, and Circumvention. [26]
The Biometric authentication procedure for electronic passports involves two processes - Reg-
istration and Verification. During the registration phase, the ePassport applicant registers
their biometric at a secure location under human supervision. A feature extraction program
is used to encode this biometric data after which it is stored on the users ePassport Tag. For
user authentication and identity verification at an inspection terminal, the user is made to
supply a sample of their biometric. The same feature extraction algorithm is used to encode
the freshly supplied biometric. A matching algorithm is run at the terminal to obtain the
degree of similarity between the registered and supplied biometric. If the degree of similarity
is deemed to be greater than a certain threshold value, the biometric is accepted and the
user’s identity is verified successfully.
Unfortunately, without human supervision, it is not always possible to detect the use of pros-
thetics at the biometric registration or verification stages. It is easy to see that biometric
spoofing attacks will become easier to perform as automation increases and human supervi-
sion of the biometric process decreases.
2.2 Public Key Infrastructure (PKI)
A Public Key Infrastructure is required to aid the process of public key distribution and
authentication. The Public Key Infrastructure for ePassports has remained unchanged over
the last five years. The key elements in the ePassport PKI are the Country Verifying Cer-
tificate Authorities (CVCA) a.k.a Country Signing Certificate Authorities (CSCA), Docu-
ment Verifiers (DV), and Inspection Systems (IS). The Public Key Infrastructure usually
has a hierarchical structure. The highest level body in each nation acts as the CSCA. The
CSCA generates and stores a key-pair (KPuCSCA, KPrCSCA). The private key of the CSCA
(KPrCSCA) is used to sign each Document Verifier (DV) certificate (from its own and from
other countries). There are usually many Document Verifiers in each nation. Each of these
Document Verifiers generates and stores a key-pair (KPuDV , KPrDV ). The private key
(KPrDV ) of the DV is used to sign each Inspection System (Reader) (IS) certificate in its
domain and also the security data element (SOD) of every passport it issues. In order to
efficiently share DV certificates from all nations, the ICAO provides a Public Key Directory
(PKD). The PKD will store only the certificates of all registered DV’s. This repository of
certificates is available to every nation and is not read protected. Certificate Revocation Lists
(CRL) may also be stored in the same PKD. Every nation is responsible for updating its own
repository of public certificates and CRL’s by downloading them from the PKD, once this is
done, each nation distributes the newly downloaded information to every DV and IS in its
jurisdiction.
2.3 Radio Frequency Identification
RFID is a wireless technology used for communication between a Tag and an inspection
system called a Reader. Over the last few years, RFID technology has been an area of great
controversy after it was implemented by some retail giants such as Benetton (Italy) and
Metro Future Store (Germany) for undisclosed reasons. Since then there have been major
protests and even product boycotts by privacy activists who fear that these RFID Tags are
5. Fig. 2. ePassport Public Key Infrastructure
being used for activities such as behavior profiling and customer tracking [27]. Some of the
major threats that need to be addressed when implementing RFID technology in sensitive
fields such as international security are Scanning, Tracking, Eavesdropping, and Cloning .i.e.
it is important that an adversary is unable to do the following:
– Read data from the Tag without consent of the passport holder.
– Track the movements of a passport holder.
– Eavesdrop on legitimate interactions.
– Build a new Tag that can be bound to a passport.
RFID consists of three subsystems: Tags, Readers, and antennas. RFID Tags can be one of
three types: active, semi-active or passive. Active tags are those which are run by a battery,
while passive tags have no batteries and use power obtained from radio signals emitted by
the RFID Readers to operate. RFID Readers operate at a range of frequencies, power, and
reading ranges; these characteristics are defined by the application. Antennas are usually
built into the RFID Reader and the RFID Tag.
3 ePassport Standard Specifications
The ePassport has embedded in it an RFID Tag which is capable of cryptographic computa-
tions and is passive in nature. Passive RFID Tags were chosen because of their low cost, high
fidelity, and short read ranges. The RFID system implemented in ePassports follow the ISO
14443 standard, which specifies the use of 13.56MHz radio frequencies for communication.
The physical features of ePassport Tags are defined by the ISO 7810 ID-3 standard which
specifies a Tag of size 125mm x 88mm. These RFID Tags have an antenna built around them.
ePassport Tags have between 32 to 144 kilobytes of EEPROM memory built into them. In
this memory we store 16 data groups ranging from DG1 - DG 16. These 16 groups store
information such as data present on the Machine Readable Zone (MRZ) of the passport, ex-
tracted biometric features, public keys and other data items. Since ePassport RFID systems
operate at 13.56MHz (HF), designing loop or dipole antennas that can be used on smart-
cards and ePassports are not possible, instead we use the properties of inductive coupling for
signal propagation between RFID Tags and Readers. There are many other challenges that
also need to be addressed when designing RFID systems using passive HF Tags, these are
explained by Gilles Cerede in [28].
6. 3.1 ePassport Logical Data Structure
The ICAO issued a standardized data structure called Logical Data Structure (LDS) for the
storage of data elements. This was to ensure that global interoperability for ePassport Tags
and Readers could be maintained. The specifications state that all the 16 data groups are
write protected and can be written only at the time of issue of the ePassport by the issuing
state. A hash of data groups 1-15 are stored in the security data element (SOD), each of
these hashes should be signed by the issuing state.
Fig. 3. ePassport Logical Data Structure
3.2 Power-Distance relation for ePassport Tags
We make use of inductive coupling to transfer power from the Reader to the Tag. In this
circuit,V0 represents the voltage supply source of the Reader which has an internal resistance
R0. We use a coil with inductance L1 as the Readers’ antenna. The antenna is matched with
the voltage source using the two capacitors Cs and Cp. We couple this circuit with the Tag
equivalent circuit in which L2 is the Tag antenna inductance and capacitor C2 along with L2
completes the resonant circuit. The remaining equipment on the Tag can be represented as
the load resistance RL. The power required by the ePassport RFID Tags supplied to many
nations by Infineon Technologies to operate is 55mW [29].
We first establish the relationship between mutual inductance and distance between the
antennas of the Reader and Tag with (2)
M =
µrπN1N2(r1)2(r2)2
2 ((r1)2 + x2)3
=
1.57 × 10−12
x3
(1)
Where µr represents Permeability; ‘N1’ and ‘N2’ are the number of turns in the antennas of
the Reader and Tag; ‘r1’ and ‘r2’ represent the radii of the coils (antennas) of the Reader
and Tag circuits and ‘x’ is Distance between the Reader and Tag. At resonance, a Reader
running with current I1 will induce power in the amount of PTag in the Tag circuit.
PTag = (I1)2
RT (2)
7. Fig. 4. HF RFID Equivalent Circuit
Where RT is the Tag impedence given by the following relation:
RT =
M2RL
(L2)2
(3)
Where RL is the load resistance and can be calculated using the relation RL = (VT )2/PTag.
Now, Substituting RT and M in (3), we obtain
PTag =
(I1)2M2RL
(L2)2
(4)
Assuming that the Tag requires 55mW for operation and has a Load Resistance of 550Ω,
we get x = 9.8 centimeters. From the above equations, we can conclude that for inductively
coupled HF RFIDs, PTag∝M2 and M∝ 1
x3 .
4 First Generation ePassports
In 2004, the International Civil Aviation Organization (ICAO) published a set of guidelines
(in Doc 9303) that were meant to be followed as the de-facto ePassport standard. The default
mandatory biometric to be used is the headshot of the individual, other allowable biometrics
are fingerprints and iris images. There are three Cryptographic protocols described in the
first generation ICAO specifications to ensure data correctness and privacy. These are Passive
Authentication, Basic Access Control, and Active Authentication.
4.1 Passive Authentication
Passive Authentication is the only mandatory cryptographic protocol in the ICAO first gen-
eration specification. Its primary goal is to allow a Reader to verify that the data in the
ePassport is authentic. This scheme is known as passive authentication since the Tag per-
forms no processing and is only passively involved in the protocol. One must note that Passive
Authentication does not tie the Tag to a passport i.e. we can only establish that the data on
the Tag is correct, not the authenticity of the Tag itself (it cannot detect cloning).
The Inspection System retreives the certificate of the issuing document verifier, using the
public key from the certificate it verifies the digital signature used to sign the data in the
LDS. Once the validity of the signature is established, the Reader computes the hash of each
of these data elements and compares them with the hashed values stored in the SOD. If there
is a match, it can be established that the data on the Tag was not manipulated.
8. 4.2 Active Authentication
Active Authentication is an optional protocol in the ICAO first generation specifications.
Using a simple challenge-response mechanism, it aims to detect if a Tag has been substituted
or cloned. If Active Authentication is supported, the Tag on the ePassport stores a public
key (KPuAA) in Data Group 15 and its hash representation in the SOD. The corresponding
private key (KPrAA) is stored in the secure section of Tag memory. In order for the Tag to
establish its authenticity, it must prove to the Reader that it posseses this private key.
1. The Reader sends a randomly generated 64 bit string (R) to the Tag.
2. The Tag signs this string using the key KPrAA and sends this signature to the Reader.
3. The Reader obtains the public key KPuAA stored in Data Group 15.
4. The Reader verifies the correctness of the signed string using its knowledge of R and
KPuAA.
4.3 Basic Access Control
Basic Access Control (BAC) is an optional protocol that tries to ensure that only Readers
with physical access to the passport can read Tag data. When a reader attempts to scan
the BAC enabled ePassport, it engages in a protocol which requires the Reader to prove
knowledge of a pair of secret keys (called ‘access keys’) that are derived from data on the
Machine Readable Zone (MRZ) of the passport. From these keys, a session key which is used
for secure messaging is obtained.
The Access Keys (KENC, KMAC) are derived from the following data available on the MRZ:
The Passport Number (Doc No), Date of Birth of the Passport Holder (DOB), Valid Until
Date of the Passport (DOE), 3 Check Digits (C).
Kseed = 128msb(SHA − 1(DocNo||DOB||DOE||C))
KENC = 128msb(SHA − 1(Kseed||1))
KMAC = 128msb(SHA − 1(Kseed||2))
The Reader will now enter a Challenge-Response mechanism (described below) to prove
possession of the access keys and to derive a session key.
1. The Tag generates and sends the Reader a 64 bit string (RT ).
2. The Reader receives RT and generates two random 64 bit strings (RR, KR).
3. The Reader now encrypts RR||RT ||KR using the 3-DES algorithm and the key KENC.
4. The Reader now computes the MAC of the cipher using ANSI MAC with the key KMAC.
5. The Reader sends the cipher and the MAC to the Tag.
6. The Tag checks the MAC, decrypts the cipher. It verifies the correctness of RT and then
extracts KR.
7. The Tag generates another 64 bit random string KT .
8. The Tag now encrypts RT ||RR||KT using the 3-DES algorithm and KENC.
9. The Tag now computes the MAC of the cipher using ANSI MAC with the key KMAC.
10. The Tag sends the cipher and the MAC to the Reader.
11. The Reader checks the MAC, decrypts the cipher. It verifies the correctness of RR and
then extracts KT .
12. Both the Reader and the Tag compute the session key seed (Kseed) as KR⊕KT .
9. Now both parties generate a new session encryption key KE and a session MAC key KM as
shown below.
KE = 128msb(SHA − 1(Kseed||1))
KM = 128msb(SHA − 1(Kseed||2))
From this point on all communication is secured using the above encryption and MAC keys.
5 Second Generation ePassports
In 2006 a new set of standards for electronic passports called Extended Access Control was
approved by the New Technologies Working Group (NTWG) which was based on the proposal
for ePassport standardization made by the European Union. The primary goal of EAC was
to provide more comprehensive Tag and Reader authentication protocols. It also aimed to
promote the implementation of secondary biometrics for additional security. In this section
we will describe the Chip Authentication and Terminal Authentication protocols and some
of the flaws that were not mitigated by its inception. To achieve mutual authentication,
the EAC proposal introduced two new protocols called Chip Authentication and Terminal
Authentication. These were used to supplement the Passive Authentication protocol, Basic
Access Control protocol and possibly the Active Authentication protocol described in the
ICAO first generation ePassport specifications.
5.1 Chip Authentication
The Chip Authentication protocol is a mandatory protocol in the EAC specifications. It
aims to replace Active Authentication as a mechanism to detect cloned ePassports. If Chip
Authentication is performed successfully it establishes a new pair of encryption and MAC
keys to replace BAC derived session keys and enable secure messaging. It does this using
the static Diffie-Hellman key agreement protocol. Note that the ePassport Tag already has
a Chip Authentication public key (in Data Group 14) and private key (in secure memory)
(TKPuCA, TKPrCA). The process of Chip Authentication is described below.
1. The Tag sends TKPuCA to the Reader along with the Diffie-Hellman key agreement
parameters (D).
2. The Reader verifies the correctness of the received key using Passive Authentication (sec-
tion 3.1.1).
3. The Reader uses the data in D to generate its own public and private key pair (RKPuCA,
RKPrCA).
4. The Reader sends the generated public key RKPuCA to the Tag.
5. The Reader and Tag can now generate a new seed key (Kseed) using this shared informa-
tion.
6. The new encryption and MAC keys are generated as described in section 3.1.3.
5.2 Terminal Authentication
The Terminal Authentication protocol is a protocol that is executed only if access to more
sensitive data (secondary biometrics) is required. It is a challenge-response mechanism that
10. allows the Tag to validate the Reader used in Chip Authentication. The Reader proves to
the Tag using digital certificates that it has been authorized by the home and visiting nation
to read ePassport Tags. The process of Terminal Authentication is described below.
1. The Reader sends the Tag an Inspection System certificate (which was received from the
local DV) and the DV’s certificate (which was received from the CVCA).
2. The Tag inspects the certificates and extracts the public key (RKPuTA) of the Reader
from the Inspection System certificate.
3. The Tag generates a random string (R) and sends it to the Reader.
4. The Reader computes the hash of RKPuCA derived in the Chip Authentication protocol.
5. The Reader signs the message (R||SHA-1(RKPuCA)) with its private key (RKPrTA).
6. The Tag verifies the correctness of R and RKPuCA using the key RKPuTA and grants
access to secondary biometrics accordingly.
6 Third Generation ePassports
In late 2008, the Federal Office for Information Security (BSI - Germany) released a document
describing new security mechanisms for electronic passports. In this section we will describe
these protocols third generation ePassports. While this specification is suitable for eSign,
eID and ePassport applications, we will describe it only for its relevence to ePassports. The
third generation specification introduces a new protocol called PACE. In addition to PACE,
the Terminal Authentication and Chip Authentication protocols were also updated. The
PACE (Password Authenticated Connenction Establishment) protocol is introduced as a
replacement to the Basic Access Control mechanism.
6.1 Password Authenticated Connection Establishment(PACE)
PACE replaces the Basic Access Control protocol as a mechanism which enables a Tag to
verify that the Reader has authorized access to the electronic passport. The Tag and the
Reader share a common password (π) which is used in conjunction with the Diffie-Hellman
key agreement protocol to provide a strong session key. The entire process is described below.
1. The Tag encrypts a random nonce (s) using the key Kπ. Here, Kπ is SHA-1(π||3).
2. The Tag sends the encrypted nonce and the Diffie Hellman key agreement static domain
parameters (D) to the Reader.
3. The Reader uses the shared password (π) to recover the encrypted nonce (s).
4. The Tag and the Reader compute the Diffie-Hellman ephemeral key domain parameters
(D’) using D and s.
5. The Tag generates a key pair given by(PACEKPrT , PACEKPuT ) and sends PACEKPuT .
6. The Reader generates the key pair (PACEKPrR , PACEKPuR) and sends PACEKPuR.
7. The Reader and Tag now have enough shared information to generate a seed key (Kseed).
8. The Reader and Tag now derive session Keys KENC and KMAC (section 3.1.3).
9. The Reader computes an authentication token:
TR= MAC (KM , (PACEKPuT , D’))
and sends it to the Tag for verification.
10. The Tag computes an authentication token:
TT = MAC (KM , (PACEKPuR, D’))
and sends it to the Reader for verification.
11. Types of Passwords The specification allows for two types of passwords to be used with
electronic passports. These are CAN and MRZ passwords. The Card Access Number (CAN)
may be a short static or dynamic password. If the CAN is static, it is simply printed on the
passport. If it is dynamic, the Tag randomly selects it and displays it on the passport using
low power display technologies such as OLED or ePaper. The MRZ password is a static type
symmetric key derived from the MRZ of the electronic passport.
6.2 Terminal Authentication Version 2
In the new specifications (version 2), Terminal Authentication must be performed before
Chip Authentication. The purpose of the Terminal Authentication protocol is to allow the
Tag to validate the Reader before granting it access to very sensitive biometric information.
It works on a two pass challenge-response scheme similar to the one described in 4.1.2. There
are several modifications to the Terminal Authentication protocol which is described below.
1. The Reader sends the Tag a certificate chain starting with the local DV certificate and
ending with the Inspection System certificate.
2. The Tag verifies the authenticity of these certificates using the CVCA public key.
3. The Tag now extracts the Readers public key (RPuK).
4. The Reader generates an ephemeral Diffie-Hellman key pair:
(RPrKTA, RPuKTA)
using the domain parameters (D).
5. The Reader sends the fingerprint of the public key (Comp(RPuKTA)) and some auxillary
data (ATA) to the Tag.
6. The Tag sends a random challenge (R) to the Reader.
7. The Reader using the private key RPrK signs the string
(IDTA||R||Comp(RPuKTA)||ATA)
and sends it to the Tag.
8. The Tag verifies the correctness of the signature and the string using the public key
(RPuK) and other known parameters.
Note: IDTA is a Tag identifier. If BAC is used, its value is the document number printed
on the MRZ of the electronic passport. If PACE is used, its value is the fingerprint of the
generated ephemeral public key.
6.3 Chip Authentication Version 2
The Chip Authentication protocol in the new specifications is executed only after the Ter-
minal Authentication protocol is executed. This is a necessity since the Chip Authentication
protocol requires the ephemeral Diffie-Hellman key pair (RPrKTA, RPuKTA) which was gen-
erated in the Terminal Authentication phase. The Chip Authentication protocol is described
below.
1. The Tag sends the Reader its public key (TPuK).
2. The Reader sends the ephemeral public key RPuKTA generated during Terminal Au-
thentication to the Tag.
12. 3. The Tag computes the fingerprint of the Readers public key as :
Comp(RPuKTA) using the public key it just received and the auxillary data (ATA). It
compares this fingerprint with the one received in the Terminal Authentication stage.
4. The Tag and Reader have enough shared information to derive a seed key (Kseed).
5. The Tag generates a random nonce (R). The session keys are computed as KMAC =
SHA-1(Kseed||R||2) and KEnc = SHA-1(Kseed||R||1).
6. The Tag now computes the authentication token:
TT = MAC (KMAC, (RPuKTA ,D)).
The Tag sends R and TT to the Reader.
7. The Reader uses R to derive the session keys from Kseed. It then verifies the authentication
token TT .
7 Noted Vulnerabilities in ePassports
7.1 Common RFID Attacks: Cloning, Eavesdropping, Skimming, and Cross
Contamination Attacks
A cloning attack on an ePassport is the attack carried out by an adversary in which a new
ePassport containing the same physical and electronic characteristics of a compromised or
captured ePassport. A successful cloning attack makes it impossible for a reader to distinguish
a cloned from the original ePassport. In first generation ePassports, the active authentication
protocol was used to prevent cloning. The security of active authentication is based on the
fact that only the original tag has knowledge of the active authentication private key. How-
ever, subsequent work demonstrating side channel attacks (power and timing attacks) [30]
on ePassport tags showed that it was easy to obtain the active authentication private key
from the original tag. Later generation ePassports circumvented this attack by implementing
a secondary cloned tag detection algorithm - the chip authentication protocol. The chip au-
thentication protocol restarts secure messaging between the tag and reader once the chip has
been authenticated. It is also tied to the reader authentication protocol, which ensures that
only valid and certified readers have access to sensitive data on authentic tags. As pointed
out by Blundo et al., the chip authentication protocol does not successfully mitigate side
channel attacks [31]. An eavesdropping attack on an ePassport is one which permits some
adversary to eavesdrop on some legitimate conversation between the victims ePassport tag
and a reader, thus possibly giving them the same information that an authenticated and
certified reader might obtain. These attacks were fairly easy to carry out early on, since
there were to mandatory protocols to deal with these. The use of faraday cages to prevent
communication with readers when the ePassport is not in use (preventing skimming), but
are useless to prevent eavesdropping attacks. Finally, second and third generation ePassports
included terminal (reader) authentication protocols to ensure that only authenticated readers
could communicate with tags. In the second generation ePassport protocol, this authentica-
tion protocol was used only when access to biometric data was required. This condition was
dropped in the third generation specifications.
7.2 Flaws in the First Generation Specifications
BAC and Active Authentication are not mandatory The BAC and Active Authen-
tication schemes are optional in these specifications. If these protocols are not implemented
13. in conjunction with RFID technology, ePassport holders become much more vulnerable to
adversaries (than regular passport holders). This is because it is easy to skim data from the
Tag without the holders knowledge if BAC is disabled and new passports can be built using
this data if Active Authentication is disabled. In regular passports, there is no Tag that can
be skimmed from a distance and therefore cloning the passport requires physical access to
the document itself.
Weakness of the BAC Access Keys The BAC is the only protocol designed to protect
ePassport holders from skimming and eavesdropping attacks. Unfortunately, the security of
the entire protocol is based on the entropy of the two access keys which are derived from
data items on the MRZ of the ePassport. While the entropy of these access keys is 56 bits
at the maximum, most of these bits are easily guessable. For example, the entropy of the
Date of Birth field can be greatly reduced for diplomats and dignitaries (since their date of
birth is publically available). Several attacks on Dutch and German ePassport access keys
have shown that the entropy of BAC access keys can be reduced to 25-35 bits [32, 20]. It is
obvious that this does not provide any real security. Once an adversary gets these keys, they
will be able to read and track the Tag throughout the lifetime of the ePassport.
Lack of Access Rules The ICAO first generation ePassport specifications do not have
special access rules for secondary biometrics such as fingerprints and iris images which are
considered to be more sensitive than other accessible information. This lack of access rules
makes it possible for parties to obtain access to information that is very private and they
clearly do not require. For example, it is easy for hotel receptionists, car rental agencies, and
other organizations where passports are often used for identification, to access and store this
sensitive information that they should not have.
7.3 Flaws in Second Generation Specifications
Dependence on BAC The EAC specifications still depend on the Basic Access Control
protocol to protect the biographic data and headshot of the ePassport holder. The BAC
protocol is based on information available on the MRZ of the passport and has an entropy of
upto 56 bits. As mentioned in section 3.3.2, the entropy can be greatly reduced through some
clever estimations. While access to sensitive biometrics is restricted, biographic information
can still be easily obtained by an adversary.
Vulnerability to Attacks by Once Valid Readers ePassport Tags are passive in nature
and therefore have no clocks, this means they make estimates of the current date only based
on information received from Readers the last time they were activated. This means that
it is possible for Readers with expired certificates to read the contents of an ePassport Tag
(including sensitive biometrics) if the date on the ePassport Tag was not updated for a long
period of time (as would be the case for infrequent travelers).
Vulnerability to Denial of Service Attacks Since the Terminal Authentication protocol
is executed only after the Chip Authentication protocol in the EAC operation procedure, it
is possible for a malicious Reader to flood the Tag with invalid certificates. Since the Tag has
very limited memory, this will cause the Tag to stop functioning as required.
14. 7.4 Flaws in Third Generation Specifications
The third generation ePassport specifications appear to have mitigated all but one of the
problems that were present in the earlier generations.
Vulnerability to Attacks by Once Valid Readers ePassport Tags are passive in nature
and therefore have no clocks, this means they make estimates of the current date only based
on information received from Readers the last time they were active. This means that it
is possible for Readers with expired certificates to read the contents of an ePassport Tag
(including sensitive biometrics) if the date on the ePassport Tag was not updated for a long
period of time (as would be the case for infrequent travelers).
8 Conclusions and Directions for Future Research
The first generation ePassport specifications though still in use in many countries have far
too many security risks and its implementation is not advised. The Extended Access Control
protocols introduce the concept of mutual authentication between the Tag and the Reader
and this helps reduce the risk of skimming attacks. However, a cause for concern is its
dependence on basic access control keys which are known to be insecure. While the third
generation ePassport specifications address almost every security concern raised by the first
and second generation specifications, the expired terminal problem is still a major cause for
concern especially for infrequently used ePassports. We described the three generations of
ePassport specifications along with their operational procedures and analyzed the flaws of
each specification.
References
1. Ismail, N.: RFID: Malaysia’s Privacy at the Crossroads? British and Irish Law, Education, and Technology
Association. (April 2007)
2. United States Departmment of Homeland Security - United States Customs and Border Protection: Visa
Waiver Passport Requirements. (October 2006)
3. Schneier, B.: The ID Chip You Dont Want in Your Passport. The Washnigton Post. (September 2006)
4. Moses, T.: The Evolution of E-Passports: Extended Access Control - Protecting Biometric Data with
Extended Access Control. Entrust. (August 2008)
5. Pasupathinathan, V., Pieprzyk, J., Wang, H.: An on-line secure E-passport protocol. In Chen, L., Mu, Y.,
Susilo, W., eds.: Information Security Practice and Experience, 4th International Conference, ISPEC 2008,
Sydney, Australia, April 21-23, 2008, Proceedings. Volume 4991 of Lecture Notes in Computer Science.,
Springer (2008) 14–28
6. Abid, M., Afifi, H.: Secure e-passport protocol using elliptic curve diffie-hellman key agreement protocol.
In: 4th International Conference on Information Assurance and Security. (2008)
7. International Civil Aviation Organization: Doc 9303: Machine Readable Travel Documents - Part 1,
Volume 1. (2004)
8. International Civil Aviation Organization: Doc 9303: Machine Readable Travel Documents - Part 1,
Volume 2. (2006)
9. Bundesamt fur Sicherheit in der Informationstechnik, Germany: Advanced Security Mechanisms for
MRTD’s - Extended Access Control v2.1. (2008)
10. Sarma, S., Weis, S., Engels, D.: RFID Systems and Security and Privacy Implications. In Kaliski, B.,
Kaya ¸co, c., Paar, C., eds.: Cryptographic Hardware and Embedded Systems – CHES 2002. Volume 2523
of Lecture Notes in Computer Science., Redwood Shores, California, USA, Springer-Verlag (August 2002)
454–469
15. 11. Juels, A.: Rfid security and privacy: a research survey. IEEE Journal on Selected Areas in Communications
24(2) (2006) 381–394
12. Staake, T., Thiesse, F., Fleisch, E.: Extending the EPC Network – The Potential of RFID in Anti-
Counterfeiting. In Haddad, H., Liebrock, L., Omicini, A., Wainwright, R., eds.: Symposium on Applied
Computing – SAC, Santa Fe, New Mexico, USA, ACM, ACM Press (March 2005) 1607–1612
13. Juels, A.: Strengthening EPC Tags Against Cloning. Manuscript (March 2005)
14. Bailey, D., Juels, A.: Shoehorning Security into the EPC Standard. In De Prisco, R., Yung, M., eds.:
International Conference on Security in Communication Networks – SCN 2006. Volume 4116 of Lecture
Notes in Computer Science., Maiori, Italy, Springer-Verlag (September 2006) 303–320
15. Peris-Lopez, P., Hernandez-Castro, J.C., Estevez-Tapiador, J.M., Ribagorda, A.: LAMED - A PRNG for
EPC Class-1 Generation-2 RFID Specification. In: Computer Standard and Interface. Volume In Press,
Corrected Proof., Elsevier Science (2007)
16. Peris-Lopez, P., Tong Lee, L., Li, T.: Providing Stronger Authentication at a Low-Cost to RFID Tags
Operating under the EPCglobal Framework. In: IEEE/IFIP International Symposium on Trust, Security
and Privacy for Pervasive Applications – TSP’08, Shanghai, China (December 2008) 159–166
17. Peris-Lopez, P., Li, T., Tong Lee, L., Hernandez-Castro, J.C., Estevez-Tapiador, J.M.: Vulnerability
Analysis of a Mutual Authentication Scheme under the EPC Class-1 Generation-2 Standard. In: Workshop
on RFID Security – RFIDSec’08, Budapest, Hungary (July 2008)
18. Nguyen Duc, D., Park, J., Lee, H., Kim, K.: Enhancing Security of EPCglobal Gen-2 RFID Tag against
Traceability and Cloning. In: Symposium on Cryptography and Information Security, Hiroshima, Japan
(January 2006)
19. Koscher, K., Juels, A., Kohno, T., Brajkovic, V.: EPC RFID Tags in Security Applications: Passport
Cards, Enhanced Drivers Licenses, and Beyond. Manuscript (2008)
20. Juels, A., Molnar, D., Wagner, D.: Security and privacy issues in E-passports. Report, Cryptology ePrint
Archive (March 2005)
21. Kc, G., Karger, P.: Security and privacy issues in machine readable travel documents (mrtds). Technical
report (2006)
22. Carluccio, D., Lemke-Rust, K., Paar, C., Sadeghi, A.R.: E-passport: The global traceability or how to
feel like a ups package. In: WISA. (2006) 391–404
23. Hoepman, J., Hubbers, E., Jacobs, B., Oostdijk, M., Schreur, R.W.: Crossing borders: Security and
privacy issues of the european e-passport. Volume 4266 of Lecture Notes in Computer Science., Springer
(2006) 152–167
24. Lekkas, D., Gritzalis, D.: E-passports as a means towards the first world-wide public key infrastructure.
In Lopez, J., Samarati, P., Ferrer, J.L., eds.: Public Key Infrastructure, 4th European PKI Workshop:
Theory and Practice, EuroPKI 2007, Palma de Mallorca, Spain, June 28-30, 2007, Proceedings. Volume
4582 of Lecture Notes in Computer Science., Springer (2007) 34–48
25. K´alm´an, G., Noll, J.: On privacy protection in biometric passports. In: ICDS. (2009) 60–64
26. Jain, A.K., Ross, A., Prabhakar, S.: An introduction to biometric recognition. IEEE Transactions on
Circuits Syst. Video Techn 14(1) (2004) 4–20
27. Halfhill, T.: Is RFID Paranoia Rational? (2005)
28. Cerede, G.: Understanding the antenna design challenge. RFIDesign (2006) 10–13
29. InfineonTechnologies: Chip Card and Security ICs SLE 66CLX800PE(M) Family. (2007)
30. Hlav´ac, M.: Known-plaintext-only attack on rsa-crt with montgomery multiplication. In: CHES. (2009)
128–140
31. Blundo, C., Persiano, G., Sadeghi, A.R., Visconti, I.: Improved security notions and protocols for non-
transferable identification. In: ESORICS. (2008) 364–378
32. Avoine, G., Kalach, K., Quisquater, J.: Belgian Biometric Passport Does Not Get a Pass...Your Personal
Data Are in Danger! (2007)