Cloning and tampering threats in e-Passports

• We present a concrete attack for cloning e-Passports.
• We show how to bypass Active Authentication (anti-cloning) protocol.
• We discuss a technique for securing inspection systems against the proposed attack.
• We encourage to disseminate this knowledge to improve inspection systems’ design.

e-Passports present different security measures designed to safeguard their authenticity and more specifically to protect them from tampering and cloning attempts. Security protocols defined by International Civil Aviation Organization for this purpose (Passive Authentication, Active Authentication) should be enough to prevent such attacks. However, according to current specifications that regulate the Logical Data Structure of the e-Passport’s chip, it is feasible to bypass these protocols exploiting some flaws in the Inspection System. In this paper we show that as long as new documents will not be issued in compliance with new logical data structure’s specifications (currently under discussion), a careless implementation of the inspection procedure may lead to unsuccessful detection of cloned e-Passports.