Security Assessment of the Spanish Contactless Identity Card

The theft of personal information to assume the identity of a person is a common threat. Individual criminals, terrorists, or crime rings normally do it to commit fraud or other felonies. Recently, the Spanish identity card, which provides enough information to hire on-line products such as mortgages or loans, was updated to incorporate a Near Field Communication (NFC) chip as electronic passports do. This contactless interface brings a new attack vector for these criminals, who might take advantage of the RFID communication to secretly steal personal information. In this paper, we assess the security of contactless Spanish identity card against identity theft. In particular, we evaluated the resistance of one of the contactless access protocol against brute-force attacks and found that no defenses were incorporated. We suggest how to avoid brute-force attacks. Furthermore, we also analyzed the pseudo-random number generator within the card, which passed all performed tests with good results.MINECO CyCriSec (TIN2014-58457-R).University of Zaragoza and Centro Universitario de la Defensa UZCUD2016-TEC-06.Project TEC2015-69665-R (MINECO/FEDER, UE)

Security assessment of the Spanish contactless identity card

The theft of personal information to fake the identity of a person is a common threat normally performed by individual criminals, terrorists, or crime rings to commit fraud or other felonies Recently, the Spanish identity card, which provides enough information to hire online products such as mortgages or loans, was updated to incorporate a near-field communication chip as electronic passports do. This contactless interface brings a new attack vector for criminals, who might take advantage of the radio-frequency identification communication to virtually steal personal information. In this study, the authors consider as case study the recently deployed contactless Spanish identity card assessing its security against identity theft. In particular, they evaluated the security of one of the contactless access protocol as implemented in the contactless Spanish identity card, and found that no defences against online brute-force attacks were incorporated. They then suggest two countermeasures to protect against these attacks. Furthermore, they also analysed the pseudo-random number generator within the card, which passed all the performed tests with good results

A holistic review of cybersecurity and reliability perspectives in smart airports

Advances in the Internet of Things (IoT) and aviation sector have resulted in the emergence of smart airports. Services and systems powered by the IoT enable smart airports to have enhanced robustness, efficiency and control, governed by real-time monitoring and analytics. Smart sensors control the environmental conditions inside the airport, automate passenger-related actions and support airport security. However, these augmentations and automation introduce security threats to network systems of smart airports. Cyber-attackers demonstrated the susceptibility of IoT systems and networks to Advanced Persistent Threats (APT), due to hardware constraints, software flaws or IoT misconfigurations. With the increasing complexity of attacks, it is imperative to safeguard IoT networks of smart airports and ensure reliability of services, as cyber-attacks can have tremendous consequences such as disrupting networks, cancelling travel, or stealing sensitive information. There is a need to adopt and develop new Artificial Intelligence (AI)-enabled cyber-defence techniques for smart airports, which will address the challenges brought about by the incorporation of IoT systems to the airport business processes, and the constantly evolving nature of contemporary cyber-attacks. In this study, we present a holistic review of existing smart airport applications and services enabled by IoT sensors and systems. Additionally, we investigate several types of cyber defence tools including AI and data mining techniques, and analyse their strengths and weaknesses in the context of smart airports. Furthermore, we provide a classification of smart airport sub-systems based on their purpose and criticality and address cyber threats that can affect the security of smart airport\u27s networks

A holistic review of cybersecurity and reliability perspectives in smart airports

Advances in the Internet of Things (IoT) and aviation sector have resulted in the emergence of smart airports. Services and systems powered by the IoT enable smart airports to have enhanced robustness, efficiency and control, governed by real-time monitoring and analytics. Smart sensors control the environmental conditions inside the airport, automate passenger-related actions and support airport security. However, these augmentations and automation introduce security threats to network systems of smart airports. Cyber-attackers demonstrated the susceptibility of IoT systems and networks to Advanced Persistent Threats (APT), due to hardware constraints, software flaws or IoT misconfigurations. With the increasing complexity of attacks, it is imperative to safeguard IoT networks of smart airports and ensure reliability of services, as cyber-attacks can have tremendous consequences such as disrupting networks, cancelling travel, or stealing sensitive information. There is a need to adopt and develop new Artificial Intelligence (AI)-enabled cyber-defence techniques for smart airports, which will address the challenges brought about by the incorporation of IoT systems to the airport business processes, and the constantly evolving nature of contemporary cyber-attacks. In this study, we present a holistic review of existing smart airport applications and services enabled by IoT sensors and systems. Additionally, we investigate several types of cyber defence tools including AI and data mining techniques, and analyse their strengths and weaknesses in the context of smart airports. Furthermore, we provide a classification of smart airport sub-systems based on their purpose and criticality and address cyber threats that can affect the security of smart airport\u27s networks

A holistic review of cybersecurity and reliability perspectives in smart airports

Advances in the Internet of Things (IoT) and aviation sector have resulted in the emergence of smart airports. Services and systems powered by the IoT enable smart airports to have enhanced robustness, efficiency and control, governed by real-time monitoring and analytics. Smart sensors control the environmental conditions inside the airport, automate passenger-related actions and support airport security. However, these augmentations and automation introduce security threats to network systems of smart airports. Cyber-attackers demonstrated the susceptibility of IoT systems and networks to Advanced Persistent Threats (APT), due to hardware constraints, software flaws or IoT misconfigurations. With the increasing complexity of attacks, it is imperative to safeguard IoT networks of smart airports and ensure reliability of services, as cyber-attacks can have tremendous consequences such as disrupting networks, cancelling travel, or stealing sensitive information. There is a need to adopt and develop new Artificial Intelligence (AI)-enabled cyber-defence techniques for smart airports, which will address the challenges brought about by the incorporation of IoT systems to the airport business processes, and the constantly evolving nature of contemporary cyber-attacks. In this study, we present a holistic review of existing smart airport applications and services enabled by IoT sensors and systems. Additionally, we investigate several types of cyber defence tools including AI and data mining techniques, and analyse their strengths and weaknesses in the context of smart airports. Furthermore, we provide a classification of smart airport sub-systems based on their purpose and criticality and address cyber threats that can affect the security of smart airport\u27s networks

A Survey on the Evolution of Cryptographic Protocols in ePassports

ePassports are biometric identification documents that contain RFID Tags and are primarily used for border security. The embedded RFID Tags are capable of storing data, performing low cost computations and cryptography, and communicating wirelessly. Since 2004, we have witnessed the development and widespread deployment of three generations of electronic passports - The ICAO First Generation ePassport (2004), Extended Access Control (EAC v1.0) ePassports (2006), and Extended Access Control with Password Authentication and Connection Establishment (EAC v2.1) ePassports (2008). Currently, over thirty million ePassports have been issued around the world. In this paper, we provide an introductory study of the technologies implemented in ePassports - Biometrics, RFID, and Public Key Infrastructures; and then go on to analyze the protocols implemented in each of the three generations of ePassports, finally we point out their shortcomings and scope for future related research