|Título: ||Security Assessment of the Spanish Contactless Identity Card|
|Autor: ||Rodríguez, Ricardo J.|
García Escartín, Juan Carlos
|Año del Documento: ||2017|
|Documento Fuente: ||http://dx.doi.org/10.1049/iet-ifs.2017.0299|
|Resumen: ||The theft of personal information to assume the identity of a person is a common threat.
Individual criminals, terrorists, or crime rings normally do it to commit fraud or other felonies.
Recently, the Spanish identity card, which provides enough information to hire on-line products such as mortgages or loans, was updated to incorporate a Near Field Communication (NFC) chip as electronic passports do. This contactless interface brings a new attack vector for these criminals, who might take advantage of the RFID communication to secretly steal personal information. In this paper, we assess the security of contactless Spanish identity card against identity theft. In particular, we evaluated the resistance of one of the contactless access protocol against brute-force attacks and found that no defenses were incorporated. We suggest how to avoid brute-force attacks. Furthermore, we also analyzed the pseudo-random number generator within the card, which passed all performed tests with good results.|
|Revisión por Pares: ||SI|
|Patrocinador: ||MINECO CyCriSec (TIN2014-58457-R).|
University of Zaragoza and Centro Universitario de la Defensa UZCUD2016-TEC-06.
Project TEC2015-69665-R (MINECO/FEDER, UE).
|Propietario de los Derechos: ||Institution of Engineering and Technology|
|Aparece en las colecciones:||DEP71 - Artículos de revista|