2024-03-29T06:55:17Zhttp://uvadoc.uva.es/oai/requestoai:uvadoc.uva.es:10324/259152021-06-23T13:28:11Zcom_10324_1191com_10324_931com_10324_894col_10324_1379
Security Assessment of the Spanish Contactless Identity Card
Rodríguez, Ricardo J.
García Escartín, Juan Carlos
Sanchez Ballabriga, Víctor
The theft of personal information to assume the identity of a person is a common threat.
Individual criminals, terrorists, or crime rings normally do it to commit fraud or other felonies.
Recently, the Spanish identity card, which provides enough information to hire on-line products such as mortgages or loans, was updated to incorporate a Near Field Communication (NFC) chip as electronic passports do. This contactless interface brings a new attack vector for these criminals, who might take advantage of the RFID communication to secretly steal personal information. In this paper, we assess the security of contactless Spanish identity card against identity theft. In particular, we evaluated the resistance of one of the contactless access protocol against brute-force attacks and found that no defenses were incorporated. We suggest how to avoid brute-force attacks. Furthermore, we also analyzed the pseudo-random number generator within the card, which passed all performed tests with good results.
MINECO CyCriSec (TIN2014-58457-R).
University of Zaragoza and Centro Universitario de la Defensa UZCUD2016-TEC-06.
Project TEC2015-69665-R (MINECO/FEDER, UE).
2017-09-25T16:53:01Z
2017-09-25T16:53:01Z
2017
info:eu-repo/semantics/article
http://dx.doi.org/10.1049/iet-ifs.2017.0299
http://uvadoc.uva.es/handle/10324/25915
http://dx.doi.org/10.1049/iet-ifs.2017.0299
eng
info:eu-repo/semantics/restrictedAccess
Institution of Engineering and Technology
application/pdf
IET
https://uvadoc.uva.es/bitstream/10324/25915/3/SecurityAssessmentDNIe.pdf.jpg
Hispana
TEXT
http://rightsstatements.org/vocab/CNE/1.0/
UVaDOC. Repositorio Documental de la Universidad de Valladolid
http://uvadoc.uva.es/handle/10324/25915