RT info:eu-repo/semantics/article T1 Security Assessment of the Spanish Contactless Identity Card A1 Rodríguez, Ricardo J. A1 García Escartín, Juan Carlos A1 Sanchez Ballabriga, Víctor AB The theft of personal information to assume the identity of a person is a common threat.Individual criminals, terrorists, or crime rings normally do it to commit fraud or other felonies.Recently, the Spanish identity card, which provides enough information to hire on-line products such as mortgages or loans, was updated to incorporate a Near Field Communication (NFC) chip as electronic passports do. This contactless interface brings a new attack vector for these criminals, who might take advantage of the RFID communication to secretly steal personal information. In this paper, we assess the security of contactless Spanish identity card against identity theft. In particular, we evaluated the resistance of one of the contactless access protocol against brute-force attacks and found that no defenses were incorporated. We suggest how to avoid brute-force attacks. Furthermore, we also analyzed the pseudo-random number generator within the card, which passed all performed tests with good results. PB IET YR 2017 FD 2017 LK http://uvadoc.uva.es/handle/10324/25915 UL http://uvadoc.uva.es/handle/10324/25915 LA eng NO http://dx.doi.org/10.1049/iet-ifs.2017.0299 DS UVaDOC RD 24-nov-2024