S O L U T I O N S F O R R E D U C T I O N O F S E C U R I T Y L I M I T A T I O N S A N D P R I V A C Y V I O L A T I O N S I N R F I D S Y S T E M S I N I R A N (C A S E S T U D Y: E-P A S S P O R T)
In the near future, millions of people around the world will be directly dealing with Radio Frequency Identification (RFID) technology. This technology is defined as a method for providing accurate and concurrent information, without human interference. Some RFID applications are: ATM cards and electronic passports. One of the most important and recent applications of RFID is the electronic passport, which uses biometric technology for authenticating passenger use. Inside the passport, a chip is embedded, in which personal and biometric information is stored. Considering the importance of the data, there is risk of information abuse, causing people to worry about a violation of their privacy. Information theft and eavesdropping are major threats, and, therefore, a method must be employed to ensure the strong security of e-passports to prevent these problems. Considering the ICAO goal, based on electronic passports in all countries, for improving passenger convenience and increasing security, the electronic passport project has been running since 1390 and all citizens should now have one. It is necessary that threats and security issues regarding electronic passports should be examined and investigated. The aim of this paper is identification of security threats when an electronic passport is used and proposing solutions to prevent these threats. Based on our knowledge, it is the first time that security and privacy violations are studied for e-passports in Iran. For this purpose, a questionnaire has been developed which covers the factors concerning privacy violations and solutions for their reduction. The questionnaire was prepared by 35 experts in the field of RFID and e-passports. The results show that major threats affecting the electronic passport are eavesdropping, disclosure of biometric information, theft, and fraud of information. Basic access control, advanced access control, and active and passive authentication can be used as effective solutions in electronic passports.
Industrial Engineering & Management Sharif, Volume:30 Issue: 1, 2014
25 to 34