An analysis of security weaknesses in the evolution of RFID enabled passport

Since the introduction of Radio Frequency Identification (RFID) Enabled Passports, the system have been plagued with various vulnerability issues that prove to compromise the E-passport security. To date, three generations of E-passports have been introduced by the International Civil Aviation Organization (ICAO) and the European Union (EU). The first two generations of E-passports are being issued worldwide. This paper presents the evolution of these passports over the years to develop taxonomy of the weaknesses and to serve as a reference point detailing security vulnerabilities linked to the RFID E-passport features in the first and second E-passport generations. The findings can also assist in profiling possible attack vectors on the existing RFID enabled passports and in developing comprehensive RFID E-passport risk mitigation strategies. To illustrate the importance of a comprehensive risk strategy when using RFID E-passport, the attack process modeling method is used to highlight the possible attacks and weaknesses which could result from not using one or more security features.