بررسي راهكارهاي موثر براي كاهش محدوديت‌هاي امنيتي و نقض حريم شخصي در استفاده از سيستم‌هاي REID در ايران (موردكاوي: گذرنامه‌ي الكترونيكي)

Solutions for Reduction of Security Limitations and Privacy Violations in RFID Systems in Iran (Case Study: e-passport)

گذرنامه‌ي الكترونيكي يكي از كاربردهاي تكنولوژي REID، به‌عنوان سند مهم شناسايي و احراز هويت است. با توجه به اهداف سازمان ايكايو مبني بر مجهز شدن تمامي كشورها به گذرنامه‌ي الكترونيكي، افزايش امنيت و همچنين لزوم اجراي گذرنامه‌ي الكترونيكي در ايران، ضروري است تهديدها و راهكارهاي امنيتي گذرنامه‌ي الكترونيكي مورد تحقيق قرار گيرد. در اين مقاله هدف بر آن است كه براي اولين‌بار تهديدهاي امنيتي گذرنامه‌ي الكترونيكي بررسي و راهكارهاي مربوطه پيشنهاد شوند. بدين‌منظور ا بتدا تهديدهاي امنيتي و نقض حريم شخصي استخراج و سپس از طريق پرسش‌نامه‌ راهكارهاي موثر براي كاهش تهديدها شناسايي مي‌شوند. نتايج تحقيق نشان مي‌دهد كه مهم‌ترين مخاطرات تاثيرگذار بر گذرنامه‌ي الكترونيكي شنودگذاري، سرقت، جعل و افشاي اطلاعات است؛ همچنين مي‌توان راهكارهاي تاييد اعتبار فعال، كنترل دسترسي مقدماتي و كنترل دسترسي پيشرفته را به‌عنوان گزينه‌هاي قابل استفاده و موثر در گذرنامه‌ي الكترونيكي به كار گرفت.

In the near future, millions of people around the world will be directly dealing with Radio Frequency Identification (RFID) technology. This technology is defined as a method for providing accurate and concurrent information, without human interference. Some RFID applications are: ATM cards and electronic passports. One of the most important and recent applications of RFID is the electronic passport, which uses biometric technology for authenticating passenger use. Inside the passport, a chip is embedded, in which personal and biometric information is stored. Considering the importance of the data, there is risk of information abuse, causing people to worry about a violation of their privacy. Information theft and eavesdropping are major threats, and, therefore, a method must be employed to ensure the strong security of e-passports to prevent these problems. Considering the ICAO goal, based on electronic passports in all countries, for improving passenger convenience and increasing security, the electronic passport project has been running since 1390 and all citizens should now have one. It is necessary that threats and security issues regarding electronic passports should be examined and investigated. The aim of this paper is identification of security threats when an electronic passport is used and proposing solutions to prevent these threats. Based on our knowledge, it is the first time that security and privacy violations are studied for e-passports in Iran. For this purpose, a questionnaire has been developed which covers the factors concerning privacy violations and solutions for their reduction. The questionnaire was prepared by 35 experts in the field of RFID and e-passports. The results show that major threats affecting the electronic passport are eavesdropping, disclosure of biometric information, theft, and fraud of information. Basic access control, advanced access control, and active and passive authentication can be used as effective solutions in electronic passports.