Unlinkability
Unlinkability
Unlinkability
net/publication/335822512
CITATIONS READS
9 402
4 authors, including:
Some of the authors of this publication are also working on these related projects:
Distance bounding: a graph theoretical and formal approach (DIST) View project
All content following this page was uploaded by Ross Horne on 04 May 2020.
1 Introduction
The Basic Access Control (BAC) mechanism for e-passports, which forms part of
the ICAO 9303 standard [1], has been in operation since 2005. Since then, an im-
proved access control mechanism, the Password Authenticated Connection Establish-
ment (PACE) protocol [6], has been standardised in order to address known limitations
with the security of BAC. However, the BAC protocol is still being implemented by
a growing number of e-documents, not only e-passports. For example, many national
identity cards are compliant with the BAC protocol in the ICAO 9303 standard. This
means that, firstly, even a relatively minor attack on privacy is of concern to a large num-
ber of citizens internationally; and, secondly, the ICAO 9303 standard is being used in
a wider range of contexts that do not necessarily have system security comparable to an
airport, facilitating more sophisticated attacks.
For the above reasons, it is imperative that we clarify the existence of and nature
of attacks on the privacy of BAC explained in this paper. The notion of privacy we
are concerned with is a strong form of unlinkability, meaning that an e-passport that
satisfies such a privacy property cannot be linked from one session to another, by a
third party snooping in on wireless communications. Such a privacy issue is of concern
to users carrying e-passports, who do not wish third parties to track their movements.
Unlinkability can be formulated in the following terms: an attacker cannot observe
any difference between a scenario where each session with an e-passport reader is with
2 Ihor Filimonov, Ross Horne, Sjouke Mauw, and Zach Smith
a new e-passport and a scenario where the same e-passport may be involved in more
than one session. Strong unlinkability assumes, in addition, that the attacker has the
power to make some decisions, such as feeding a challenge into a remote reader rather
than a reader in the vicinity of the e-passport. We will explain that it is critical that
the additional power given to the attacker by strong unlinkability is modelled by using
bisimilarity as the notion of equivalence.
To understand why strong unlinkability, expressed in terms of bisimilarity, is im-
portant, we must clarify the story in the literature up until this paper. The first paper [4]
formally analysing unlinkability of e-passports, using symbolic techniques, formulated
weak unlinkability as a property of traces, and strong unlinkability as an equivalence
problem in terms of bisimilarity. That paper mainly concerns an attack particular to
the implementation of the French e-passport, exploiting distinguishable error messages
from which the attacker can infer whether authentication was partially successful.
The problem with the above mentioned paper [4] is that they also make claims about
e-passports implementing the ICAO 9303 standard with a single error message for all
types of authentication failure, such as the UK e-passport. They make the claim that the
UK e-passport satisfies the strong form of unlinkability, expressed using bisimilarity.
The primary contribution we make is to clarify that their claim is false. Taking exactly
the same conditions — the way they define strong unlinkability and how they model the
UK e-passport — we discover a counter proof for their claims, and provide a witness in
terms of a modal logic formula describing an attack on strong unlinkability.
We survey related work [19,9,11,10,12], contributing to the story behind symboli-
cally analysing the unlinkability of BAC. With the exception of the original paper, the
papers surveyed concern alternative definitions of unlinkability expressed in terms of
trace equivalence rather than bisimilarity. This survey of trace-based approaches we
use to emphasise the impact of using bisimilarity rather than trace equivalence when
verifying unlinkability of protocols such as BAC. We also highlight other parameters
impacting whether a model proves unlinkability or discovers an attack.
A secondary contribution is to propose a fix for the BAC protocol, within the scope
of the ICAO 9303 standard [1]. We again showcase bisimilarity as a technique for
analysing privacy properties, providing a proof that strong unlinkability holds by defin-
ing a bisimulation that is witness to our claims. Finally, we discuss implications of our
analysis, for example, how our attack on strong unlinkability applies to a wide range of
protocols, not limited only to PACE and a minimal example of an RFID protocol used
as an illustrative example. We also touch on practical implications of our attack, which
are distinct from existing practical attacks on unlinkability [14,5].
Summary. In Section 2 we investigate and refine the analysis of the BAC protocol for
e-passports implemented similarly to the UK e-passport, reporting on different mod-
els and results, and identifying the fundamental modelling problems surrounding un-
linkability. In Section 3 we introduce the strong unlinkability problem for a simplified
authentication protocol that we will use as an example throughout the paper, we also
note a fix for the protocol (encrypting the error message). Section 4 recalls background
material on a state-of-the-art presentation of bisimilarity facilitating our analysis. In
Section 5, we show how bisimilarity can be used to discover attacks on strong unlinka-
bility. Finally, in Section 6 we return to the original formulation of the UK version of the
Breaking Unlinkability of the ICAO 9303 Standard for e-Passports using Bisimilarity 3
BAC protocol, demonstrating how our attack lifts to an attack on strong unlinkability,
invalidating the original claim [4].
2.1 The key paper defining strong unlinkability, but with a flawed claim
The primary contribution of this paper is to clarify that the first paper symbolically
analysing the BAC protocol, as implemented by countries such as the UK (Fig. 1),
contained a flawed claim. Arapinis et al. [4] define weak unlinkability as a property of
traces, faithful to the ISO standard for unlinkability [2]. They then argue for a stronger
property, called strong unlinkability, expressed using bisimilarity. Their work is accom-
panied with a trace that correctly demonstrates that the French BAC protocol violates
both their definitions of unlinkability. Regarding the UK BAC protocol, they say:
idealised specification in which each e-passport is used only once. The above statement
SystemUK ≈l SystemUK0 claims the system specification and idealised specification are
indistinguishable to an attacker, expressed in terms of labelled bisimilarity [3]. Later, in
Sections 5 and 6, we will demonstrate that there is a witness invalidating the bisimilarity
claim above, and therefore there is an attack on strong unlinkability.
Although Arapinis et al. claim, in the quote above, to have proven strong unlinka-
bility by hand, no proof exists. Confusion was partly down to an old bug1 in ProVerif.
Fig. 2. Comparison table of various analyses of the UK e-passport. Note all the above assume the
number of internal communications is unobservable.
A summary of the above findings is presented in Fig. 2. We highlight only the most
important differences between these models, mentioned previously, namely: bisimilar-
ity vs. trace equivalence; and, unbounded vs. arbitrary bounded vs. fixed bounded. An-
1
This information on an old bug in ProVerif is due to Stéphanie Delaune and Vincent Cheval.
2
https://github.com/ZDSmith/bac-protocol-unlinkability
Breaking Unlinkability of the ICAO 9303 Standard for e-Passports using Bisimilarity 5
other critical modelling parameter is the choice of observables, notably the constant
get challenge message in Fig. 1. This impacts whether strong unlinkability holds, by
allowing an attacker to count the number of reader sessions based on the number of
observed get challenge messages. This parameter does not affect weak unlinkability.
Note on terminology: We use the term strong unlinkability in exactly the sense it
was originally communicated in CSF’10 [4]. A source of potential confusion is that a
paper communicated in S&P’16 [19] presents a proof of what they claim to be strong
unlinkability. That claim may be misleading, since they, in fact, significantly change
the definition of strong unlinkability. The most important change they make is to use
trace equivalence rather than bisimilarity. If we have a proof, with trace equivalence
replacing bisimilarity in the definition of strong unlinkability, then weak unlinkabil-
ity follows as a corollary (this fact follows by adapting Theorem 2 in the original
paper [4], since the proof of Theorem 2 does not rely on finer properties of bisimilar-
ity). Note also that they [19] change slightly, but significantly, the observables in the
model of BAC. Their forthcoming journal version [20] acknowledges and discusses
this terminology mismatch.
Sometimes changing definitions of terms is of little consequence; for example, differ-
ences between secrecy as a trace property and secrecy expressed in terms of bisimi-
larity are insignificant [15]. However, the thesis of our paper is that the same does not
apply to privacy. Trace equivalence gives the attacker less power to resolve choices,
and hence misses attacks, such as on the unlinkability of BAC. Related work also high-
lights the power of bisimilarity for discovering attacks in the context of the anonymity
of the MUTE file sharing system [13], and in discussions comparing strong unlinka-
bility, weak unlinkability and computational unlinkability games [8].
The analysis of the full e-passport protocol involves some large messages, which can
obscure the essential problems with the protocol. Therefore, initially, we make two
simplifications to the analysis for pedagogical and methodological reasons:
1. We present a minimal mutual authentication protocol that features the same prob-
lems with strong unlinkability as the BAC protocol for e-passports.
2. We show our attack can be discovered systematically by using a slightly finer notion
of bisimilarity better suited to symbolic analysis.
Both of the above initial simplifications to our analysis are lifted later, in Section 6.
Our use of a minimal authentication protocol also highlights, as mentioned in the intro-
duction, that the problems with strong unlinkability in this work affect a wider class of
authentication protocols, where the same key is used in different sessions.
P, Q F 0 deadlock M, N F x variable
| MhNi.P send | hM, Ni pair
| M(y).P receive | fst(M) left
| if M = N then P else Q choice | snd(M) right
| [M = N]P match | {M}N encryption
| νx.P new | dec(M, N) decryption
| P|Q parallel fst(hM, Ni) =E M snd(hM, Ni) =E N
| !P replication dec({M}K , K) =E M {dec(M, K)}K =E M
protocol [18], which was proposed as a minimal mutual authentication protocol for
RFID tags. A difference, compared to the Feldhoffer protocol, is that we include an
error message which is used by the RFID tag to signal a failed authentication session
to the reader. For minimality, we also simplify the response of the tag (the Feldhoffer
protocol responds with {hn, mi}k rather than simply m).
Like the ICAO 9303 standard BAC protocol for e-passports, our minimal protocol
achieves a strong authentication property called synchronisation [16], which is easily
checked using automated tools such as Scyther [16]. The key differences, compared to
BAC, is that BAC also establishes a shared session key, and uses message authentication
codes to improve message integrity.
We make use of the applied π-calculus for modelling processes. The syntax of pro-
cesses is presented in Fig. 3, along with a message theory featuring pairs and symmetric
encryption (encryption using a shared secret key).
The private channel c is used to transmit a private key unique to the tag (for e-passports
modelling the act of presenting a page to an OCR reader). The tag generates and sends
a fresh challenge n. The response to the challenge y is received. If the response contains
the challenge, tested by snd(dec(y, k)) = n, then the counter-challenge fst(dec(y, k))
is sent. Otherwise, an error is sent. The error message signals to the reader that authen-
tication has failed, resulting in the protocol not successfully completing.
Combining the above reader and tag, we can describe the system as follows.
Notice that channel c, used for sending and receiving the key of the tag, is bound, hence
private. This suggests that an attacker does not have the power to intercept messages on
this channel (modelling a session with an OCR reader). However, other communica-
tions take place on a public channel a which an attacker can snoop over, e.g., reading
using an antenna in the vicinity, and writing using a fake tag.
In the above system specification, the replicated reader, written !Reader, indicates
that any number of sessions of the reader can be initiated in parallel. The sub-process
!νk.!Linkable indicates that any number of tags can be created in parallel, each with
a unique key k identifying them; and, furthermore, each tag can enter any number of
sessions using the same identity k, in parallel.
Unlinkability properties can be expressed using the above system specification and
the idealised specification below:
Notice the only difference between Linkable System and Linkable Spec is the absence
of replication after the generation of the key. Thus, in Linkable Spec, each new session
is with a new tag, with a freshly generated key.
We formulate strong unlinkability as an equivalence problem by setting out to show-
ing that Linkable System and Linkable Spec are equivalent from the perspective of an
attacker. In principle, the idea is that if an attacker cannot tell the difference between a
scenario where the same tag is allowed to be used in multiple sessions and the scenario
where each tag is really used once, then you cannot link two uses of the same tag.
The important point in this paper is that strong unlinkability in fact fails. Indeed for
our minimal authentication example we can prove the following inequality, where ∼ is
a suitable notion of bisimilarity.
The use of bisimilarity grants the attacker more power than trace equivalence, essen-
tially allowing the attacker to resolve certain choices (in this case, to which reader the
challenge is sent). We will explain such attacks in the remaining sections of this paper.
Indeed, we can prove Unlinkable System ∼ Unlinkable Spec holds, where ∼ is a suit-
able notion of bisimilarity. This establishes that strong unlinkability holds for our fixed
basic authentication protocol. The same fix can be applied to BAC, which is a fix within
the scope of the ICAO 9303 standard [1], since the standard does not exclude encrypting
the error message in the BAC protocol.
We briefly recall a concise formulation of (strong) early bisimilarity for the applied
π-calculus. Our presentation makes use of extended processes (in normal form), and a
pure labelled transition system which simplifies the analysis of bisimilarity. Note the
presentation we adopt here makes it relatively easy to quickly discover our attack.
Extended processes in normal form νx.(σ | P) are subject to the restriction that the
variables in dom(σ) are fresh for x, fv(P) and fv(yσ), for all variables y (i.e., σ is idem-
potent, and substitutions are fully applied to P). We follow the convention that opera-
tional rules are defined directly on extended processes in normal forms. Note adopting
normal forms removes the need for several additional conditions that must be imposed
in other formulations of bisimilarity for the applied π-calculus [3].
We require a standard notion of static equivalence, which checks two processes are
indistinguishable in terms of the messages output so far.
Breaking Unlinkability of the ICAO 9303 Standard for e-Passports using Bisimilarity 9
Fig. 6. An early labelled transition system, plus symmetric rules for parallel composition and
choice. The equational theory over message terms can be applied at any point. The set of free
variables and α-conversion are as standard, where νx.P and M(x).P bind x in P. Define the bound
names such that bn(π) = {x} only if π = M(x) and bn(π) = ∅ otherwise. Define the names such
that n(M N) = fv(M) ∪ fv(N), n(M(x)) = fv(M) ∪ {x} and n(τ) = ∅.
The early labelled transition system and static equivalence together can be used to
define the following (strong) version of early bisimilarity.
Definition 2 (early bisimilarity). A symmetric relation between extended processes R
is an early bisimulation only if, whenever A R B the following hold:
– A and B are statically equivalent.
– If A π I A0 there exists B0 such that B π
I B0 and A0 R B0 .
10 Ihor Filimonov, Ross Horne, Sjouke Mauw, and Zach Smith
Processes P and Q are early bisimilar, written P ∼ Q, whenever there exists an early
bisimulation R such that P R Q.
Notice initially we consider here a strong notion of bisimilarity, where the number of
internal communications can be counted. This initially simplifies the analysis. To be
precise, the strong semantics preserves a notion called image finiteness, which is lost in
the weak setting and imposes additional technical challenges. However, later we show
attacks discovered lift to the weak setting (by including more observables).
The real system, which allows multiple instances of the same tag, can perform the
following two τ actions followed by an output action a(u). The idealised specification
on the right below follows with the same actions as best it can. Note we abbreviate
multiple transitions by writing sequences of actions on the label.
τ τ a(u) τ τ a(u)
Linkable System I Broken System’ Linkable Spec I Broken Spec’
The states reached above are of the following form.
Broken System’ , νc, k1 , n1 , n2 .( {n1/u } | W1 | W1 | !Reader |
a(y).U(n1 , y)1 | T(n2 )1 | !Linkable1 | !νk.!Linkable )
Broken Spec’ , νc, k1 , k2 , n1 , n2 .( {n1/u } | W1 | W2 | !Reader |
a(y).U(n1 , y)1 | T(n2 )2 | !νk.Linkable )
At this point, we can swap the system for the specification (exploiting the symmetry
of a bisimulation), and Broken Spec’ performs the sequence of actions below.
Similarly to our minimal authentication example, we can express the system and ide-
alised specification, respectively, as follows.
SystemUK , νck .(!Reader | !νke.νkm.!MainUK)
SystemUK0 , νck .(!Reader | !νke.νkm.MainUK)
π
We also employ labelled bisimilarity [3] which makes use of weak transitions, A I B
which allow zero or more τ transitions to occur before and after the transition π, or zero
π
transitions if π = τ. Notice B I B0 is the only difference compared to Def. 2.
Definition 3 (labelled bisimilarity). A symmetric relation between extended processes
R is a labelled bisimulation only if, whenever A R B the following hold:
– A and B are statically equivalent.
π
– If A π I A0 there exists B0 such that B I B0 and A0 R B0 .
Labelled bisimilarity ≈l is the greatest labelled bisimulation.
Now, by following a similar strategy described in the previous section, we can prove
that strong unlinkability fails, expressed as follows.
SystemUK 0l SystemUK0
A little more work is required, compared to the previous section, since we must count
the number of get challenge messages sent and received rather than number of τ transi-
tions. However, we can go through essentially the same symbolic reasoning to discover
a similar attack to the previous section. Rather than repeating the same analysis but on
a larger specification, we instead present a shorter way to describe such attacks and
informally describe how it can be exploited in a practical fashion.
From the contrapositive of the above theorem, whenever P 0l Q, there exists a formula
φ such that P |= φ holds, but Q 6|= φ.
In the case of the failure of strong unlinkability of the UK BAC protocol, we have
the following classical FM formula, say ψ.
d get challenge c(x) c(y) c(z)
x = get challenge ∧ y = get challenge ∧ z , get challenge ∧
d z c(u) d u c(v) u , get challenge ∧ v , get challenge ∧ v , error
∨ c(w) (w = get challenge)
For this formula we can verify SystemUK |= ψ holds. Clearly, interpreting such a wit-
ness for non-bisimilarity requires considerable expertise. The first part of the formula,
until input d z , starts an e-passport session and two reader sessions, and then sends
the challenge, named z in the formula, from the e-passport. The later branches of the
formula check whether or not the reader sessions are with the same e-passport or not.
The critical step is d z , which ranges over all ways in which the challenge z can be fed
back into the system as an input. In the bisimulation game, this corresponds to a swap-
ping of perspective, where the idealised specification leads, rather than the system (as
illustrated in the attack on the minimal authentication protocol in Sec. 5). In practical
terms, this means that the attacker takes control over where the input d z is performed.
Now consider SystemUK0 . We show that SystemUK0 6|= ψ. Notice that the branch
c(w) (w = get challenge) covers the possibility that the input is fed in when a get challenge
message is expected, leaving no possible output actions other than those starting a fresh
session. Notice also the possibility of an error occurring too early (u = error) is also ac-
commodated. Importantly, regardless of how SystemUK0 plays the first four actions, in
the state reached, there exists an input d u which fails to match any of the eventualities
described by the formula.
Note there are many such distinguishing formulae, each describing subtly different
attacks on strong unlinkability. We select this one, as it formally justifies the practical
description of the attack in the next section.
Here, we give an example of a practical attack that might be carried out in the real
world, based on the attack on strong unlinkability given in the previous section. We
assume the presence of a Dolev-Yao [17] adversary, who can block or redirect messages.
Importantly, we assume that the adversary cannot interfere with the credentials on the
e-passport, for example by snooping on an OCR session.
The aim of our attack will be to identify the e-passport who has most recently in-
teracted with a specific reader device (which need not be under adversary control). For
example, in an airport, the attacker may wish to identify people who have travelled
through the “priority” lane, as they are more likely to be airline staff or other people of
interest. The attack proceeds at follows:
14 Ihor Filimonov, Ross Horne, Sjouke Mauw, and Zach Smith
ke, km
ke, km
malicious
fake reader
fresh nt, kt
malicious
get challenge t1
fake passport
nt
nt
fresh nr, kr
get challenge
t3 t2
nt
R
R
R
C 6= error
Fig. 7. Attack on UK e-passport: implementation involving fake reader and fake e-passport, in-
formally. The critical moment is choosing where to feed nt. Assume Msg = {hnr, hnt, krii}ke ,
Msg0 = {hnt, hnr, ktii}ke , R = hMsg, mac(Msg, km)i and C = hMsg0 , mac(Msg0 , km)i.
(1) An honest agent has their OCR details read by the targeted reader device.
(2) The adversary blocks any RF communication between the (now-scanned) e-passport
and the reader. The agent presumes that the machine is faulty and moves on.
(3) The adversary brings a custom reader device close to an agent. This custom reader
initiates the BAC protocol with the agent’s e-passport.
– The fake reader does not make use of, or attempt to read, any OCR data. It acts
as if this phase has already been completed.
(4) The fake reader relays messages from the e-passport to the reader suspended in (2),
for example by using a RF retransmitter located close to the reader.
– The suspended reader still has OCR data stored from the earlier step.
(5) If the e-passport that the adversary is communicating with is indeed the e-passport
that was scanned by the reader (as is depicted in Figure 7), then the protocol will
complete successfully, and the adversary will see an encrypted data packet.
– If the e-passport does not match the previously scanned one, the adversary will
see a constant error message.
The adversary never learns the keys of any e-passport in this case, but they do not
need to - they need only distinguish whether or not the final message is a constant term
or an encrypted packet.
In Fig. 7, we highlight three key timing constraints on this attack. The hard con-
straint, labelled t2 , is the maximum time a genuine e-pasport reader waits between issu-
ing a request and receiving a response from an e-passport. We conducted experiments
on open source e-passport readers and found that t2 is bounded above by approximately
1.1 seconds. To perform this experiment we implemented a fake e-passport, to interact
with an open source e-passport reader3 .
3
https://github.com/tananaev/passport-reader
Breaking Unlinkability of the ICAO 9303 Standard for e-Passports using Bisimilarity 15
The constraint t3 represents how long an e-passport is willing to wait before receiv-
ing the next command after sending a challenge. It has no technical upper bound, as a
tag remains active (and awaiting commands) for as long as it is powered. The flow of
messages in Fig. 7 shows it is possible to arrange t3 , such that is is bounded above by a
few seconds. Therefore, if the e-passport itself implements a timeout (which typically
they do not) it would be easy to stay within that timeout bound.
A key practical concern in step (2) is the duration for which an e-passport reader
will hold on to OCR details, indicated as t1 in Fig. 7. This is dependent on the spe-
cific firmware implementation of the reader (the OCR reader and RF session with BAC
combined). Certainly for open source readers for smart phones, this is not an obstacle.
To avoid this attack, airport e-passport readers should require that an upper bound is
enforced on t1 . It is also unknown if a reader discards stored OCR data after it believes
it has finished executing the BAC protocol. This should be enforced, to ensure that the
attack cannot be repeated (i.e. we can attempt to link only one passport with the last
OCR scan).
An important point is that, if we interpret Fig. 7 simply as a trace of inputs and
outputs then it is not an attack. To see why, observe that even if the suspended reader
has different keys as expected in the idealised specification, then another (currently
unused) reader can be employed to produce the same sequence of actions. The use of
bisimilarity is essential.
7 Conclusions
– An attack, Sec. 6, correcting the original claim about strong unlinkability expressed
in terms of bisimilarity [4].
– No attack expressible as a trace, a claim supported by our DEEPSEC code in
Sec. 2, and by adapting [19].
Note that in both cases, we make the assumption that the initial configuration of the
system is not fixed, as discussed in Sec. 2. Also, in both cases, internal communications,
modelled by τ-transitions, are assumed to be unobservable and a get challenge message
is observable.
16 Ihor Filimonov, Ross Horne, Sjouke Mauw, and Zach Smith
1. We search for a proof using a finer notion of bisimilarity called open bisimilar-
ity [25,7,26,21], which lazily explores the state space.
2. When a distinguishing strategy is discovered using open bisimilarity, we determine
whether it is an attack by constructing a distinguishing formula in an intermediate
modal logic called intuitionistic FM [21,22].
3. Given our formula, we check whether the formula is still distinguishing under clas-
sical assumptions. This confirms there is also an attack on early bisimilarity.
4. We check the attack is also valid in the setting of labelled bisimilarity [3] (for
which τ-transitions are silent), by checking where a lack of image finiteness allows
additional processes to be created that may have an impact on the analysis.
While the above methodology discovers and confirms our attack systematically, un-
doubtedly employing the above methodology required mastery of state-of-the-art work
on bisimilarity. Thus future work includes improving tool support.
Further perspectives on BAC and unlinkability. We note that the impact of our work
extends beyond the BAC protocol. Attacks on strong unlinkability we discover can be
adapted to a wide range of authentication protocols. We propose a general form for an
authentication protocol that may fail strong unlinkability.
– The same keys are used between the e-document and multiple readers.
– A failed authentication session behaves observably differently from a successful
authentication session.
Note observable differences between successful and failed sessions may be due to an
error message, as in the French and UK implementations of the BAC protocol; but
may also be due to the presence or absence of a valid message expected during au-
thentication. Therefore our attack adapts also to a variant of BAC that signals a failed
authentication session without any error message.
The latter point may be trickier to mitigate in practice. It may be possible to observe
the presence or absence of a message exchanged after authentication is complete. In the
ICAO 9303 standard, this phase is called the secure messaging phase. Such a practical
extension of our attack is a concern perpendicular to the study of the BAC protocol in
this work.
Another modelling dimension is the question of whether attacks such as those high-
lighted in this paper are down to inadequate definitions of unlinkability. A way to avoid
our attacks by modifying the definition of unlinkability is to sequentialise entire ses-
sions, such that exactly one reader starts and one passport starts, and both must have
used up all their actions before proceeding with any action in a new session. This essen-
tially models the situation where a round trip between an e-passport and remote reader
becomes infeasible (e.g., due to stricter timeouts). The current work however focuses
on clarifying established definitions of unlinkability.
Breaking Unlinkability of the ICAO 9303 Standard for e-Passports using Bisimilarity 17
Acknowledgements. We thank the following people for their time and knowledge during
the investigation of these results: Vincent Cheval, Ugo Chirico, Stéphanie Delaune,
Lucca Hirschi, and Steve Kremer.
References
1. Machine readable travel documents. part 11: Security mechanisms for MRTDs. Tech.
Rep. Doc 9303. Seventh Edition, International Civil Aviation Organization (ICAO) (2015),
https://www.icao.int/publications/Documents/9303_p11_cons_en.pdf
2. ISO 15408-2: Common criteria for information technology security evaluation. part 2: Se-
curity functional requirements. Tech. Rep. CCMB-2017-04-002, ISO/IEC standard (2017),
https://www.commoncriteriaportal.org/files/ccfiles/CCPART2V3.1R5.pdf
3. Abadi, M., Blanchet, B., Fournet, C.: The applied pi calculus: Mobile values, new names,
and secure communication. J. ACM 65(1), 1:1–1:41 (2017)
4. Arapinis, M., Chothia, T., Ritter, E., Ryan, M.: Analysing unlinkability and anonymity using
the applied pi calculus. In: Computer Security Foundations Symposium (CSF), 2010 23rd
IEEE. pp. 107–121. IEEE (2010)
5. Avoine, G., Beaujeant, A., Hernandez-Castro, J., Demay, L., Teuwen, P.: A survey of security
and privacy issues in epassport protocols. ACM Comput. Surv. 48(3), 47:1–47:37 (2016)
6. Bender, J., Fischlin, M., Kügler, D.: Security analysis of the PACE key-agreement protocol.
In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) Information Security. pp.
33–48. Springer (2009)
7. Briais, S., Nestmann, U.: Open bisimulation, revisited. Theoretical Computer Science
386(3), 236–271 (2007)
8. Brusó, M., Chatzikokolakis, K., Etalle, S., den Hartog, J.: Linking unlinkability. In:
Palamidessi, C., Ryan, M.D. (eds.) Trustworthy Global Computing. pp. 129–144. Springer
Berlin Heidelberg, Berlin, Heidelberg (2013)
9. Cheval, V.: Automatic verification of cryptographic protocols: privacy-type properties. PhD
thesis, Laboratoire Spécification et Vérification, ENS Cachan (2012)
10. Cheval, V.: APTE: an algorithm for proving trace equivalence. In: International Confer-
ence on Tools and Algorithms for the Construction and Analysis of Systems. pp. 587–592.
Springer (2014)
11. Cheval, V., Comon-Lundh, H., Delaune, S.: A procedure for deciding symbolic equivalence
between sets of constraint systems. Information and Computation 255(Part 1), 94 – 125
(2017)
12. Cheval, V., Kremer, S., Rakotonirina, I.: DEEPSEC: Deciding equivalence properties in se-
curity protocols theory and practice. In: 2018 IEEE Symposium on Security and Privacy
(S&P). pp. 529–546 (2018)
13. Chothia, T.: Analysing the mute anonymous file-sharing system using the pi-calculus. In:
Najm, E., Pradat-Peyre, J.F., Donzeau-Gouge, V.V. (eds.) Formal Techniques for Networked
and Distributed Systems - FORTE 2006. pp. 115–130. Springer Berlin Heidelberg, Berlin,
Heidelberg (2006)
14. Chothia, T., Smirnov, V.: A traceability attack against e-passports. In: Sion, R. (ed.) Financial
Cryptography and Data Security, 14th International Conference, FC 2010, Tenerife, Canary
Islands, Spain, January 25-28, 2010, Revised Selected Papers. Lecture Notes in Computer
Science, vol. 6052, pp. 20–34. Springer (2010)
15. Cortier, V., Rusinowitch, M., Zalinescu, E.: Relating two standard notions of secrecy. Logical
Methods in Computer Science 3(3) (2007)
18 Ihor Filimonov, Ross Horne, Sjouke Mauw, and Zach Smith
16. Cremers, C.: The Scyther tool: Verification, falsification, and analysis of security protocols.
In: International Conference on Computer Aided Verification. pp. 414–418. Springer (2008)
17. Dolev, D., Yao, A.: On the security of public-key protocols. IEEE Transactions on Informa-
tion Theory 2(29) (1983)
18. Feldhofer, M., Dominikus, S., Wolkerstorfer, J.: Strong authentication for RFID systems
using the AES algorithm. In: Joye, M., Quisquater, J.J. (eds.) Cryptographic Hardware and
Embedded Systems - CHES 2004. Lecture Notes in Computer Science, vol. 3156, pp. 357–
370. Springer (2004)
19. Hirschi, L., Baelde, D., Delaune, S.: A method for verifying privacy-type properties: the
unbounded case. In: Security and Privacy (S&P), 2016 IEEE Symposium on. pp. 564–581.
IEEE (2016)
20. Hirschi, L., Baelde, D., Delaune, S.: A method for unbounded verification of privacy-type
properties. Journal of Computer Security 27(3), 277–342 (2019)
21. Horne, R.: A bisimilarity congruence for the applied π-calculus sufficiently coarse to verify
privacy properties (arXiv:1811.02536) (2018), https://arxiv.org/abs/1811.02536
22. Horne, R., Ahn, K.Y., Lin, S.W., Tiu, A.: Quasi-open bisimilarity with mismatch is intuition-
istic. In: Dawar, A., Grädel, E. (eds.) In Proceedings of 33rd Annual ACM/IEEE Symposium
on Logic in Computer Science, Oxford, United Kingdom, July 9-12, 2018. pp. 26–35 (2018)
23. Kanellakis, P.C., Smolka, S.A.: CCS expressions, finite state processes, and three problems
of equivalence. Inf. Comput. 86(1), 43–68 (1990)
24. Milner, R., Parrow, J., Walker, D.: Modal logics for mobile processes. Theoretical Computer
Science 114(1), 149–171 (1993)
25. Sangiorgi, D.: A theory of bisimulation for the π-calculus. Acta Informatica 33(1), 69–97
(1996)
26. Tiu, A., Dawson, J.: Automating open bisimulation checking for the spi calculus. In: 2010
23rd IEEE Computer Security Foundations Symposium. pp. 307–321. IEEE (2010)