000071110 001__ 71110 000071110 005__ 20190709135627.0 000071110 0247_ $$2doi$$a10.1049/iet-ifs.2017.0299 000071110 0248_ $$2sideral$$a103610 000071110 037__ $$aART-2017-103610 000071110 041__ $$aeng 000071110 100__ $$0(orcid)0000-0001-7982-0359$$aRodríguez, R.J.$$uUniversidad de Zaragoza 000071110 245__ $$aSecurity assessment of the Spanish contactless identity card 000071110 260__ $$c2017 000071110 5060_ $$aAccess copy available to the general public$$fUnrestricted 000071110 5203_ $$aThe theft of personal information to fake the identity of a person is a common threat normally performed by individual criminals, terrorists, or crime rings to commit fraud or other felonies Recently, the Spanish identity card, which provides enough information to hire online products such as mortgages or loans, was updated to incorporate a near-field communication chip as electronic passports do. This contactless interface brings a new attack vector for criminals, who might take advantage of the radio-frequency identification communication to virtually steal personal information. In this study, the authors consider as case study the recently deployed contactless Spanish identity card assessing its security against identity theft. In particular, they evaluated the security of one of the contactless access protocol as implemented in the contactless Spanish identity card, and found that no defences against online brute-force attacks were incorporated. They then suggest two countermeasures to protect against these attacks. Furthermore, they also analysed the pseudo-random number generator within the card, which passed all the performed tests with good results. 000071110 536__ $$9info:eu-repo/grantAgreement/ES/MINECO/TIN2014-58457-R$$9info:eu-repo/grantAgreement/ES/UZ/CUD2016-TEC-06 000071110 540__ $$9info:eu-repo/semantics/openAccess$$aAll rights reserved$$uhttp://www.europeana.eu/rights/rr-f/ 000071110 590__ $$a0.89$$b2017 000071110 591__ $$aCOMPUTER SCIENCE, THEORY & METHODS$$b69 / 103 = 0.67$$c2017$$dQ3$$eT3 000071110 591__ $$aCOMPUTER SCIENCE, INFORMATION SYSTEMS$$b123 / 148 = 0.831$$c2017$$dQ4$$eT3 000071110 592__ $$a0.381$$b2017 000071110 593__ $$aComputer Networks and Communications$$c2017$$dQ2 000071110 593__ $$aSoftware$$c2017$$dQ2 000071110 593__ $$aInformation Systems$$c2017$$dQ2 000071110 655_4 $$ainfo:eu-repo/semantics/article$$vinfo:eu-repo/semantics/acceptedVersion 000071110 700__ $$aGarcia-Escartin, J.C. 000071110 7102_ $$15007$$2570$$aUniversidad de Zaragoza$$bDpto. Informát.Ingenie.Sistms.$$cÁrea Lenguajes y Sistemas Inf. 000071110 773__ $$g11, 6 (2017), 386-393$$pIET Information Security$$tIET Information Security$$x1751-8709 000071110 8564_ $$s421908$$uhttps://zaguan.unizar.es/record/71110/files/texto_completo.pdf$$yPostprint 000071110 8564_ $$s137447$$uhttps://zaguan.unizar.es/record/71110/files/texto_completo.jpg?subformat=icon$$xicon$$yPostprint 000071110 909CO $$ooai:zaguan.unizar.es:71110$$particulos$$pdriver 000071110 951__ $$a2019-07-09-12:31:24 000071110 980__ $$aARTICLE