Assessment of Malaysian E-Passport PKI based on ISO 27000 Series International Standards
Malaysia was the 1st country in the world to issue biometric passports (e-Passport) in 1998. Recent years, a number of vulnerabilities in e-Passport have been identified in the first and second generation of e-Passports. These vulnerabilities can lead to crucial security issues. Due to lack of case...
| Published in: | Journal of Physics: Conference Series |
|---|---|
| Main Author: | |
| Format: | Conference paper |
| Language: | English |
| Published: |
Institute of Physics Publishing
2020
|
| Online Access: | https://www.scopus.com/inward/record.uri?eid=2-s2.0-85087644489&doi=10.1088%2f1742-6596%2f1551%2f1%2f012003&partnerID=40&md5=31a8bee0b41a720f0ce0e271ee2250a5 |
| id |
2-s2.0-85087644489 |
|---|---|
| spelling |
2-s2.0-85087644489 Suhaimi A.I.H.B.; Noordin N.; Ya'Kub M.F.B. Assessment of Malaysian E-Passport PKI based on ISO 27000 Series International Standards 2020 Journal of Physics: Conference Series 1551 1 10.1088/1742-6596/1551/1/012003 https://www.scopus.com/inward/record.uri?eid=2-s2.0-85087644489&doi=10.1088%2f1742-6596%2f1551%2f1%2f012003&partnerID=40&md5=31a8bee0b41a720f0ce0e271ee2250a5 Malaysia was the 1st country in the world to issue biometric passports (e-Passport) in 1998. Recent years, a number of vulnerabilities in e-Passport have been identified in the first and second generation of e-Passports. These vulnerabilities can lead to crucial security issues. Due to lack of case studies conducted to review the Malaysian e-Passport, the objectives of this study are to identify the security risk in Malaysian e-Passport PKI and to recommend the feasible solution for future enhancement. A qualitative method was used in this study where a set of interview questions prepared and interviews been conducted to four participants. The data been analyzed using Thematic Analysis and presented based on risk assessment methodology in ISO 27000 series International Standards. The risk assessment consists of two approaches; risk analysis and risk evaluation. The risk analysis identified resource identification and valuation, risk identification and risk measurement of Malaysian e-Passport PKI. While in risk evaluation, it focuses on risk mitigation and prioritizing protection activities for future enhancement. The results reveal that the Cloning, Man in the Middle, Spoofing and server related issues are the risk of Malaysian e-Passport. For recommendation, the result is to implement Password Authenticated Connection Establishment (PACE) and follow ICAO standards. The significance of this research will help policy-makers to make better decision on the future direction of Malaysian e-Passport in order to ensure Malaysian citizens having secured e-Passport. © Published under licence by IOP Publishing Ltd. Institute of Physics Publishing 17426588 English Conference paper All Open Access; Gold Open Access |
| author |
Suhaimi A.I.H.B.; Noordin N.; Ya'Kub M.F.B. |
| spellingShingle |
Suhaimi A.I.H.B.; Noordin N.; Ya'Kub M.F.B. Assessment of Malaysian E-Passport PKI based on ISO 27000 Series International Standards |
| author_facet |
Suhaimi A.I.H.B.; Noordin N.; Ya'Kub M.F.B. |
| author_sort |
Suhaimi A.I.H.B.; Noordin N.; Ya'Kub M.F.B. |
| title |
Assessment of Malaysian E-Passport PKI based on ISO 27000 Series International Standards |
| title_short |
Assessment of Malaysian E-Passport PKI based on ISO 27000 Series International Standards |
| title_full |
Assessment of Malaysian E-Passport PKI based on ISO 27000 Series International Standards |
| title_fullStr |
Assessment of Malaysian E-Passport PKI based on ISO 27000 Series International Standards |
| title_full_unstemmed |
Assessment of Malaysian E-Passport PKI based on ISO 27000 Series International Standards |
| title_sort |
Assessment of Malaysian E-Passport PKI based on ISO 27000 Series International Standards |
| publishDate |
2020 |
| container_title |
Journal of Physics: Conference Series |
| container_volume |
1551 |
| container_issue |
1 |
| doi_str_mv |
10.1088/1742-6596/1551/1/012003 |
| url |
https://www.scopus.com/inward/record.uri?eid=2-s2.0-85087644489&doi=10.1088%2f1742-6596%2f1551%2f1%2f012003&partnerID=40&md5=31a8bee0b41a720f0ce0e271ee2250a5 |
| description |
Malaysia was the 1st country in the world to issue biometric passports (e-Passport) in 1998. Recent years, a number of vulnerabilities in e-Passport have been identified in the first and second generation of e-Passports. These vulnerabilities can lead to crucial security issues. Due to lack of case studies conducted to review the Malaysian e-Passport, the objectives of this study are to identify the security risk in Malaysian e-Passport PKI and to recommend the feasible solution for future enhancement. A qualitative method was used in this study where a set of interview questions prepared and interviews been conducted to four participants. The data been analyzed using Thematic Analysis and presented based on risk assessment methodology in ISO 27000 series International Standards. The risk assessment consists of two approaches; risk analysis and risk evaluation. The risk analysis identified resource identification and valuation, risk identification and risk measurement of Malaysian e-Passport PKI. While in risk evaluation, it focuses on risk mitigation and prioritizing protection activities for future enhancement. The results reveal that the Cloning, Man in the Middle, Spoofing and server related issues are the risk of Malaysian e-Passport. For recommendation, the result is to implement Password Authenticated Connection Establishment (PACE) and follow ICAO standards. The significance of this research will help policy-makers to make better decision on the future direction of Malaysian e-Passport in order to ensure Malaysian citizens having secured e-Passport. © Published under licence by IOP Publishing Ltd. |
| publisher |
Institute of Physics Publishing |
| issn |
17426588 |
| language |
English |
| format |
Conference paper |
| accesstype |
All Open Access; Gold Open Access |
| record_format |
scopus |
| collection |
Scopus |
| _version_ |
1809677896417017856 |