Study and security analysis of the Spanish identity card
Javier Correa-Marichal, Pino Caballero-Gil, Carlos Rosa-Remedios, and, Rames Sarwat-Shaker
TL;DR
This paper provides a comprehensive security analysis of the Spanish electronic identity card (DNIe), evaluating its robustness through practical testing with common devices and tools.
Contribution
It offers a theoretical and practical assessment of DNIe security mechanisms using accessible tools without privileged access, highlighting potential vulnerabilities.
Findings
Security mechanisms are tested with basic tools and devices.
The analysis confirms the robustness of some security features.
Potential vulnerabilities are identified through exploratory methods.
Abstract
The National Identity Document is a fundamental piece of documentation for the identification of citizens throughout the world. That is precisely the case of the DNI (Documento Nacional de Identidad) of Spain. Its importance has been enhanced in recent years with the addition of a chip for the authentication of users within telematic administrative services. Thus, the document has since been called: electronic DNI or simply DNIe. Sensitive user information is stored in that integrated circuit, such as personal and biometric data, along with signature and authentication certificates. Some of the functionalities of the DNIe in its current version at the time of writing this work have been implemented for years in the DNI 3.0 version launched in 2015, and therefore have already been extensively studied. This work provides a theoretical and practical compilation study of some of the…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsEuropean Criminal Justice and Data Protection