Risk assessment of Malaysian e-Passport PKI based on ISO 27000 series International Standards / Mohd Faizul Ya'kub

Ya'kub, Mohd Faizul (2018) Risk assessment of Malaysian e-Passport PKI based on ISO 27000 series International Standards / Mohd Faizul Ya'kub. Masters thesis, Universiti Teknologi MARA (UiTM).

Abstract

Malaysia was the 1st country in the world to issue biometric passports (e-Passport) in 1998. Recent years, a number of vulnerabilities in e-Passport have been identified in the first and second generation of e-Passports. These vulnerabilities can lead to security issues such as cloning, spoofing, skimming, eavesdropping and identity theft crimes. Countries in European Union (EU) had taken steps to rectify the issues and enhance their e-Passport security features. However, there is lack of case studies conducted to review the Malaysian e-Passport security risk assessment according to International Standards. The objectives of this study are to identify the security risk in Malaysian e-Passport PKI and to recommend the feasible solution for future enhancement. A qualitative method was used in this study where a set of interview questions prepared and interviews been conducted to four participants. The data been analysed using Thematic Analysis and presented based on risk assessment methodology in ISO 27000 series International Standards. The risk assessment consists of two approaches; risk analysis and risk evaluation. The risk analysis identified resource identification and valuation, risk identification and risk measurement of Malaysian e-Passport PKI. While in risk evaluation, it focuses on risk mitigation and prioritizing protection activities for future enhancement. The results reveal that the Cloning, Man in the Middle, Spoofing and server related issues are the risk of Malaysian e-Passport. For recommendation, the result is to implement Password Authenticated Connection Establishment (PACE) and follow ICAO standards. The significance of this research will help policy-makers to make decision on the future direction of Malaysian e-Passport and ensure Malaysian citizens having secured e-Passport technologies for travelling overseas.

Metadata

Item Type: Thesis (Masters)
Creators:
Creators
Email / ID Num.
Ya'kub, Mohd Faizul
2015670018
Contributors:
Contribution
Name
Email / ID Num.
Thesis advisor
Suhaimi, Ahmad Iqbal Hakim
UNSPECIFIED
Subjects: H Social Sciences > HJ Public Finance > Customs administration
T Technology > T Technology (General) > Information technology. Information systems
Divisions: Universiti Teknologi MARA, Shah Alam > Faculty of Computer and Mathematical Sciences
Programme: Master of Science in Information Technology -CS770
Keywords: e-Passport, ISO 27000, International Standards, biometric, Cloning, Man in the Middle, Spoofing, Password Authenticated Connection Establishment (PACE), ICAO standards
Date: 2018
URI: https://ir.uitm.edu.my/id/eprint/87392
Edit Item
Edit Item

Download

[thumbnail of 87392.pdf] Text
87392.pdf

Download (150kB)

Digital Copy

Digital (fulltext) is available at:

Physical Copy

Physical status and holdings:
Item Status:
On Shelf

ID Number

87392

Indexing

Statistic

Statistic details