Abstract
According to the European Commission Decision C(2006) 2909, EU Member States must implement Supplemental Access Control (SAC) on biometric passports. The SAC standard describes two versions of a password based authenticated key exchange protocol called PACE-GM and PACE-IM. Moreover, it defines an extension called PACE-CAM. Apart from password authentication and establishing a session key, the PACE-CAM protocol executes an active authentication of the ePassport with just one extra modular multiplication. However, it uses PACE-GM as a building block and does not work with the more efficient protocol PACE-IM. In this paper we propose an active authentication extension, which can be used with both PACE-GM and PACE-IM. Moreover, the protocol’s overhead on the side of the ePassport, remains the same despite more universality.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
For the protocols concerned, in fact we may assume there is one server with many instances.
References
Boneh, D., Boyen, X.: Short signatures without random oracles and the SDH assumption in bilinear groups. J. Cryptology 21(2), 149–177 (2008)
Bender, J., Dagdelen, Ö., Fischlin, M., Kügler, D.: The PACE|AA protocol for machine readable travel document, and its security. In: Proceedings of the 16th International Conference on Financial Cryptography and Data Security (2012)
Bender, J., Fischlin, M., Kügler, D.: Security analysis of the PACE key-agreement protocol. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 33–48. Springer, Heidelberg (2009)
Bender, J., Fischlin, M., Kügler, D.: The PACE\(|\)CA protocol for machine readable travel documents. In: Bloem, R., Lipp, P. (eds.) INTRUST 2013. LNCS, vol. 8292, pp. 17–35. Springer, Heidelberg (2013)
Bender, J., Kügler, D.: Verfahren zur Authentisierung, RF-chip-Dokument, RF-Chip-Lesegerät und Computerprogrammprodukte, 13 September 2012. WO Patent App. PCT/EP2012/001,076 (2012)
Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: IEEE Symposium on Research in Security and Privacy, pp. 72–84 (1992)
Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
BSI. Advanced Security Mechanisms for Machine Readable Travel Documents and eIDAS Token 2.20. Technical Guideline TR-03110-2 (2015)
Coron, J.-S., Gouget, A., Icart, T., Paillier, P.: Supplemental Access Control (PACE v2): Security Analysis of PACE Integrated Mapping. Cryptology ePrint Archive, Report 2011/058 (2011)
Hanzlik, L., Krzywiecki, Ł., Kutyłowski, M.: Simplified PACE\(|\)AA protocol. In: Deng, R.H., Feng, T. (eds.) ISPEC 2013. LNCS, vol. 7863, pp. 218–232. Springer, Heidelberg (2013)
ISO/IEC JTC1 SC17 WG3/TF5 for the International Civil Aviation Organization. Supplemental access control for machine readable travel documents v1.01. Technical report, 08 March 2011
ISO/IEC JTC1 SC17 WG3/TF5 for the International Civil Aviation Organization. Supplemental access control for machine readable travel documents v1.1. Technical report, 15 April 2014
David, P.: Jablon: strong password-only authenticated key exchange. SIGCOMM Comput. Commun. Rev. 26(5), 5–26 (1996)
Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332 (2004). http://eprint.iacr.org/
Acknowledgment
The research was supported by the Polish National Science Centre based on the decision DEC-2013/08/M/ST6/00928. Initial work of the first author has been supported by Foundation for Polish Science project VENTURES/2012-9/4.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Hanzlik, L., Kutyłowski, M. (2016). Chip Authentication for E-Passports: PACE with Chip Authentication Mapping v2 . In: Bishop, M., Nascimento, A. (eds) Information Security. ISC 2016. Lecture Notes in Computer Science(), vol 9866. Springer, Cham. https://doi.org/10.1007/978-3-319-45871-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-45871-7_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45870-0
Online ISBN: 978-3-319-45871-7
eBook Packages: Computer ScienceComputer Science (R0)