Towards a More Secure and Scalable Verifying PKI of eMRTD

  • Nicolas Buchmann
  • Harald Baier
Conference paper

DOI: 10.1007/978-3-642-53997-8_7

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8341)
Cite this paper as:
Buchmann N., Baier H. (2014) Towards a More Secure and Scalable Verifying PKI of eMRTD. In: Katsikas S., Agudo I. (eds) Public Key Infrastructures, Services and Applications. EuroPKI 2013. Lecture Notes in Computer Science, vol 8341. Springer, Berlin, Heidelberg

Abstract

The new electronic passport stores biometric data on a contactless readable chip to uniquely link the travel document to its holder. This sensitive data is protected by a complex protocol called Extended Access Control (EAC) against unlawful readouts. EAC is manifold and thus needs a complex public key infrastructure (PKI). Additionally EAC is known to suffer from unsolved weaknesses, e.g., stolen (mobile) passport inspection systems due to its missing revocation mechanism. The paper at hand seeks for potential approaches to solve these shortcomings. As a result we present an evaluation framework with special focus on security and scalability to assess the different candidates and to give a best recommendation. Instead of creating new protocols, we focus on solutions, which are based on well-known protocols from the Internet domain like the Network Time Protocol (NTP), the Online Certificate Status Protocol (OCSP), and the Server-based Certificate Validation Protocol (SCVP). These protocols are openly standardised, widely deployed, thoroughly tested, and interoperable. Our recommendation is that the EAC PKI would benefit most from introducing NTP and OCSP.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Nicolas Buchmann
    • 1
  • Harald Baier
    • 1
  1. 1.da/sec Biometrics and Internet Security Research GroupHochschule DarmstadtDarmstadtGermany

Personalised recommendations