Skip to main content

PACE with Mutual Authentication – Towards an Upgraded eID in Europe

  • 1066 Accesses

Part of the Lecture Notes in Computer Science book series (LNSC,volume 12973)

Abstract

In this paper we present modifications to the protocols PACE (Password Authenticated Connection Establishment) and PACE CAM (PACE with Chip Authentication Mapping) from International Civil Aviation Organization (ICAO) specification. We show that with slight changes it is possible to convert PACE (which is limited to password authentication) and PACE CAM (where only the chip is strongly authenticated) to a full-fledged authentication where apart from password authentication both the terminal and the chip are authenticated in a strong cryptographic way.

The new protocols provide better privacy protection and resilience against key leakage than the previous protocols and are implementation friendly. The idea is not to reveal an exponent (as in case of PACE CAM) – instead, we reuse the Diffie-Hellman key exchange for static Diffie-Hellman authentication in the PACE protected channel.

The proposed fine tuning of the schemes adopted by ICAO for biometric passports may contribute to the future European eID practice, since the ICAO standards have been chosen by the EU as an obligatory basic platform for official personal identity documents issued since August 2021 in all EU countries.

Keywords

  • eID
  • Electronic identity document
  • ICAO
  • PAKE
  • PACE
  • Mutual Authentication
  • Privacy

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-88428-4_25
  • Chapter length: 19 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   89.00
Price excludes VAT (USA)
  • ISBN: 978-3-030-88428-4
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   119.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.

Notes

  1. 1.

    Such a delay is necessary to make brute force attacks harder and to convince the user that some computation is really taking place.

References

  1. Bender, J., Dagdelen, Ö., Fischlin, M., Kügler, D.: The PACE\(\vert \)AA protocol for machine readable travel documents, and its security. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 344–358. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32946-3_25

  2. Bender, J., Fischlin, M., Kügler, D.: Security analysis of the PACE key-agreement protocol. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 33–48. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04474-8_3

    CrossRef  MATH  Google Scholar 

  3. Bender, J., Fischlin, M., Kügler, D.: The PACE\(\vert \)CA protocol for machine readable travel documents. In: Bloem, R., Lipp, P. (eds.) INTRUST 2013. LNCS, vol. 8292, pp. 17–35. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-03491-1_2

    CrossRef  Google Scholar 

  4. BSI: Technical guideline TR-03110 v2.21 - advanced security mechanisms for machine readable travel documents and eidas token (2016). https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/TR03110/BSITR03110.html

  5. Dennis Kügler, J.B.: Method for authentication, RF chip document, RF chip reader and computer program products. Patent US20140157385A1 (2014)

    Google Scholar 

  6. Hanzlik, L., Krzywiecki, Ł, Kutyłowski, M.: Simplified PACE\(\vert \)AA protocol. In: Deng, R.H., Feng, T. (eds.) ISPEC 2013. LNCS, vol. 7863, pp. 218–232. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38033-4_16

    CrossRef  Google Scholar 

  7. Hanzlik, L., Kutyłowski, M.: Chip authentication for E-passports: PACE with chip authentication mapping v2. In: Bishop, M., Nascimento, A.C.A. (eds.) ISC 2016. LNCS, vol. 9866, pp. 115–129. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45871-7_8

    CrossRef  Google Scholar 

  8. ICAO: Machine Readable Travel Documents - Part 11: Security Mechanism for MRTDs. Doc 9303 (2015)

    Google Scholar 

  9. Kutyłowski, M., Kubiak, P.: Privacy and security analysis of PACE GM protocol. In: 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering, TrustCom/BigDataSE 2019, Rotorua, New Zealand, 5–8 August 2019, pp. 763–768. IEEE (2019). https://doi.org/10.1109/TrustCom/BigDataSE.2019.00110

  10. Kutyłowski, M., Kubiak, P., Kozieł, P., Cao, Y.: Poster: eID in Europe - password authentication revisited. In: Yan, Z., Tyson, G., Koutsonikolas, D. (eds.) IFIP Networking Conference, IFIP Networking 2021, Espoo and Helsinki, Finland, 21–24 June 2021, pp. 1–3. IEEE (2021). https://doi.org/10.23919/IFIPNetworking52078.2021.9472856

  11. Shenets, N.N., Trukhina, E.E.: X-PACE: modified password authenticated connection establishment protocol. Autom. Control Comput. Sci. 51(8), 972–977 (2017)

    CrossRef  Google Scholar 

  12. The European Parliament and the Council of the European Union: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Off. J. Eur. Union 119(1) (2016)

    Google Scholar 

  13. The European Parliament and the Council of the European Union: Regulation (EU) 2019/1157—strengthening the security of identity cards and of residence documents issued to eu citizens and their family members exercising their right of free movement. Off. J. Eur. Union 188(67) (2019)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Mirosław Kutyłowski .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Kozieł, P., Kubiak, P., Kutyłowski, M. (2021). PACE with Mutual Authentication – Towards an Upgraded eID in Europe. In: Bertino, E., Shulman, H., Waidner, M. (eds) Computer Security – ESORICS 2021. ESORICS 2021. Lecture Notes in Computer Science(), vol 12973. Springer, Cham. https://doi.org/10.1007/978-3-030-88428-4_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-88428-4_25

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-88427-7

  • Online ISBN: 978-3-030-88428-4

  • eBook Packages: Computer ScienceComputer Science (R0)