Chip Authentication for E-Passports: PACE with Chip Authentication Mapping v2
According to the European Commission Decision C(2006) 2909, EU Member States must implement Supplemental Access Control (SAC) on biometric passports. The SAC standard describes two versions of a password based authenticated key exchange protocol called PACE-GM and PACE-IM. Moreover, it defines an extension called PACE-CAM. Apart from password authentication and establishing a session key, the PACE-CAM protocol executes an active authentication of the ePassport with just one extra modular multiplication. However, it uses PACE-GM as a building block and does not work with the more efficient protocol PACE-IM. In this paper we propose an active authentication extension, which can be used with both PACE-GM and PACE-IM. Moreover, the protocol’s overhead on the side of the ePassport, remains the same despite more universality.
KeywordsePassport Supplemental Access Control PACE Active Authentication Chip Authentication Mapping ICAO
The research was supported by the Polish National Science Centre based on the decision DEC-2013/08/M/ST6/00928. Initial work of the first author has been supported by Foundation for Polish Science project VENTURES/2012-9/4.
- [BDFK12]Bender, J., Dagdelen, Ö., Fischlin, M., Kügler, D.: The PACE|AA protocol for machine readable travel document, and its security. In: Proceedings of the 16th International Conference on Financial Cryptography and Data Security (2012)Google Scholar
- [BK12]Bender, J., Kügler, D.: Verfahren zur Authentisierung, RF-chip-Dokument, RF-Chip-Lesegerät und Computerprogrammprodukte, 13 September 2012. WO Patent App. PCT/EP2012/001,076 (2012)Google Scholar
- [BM92]Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: IEEE Symposium on Research in Security and Privacy, pp. 72–84 (1992)Google Scholar
- [BSI15]BSI. Advanced Security Mechanisms for Machine Readable Travel Documents and eIDAS Token 2.20. Technical Guideline TR-03110-2 (2015)Google Scholar
- [CGIP11]Coron, J.-S., Gouget, A., Icart, T., Paillier, P.: Supplemental Access Control (PACE v2): Security Analysis of PACE Integrated Mapping. Cryptology ePrint Archive, Report 2011/058 (2011)Google Scholar
- [ISO11]ISO/IEC JTC1 SC17 WG3/TF5 for the International Civil Aviation Organization. Supplemental access control for machine readable travel documents v1.01. Technical report, 08 March 2011Google Scholar
- [ISO14]ISO/IEC JTC1 SC17 WG3/TF5 for the International Civil Aviation Organization. Supplemental access control for machine readable travel documents v1.1. Technical report, 15 April 2014Google Scholar
- [Sho04]Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332 (2004). http://eprint.iacr.org/