Chip Authentication for E-Passports: PACE with Chip Authentication Mapping v2

  • Lucjan HanzlikEmail author
  • Mirosław Kutyłowski
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9866)


According to the European Commission Decision C(2006) 2909, EU Member States must implement Supplemental Access Control (SAC) on biometric passports. The SAC standard describes two versions of a password based authenticated key exchange protocol called PACE-GM and PACE-IM. Moreover, it defines an extension called PACE-CAM. Apart from password authentication and establishing a session key, the PACE-CAM protocol executes an active authentication of the ePassport with just one extra modular multiplication. However, it uses PACE-GM as a building block and does not work with the more efficient protocol PACE-IM. In this paper we propose an active authentication extension, which can be used with both PACE-GM and PACE-IM. Moreover, the protocol’s overhead on the side of the ePassport, remains the same despite more universality.


ePassport Supplemental Access Control PACE Active Authentication Chip Authentication Mapping ICAO 



The research was supported by the Polish National Science Centre based on the decision DEC-2013/08/M/ST6/00928. Initial work of the first author has been supported by Foundation for Polish Science project VENTURES/2012-9/4.


  1. [BB08]
    Boneh, D., Boyen, X.: Short signatures without random oracles and the SDH assumption in bilinear groups. J. Cryptology 21(2), 149–177 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  2. [BDFK12]
    Bender, J., Dagdelen, Ö., Fischlin, M., Kügler, D.: The PACE|AA protocol for machine readable travel document, and its security. In: Proceedings of the 16th International Conference on Financial Cryptography and Data Security (2012)Google Scholar
  3. [BFK09]
    Bender, J., Fischlin, M., Kügler, D.: Security analysis of the PACE key-agreement protocol. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 33–48. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. [BFK13]
    Bender, J., Fischlin, M., Kügler, D.: The PACE\(|\)CA protocol for machine readable travel documents. In: Bloem, R., Lipp, P. (eds.) INTRUST 2013. LNCS, vol. 8292, pp. 17–35. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  5. [BK12]
    Bender, J., Kügler, D.: Verfahren zur Authentisierung, RF-chip-Dokument, RF-Chip-Lesegerät und Computerprogrammprodukte, 13 September 2012. WO Patent App. PCT/EP2012/001,076 (2012)Google Scholar
  6. [BM92]
    Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: IEEE Symposium on Research in Security and Privacy, pp. 72–84 (1992)Google Scholar
  7. [BN05]
    Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. [BPR00]
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. [BSI15]
    BSI. Advanced Security Mechanisms for Machine Readable Travel Documents and eIDAS Token 2.20. Technical Guideline TR-03110-2 (2015)Google Scholar
  10. [CGIP11]
    Coron, J.-S., Gouget, A., Icart, T., Paillier, P.: Supplemental Access Control (PACE v2): Security Analysis of PACE Integrated Mapping. Cryptology ePrint Archive, Report 2011/058 (2011)Google Scholar
  11. [HKK13]
    Hanzlik, L., Krzywiecki, Ł., Kutyłowski, M.: Simplified PACE\(|\)AA protocol. In: Deng, R.H., Feng, T. (eds.) ISPEC 2013. LNCS, vol. 7863, pp. 218–232. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  12. [ISO11]
    ISO/IEC JTC1 SC17 WG3/TF5 for the International Civil Aviation Organization. Supplemental access control for machine readable travel documents v1.01. Technical report, 08 March 2011Google Scholar
  13. [ISO14]
    ISO/IEC JTC1 SC17 WG3/TF5 for the International Civil Aviation Organization. Supplemental access control for machine readable travel documents v1.1. Technical report, 15 April 2014Google Scholar
  14. [Jab96]
    David, P.: Jablon: strong password-only authenticated key exchange. SIGCOMM Comput. Commun. Rev. 26(5), 5–26 (1996)CrossRefGoogle Scholar
  15. [Sho04]
    Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332 (2004).

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Wrocław University of TechnologyWrocławPoland

Personalised recommendations