Attribute-Based Access Control Architectures with the eIDAS Protocols

  • Frank Morgner
  • Paul Bastian
  • Marc Fischlin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10074)


The extended access control protocol has been used for the German identity card since November 2010, primarily to establish a cryptographic key between a card and a service provider and to authenticate the partners. The protocol is also referenced by the International Civil Aviation Organization for machine readable travel documents (Document 9303) as an option, and it is a candidate for the future European eIDAS identity system. Here we show that the system can be used to build a secure access system which operates in various settings (e.g., integrated, distributed, or authentication-service based architectures), and where access can be granted based on card’s attributes. In particular we prove the protocols to provide strong cryptographic guarantees, including privacy of the attributes against outsiders.



We thank the anonymous reviewers of SSR 2016 for valuable comments.


  1. 1.
    Bundesamt für Sicherheit in der Informationstechnik (BSI): Advanced Security Mechanism for Machine Readable Travel Documents – Extended Access Control (EAC), Password Authenticated Connection Establishment (PACE), and Restricted Identification (RI). BSI-TR-03110, Version 2.0 (2008)Google Scholar
  2. 2.
    Bundesamt für Sicherheit in der Informationstechnik (BSI): Technical Guideline TR-03110-2: Advanced Security Mechanisms for Machine Readable Travel Documents and eIDAS Token, Part 2, Protocols for electronic IDentification, Authentication and trust Services (eIDAS). BSI-TR-03110, Version 2.20 (2015)Google Scholar
  3. 3.
    Bundesamt für Sicherheit in der Informationstechnik (BSI): Technical Guideline TR-03110-3: Advanced Security Mechanisms for Machine Readable Travel Documents and eIDAS Token, Part 3, Common Specifications. BSI-TR-03110, Version 2.20 (2015)Google Scholar
  4. 4.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001). doi: 10.1007/3-540-45682-1_30 CrossRefGoogle Scholar
  5. 5.
    Morgner, F.: Transaktionsabsicherung mit der Online-Ausweisfunktion. Kryptographische Bindung von Transaktionsdaten an den Personalausweis. Presentation, CeBit 2014, March 2014Google Scholar
  6. 6.
    Bastian, P.: Physical Access Control Systems Using Asymmetric Cryptography, Master-Arbeit, Humboldt-Universität zu Berlin (2015)Google Scholar
  7. 7.
    Bellare, M., Anand Desai, E., Jokipii, P.R.: A concrete security treatment of symmetric encryption. In: FOCS, pp. 394–403. IEEE (1997)Google Scholar
  8. 8.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). doi: 10.1007/3-540-48329-2_21 CrossRefGoogle Scholar
  9. 9.
    Bender, J., Dagdelen, Ö., Fischlin, M., Kügler, D.: The PACE\(|\)AA protocol for machine readable travel documents, and its security. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 344–358. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32946-3_25 CrossRefGoogle Scholar
  10. 10.
    Bender, J., Dagdelen, Ö., Fischlin, M., Kügler, D.: Domain-specific pseudonymous signatures for the German identity card. In: Gollmann, D., Freiling, F.C. (eds.) ISC 2012. LNCS, vol. 7483, pp. 104–119. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33383-5_7 CrossRefGoogle Scholar
  11. 11.
    Bender, J., Fischlin, M., Kügler, D.: Security analysis of the PACE key-agreement protocol. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 33–48. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-04474-8_3 CrossRefGoogle Scholar
  12. 12.
    Bender, J., Fischlin, M., Kügler, D.: The PACE\(|\)CA protocol for machine readable travel documents. In: Bloem, R., Lipp, P. (eds.) INTRUST 2013. LNCS, vol. 8292, pp. 17–35. Springer, Heidelberg (2013). doi: 10.1007/978-3-319-03491-1_2 CrossRefGoogle Scholar
  13. 13.
    Brzuska, C.: On the Foundations of Key Exchange. Dissertation, Technische Universität Darmstadt (2013).
  14. 14.
    Brzuska, C., Fischlin, M., Smart, N.P., Warinschi, B., Williams, S.C.: Less is more: relaxed yet composable security notions for key exchange. Int. J. Inf. Sec. 12(4), 267–297 (2013)CrossRefGoogle Scholar
  15. 15.
    Coron, J.-S., Gouget, A., Icart, T., Paillier, P.: Supplemental access control (PACE v2): security analysis of PACE integrated mapping. In: Naccache, D. (ed.) Cryptography and Security: From Theory to Applications. LNCS, vol. 6805, pp. 207–232. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-28368-0_15 CrossRefGoogle Scholar
  16. 16.
    Dagdelen, Ö., Fischlin, M.: Security analysis of the extended access control protocol for machine readable travel documents. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 54–68. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-18178-8_6 CrossRefGoogle Scholar
  17. 17.
    Hanzlik, L., Kutylowski, M.: Restricted identification secure in the extended Canetti-Krawczyk model. J. UCS 21(3), 419–439 (2015)Google Scholar
  18. 18.
    Hanzlik, L., Krzywiecki, Ł., Kutyłowski, M.: Simplified PACE\(|\)AA protocol. In: Deng, R.H., Feng, T. (eds.) ISPEC 2013. LNCS, vol. 7863, pp. 218–232. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38033-4_16 CrossRefGoogle Scholar
  19. 19.
    International Civil Aviation Organization: Doc 9303, Machine Readable Travel Documents, Part 11, Security Mechanisms for MRTDs, 7th edn. (2015)Google Scholar
  20. 20.
    Jager, T., Kohlar, F., Schäge, S., Schwenk, J.: On the security of TLS-DHE in the standard model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 273–293. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32009-5_17 CrossRefGoogle Scholar
  21. 21.
    Kutyłowski, M., Krzywiecki, Ł., Kubiak, P., Koza, M.: Restricted identification scheme and Diffie-Hellman linking problem. In: Chen, L., Yung, M., Zhu, L. (eds.) INTRUST 2011. LNCS, vol. 7222, pp. 221–238. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32298-3_15 CrossRefGoogle Scholar
  22. 22.
    Morgner, F., Bastian, P., Fischlin, M.: Securing transactions with the eIDAS protocols. In: Foresti, S., Lopez, J. (eds.) WISTP 2016. LNCS, vol. 9895, pp. 3–18. Springer, Heidelberg (2016). doi: 10.1007/978-3-319-45931-8_1 CrossRefGoogle Scholar
  23. 23.
    Paterson, K.G., Ristenpart, T., Shrimpton, T.: Tag size Does matter: attacks and proofs for the TLS record protocol. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 372–389. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-25385-0_20 CrossRefGoogle Scholar
  24. 24.
    Rogaway, P.: Evaluation of some blockcipher modes of operation. Cryptography Research and Evaluation Committees (CRYPTREC) for the Government of Japan, February 2011Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.Bundesdruckerei GmbHBerlinGermany
  2. 2.Technische Universität DarmstadtDarmstadtGermany

Personalised recommendations