Professional Documents
Culture Documents
a r t i c l e i n f o a b s t r a c t
Article history: Extended Access Control (EAC) is a security mechanism specied to allow only autho-
Received 31 July 2010 rized Inspection System (IS) to read sensitive biometric data such as ngerprints from
Received in revised form 29 September e-passports. Although European Union EAC scheme offers more exibility than Singapore
2010
scheme, there is clearly room for improvement. By adopting Identity-Based Cryptography
Accepted 6 October 2010
(IBC) technology, a simple and secure EAC implementation scheme (IBC-EAC) is proposed.
Available online 8 October 2010
Communicated by D. Pointcheval The authorization mechanism based on IBC is more trustable because the access right to
sensitive data is granted directly to the IS through Authorized Smartcard. A new authenti-
Keywords: cation protocol based on IBC is performed between the e-passport chip and the Authorized
E-passport security Smartcard. The protocol also provides an important contribution towards terminal revo-
Extended Access Control cation. By using IBC-EAC scheme, the complexity of deploying and managing PKI can be
Identity-Based Cryptography reduced. And the computational cost for e-passport to verify the certicate chain in EU-
Safety/security in digital systems
EAC scheme can be saved.
2010 Elsevier B.V. All rights reserved.
0020-0190/$ see front matter 2010 Elsevier B.V. All rights reserved.
doi:10.1016/j.ipl.2010.10.006
C.H. Li et al. / Information Processing Letters 111 (2010) 2630 27
unilaterally by the EU Member States. Although EU-EAC of- provide cryptographic services for Document Signer (DS)
fers more exibility than Singapore scheme, there is clearly and IS. Each DS and each IS takes his unique Ocial Name
room for improvement. The vulnerabilities of EU-EAC v1 as its identity (denoted by ID_Issuer and ID_IS respectively).
were exposed in [6]. Pasupathinathan et al. [7] argued that The IS who wants to read the sensitive data must submit
EU-EAC proposal made extensive use of PKI. Lschner and his application to the CS. For the domestic IS, the Doc-
Rha [8] concluded that the process of certication should ument Verier (DV) judges the legitimacy of the IS and
be simplied. All the researchers [69] pointed out one then submits the applications to the CS. For the foreign
common problem is that its hard to check whether a cer- IS, it is the responsibility of the Embassy of Issuing State.
ticate has expired or not. This also makes it practically The access right is granted directly through Identity Cer-
impossible to revoke a certicate. Chaabouni and Vaude- ticates (ID-Cert) stored in Authorized Smartcard. The au-
nay [10] pointed out that the revocation of terminals was thorization information is stored in Authorized Smartcard;
not fully solved in EU-EAC v2. while the information used for authentication is stored in
Identity-Based Cryptography is a type of public-key e-passport chip. Authentication protocol based on IBC is
cryptography in which the public key is some unique in- performed between e-passport chip and Authorized Smart-
formation about the identity of the user (e.g. a users email card. The authentication protocol enables the chip to verify
address). IBC has many merits over Certicate-Based Public whether the IS is entitled to access sensitive data. Fig. 1 il-
Key Cryptography, such as no Certicate and CA, no Pub- lustrates the framework of the IBC-EAC scheme.
lic Key Directory, no CRL, etc. IBC was proposed by Shamir
[11] in 1984. The rst practical Identity-Based Encryption System setup. The CS chooses a security parameter k
scheme using Weil pairing on elliptic curve was proposed (k Z , k > 2) and runs the BDH parameter generator.
by Boneh and Franklin [12] in 2001. After that, many cryp- (1) Get two cyclic groups G 1 and G 2 . G 1 is an addi-
tographic primitives (such as encryption, signature, etc.) tive group generated by P , ord( P ) = q. G 2 is a multi-
based on IBC were proposed. plicative group with the same order q. A bilinear pair-
In this paper, we introduce IBC into EAC implemen- ing is a map e : G 1 G 1 G 2 ; (2) Choose a crypto-
tation scheme. A new authorization mechanism and its graphic hash functions: H : {0, 1} G 1 ; (3) Pick a random
authentication protocol based on IBC are proposed. The se- s Z q as a master-key and compute P pub = s P . Keep
curity of authorized mechanism is based on the security of s only to the CS; (4) Public system parameters PARA =
Authorized Smartcard. The security of authentication pro- G 1 , G 2 , e , P , q, P pub , H . This phase is executed only once.
tocol is based on ECDLP and BDH problems. The bilinear
pairing cryptography algorithm should be supported by e- 2.2. Authorized smartcard
passport chip and Authorized Smartcard.
In IBC, the public key is the Identity of the user. Trusted
2. The IBC-EAC scheme Authority can deliver a type of ID-Cert to the user. The
ID-Cert takes the private key of the user as authentication
The following proposed scheme enables the chip to parameter which be only controlled by the Trusted Author-
verify whether the IS is entitled to access sensitive data, ity. By using the ID-Cert, a trustable relationship between
which only performs the same function as Terminal Au- the user and the Trusted Authority can be setup.
thentication in EU-EAC scheme. (1) Private key generation
The Ocial Name of the immigration check point is
2.1. IBC-EAC framework and system setup used as his Identity. For example, ID_IS = Beijing Inter-
national Capital Airport. The users public key ID_Receiver
Each issuing country has a unique Country Signing (CS) is structured as: ID_Receiver = ID_ISISSUEREXP. here
as Trusted Authority. The CS sets up IBC Server system to is string concatenate operator; ISSUER is the Identity
28 C.H. Li et al. / Information Processing Letters 111 (2010) 2630
2.4. Authentication protocol The protocol authenticates the same message, which is
K Receiver = K Issuer . Because K Receiver = e (r Q ID_Issuer , P pub +
The authentication protocol is performed as follow. S ID_Receiver ) = e (r Q ID_Issuer , s P + s Q ID_Receiver ) = e (s
C.H. Li et al. / Information Processing Letters 111 (2010) 2630 29
Table 1
Comparison with other EAC scheme.
(2) Authorization mechanism. In EU-EAC scheme, the main enhanced security features: a more trustable autho-
authorization of the access is based on certicate chain. rization mechanism, and a better terminal revocation solu-
There are some security leaks in the chain of trust. For tion than relying on an approximation of the current date.
certicate chain, if A=B, and B=C, we can get A=C. But in It provides an alternative approach for the global specica-
the chain of trust, the DV is trusted by the CV. But how tion of EAC implemention scheme.
can the CV trust the IS? That is to say, it is possible that
the DV can authorize the access right to malicious IS. References
The trust model of IBC-EAC is very similar to the autho-
rization process of real world. It is the Issuing Authority [1] ICAO, PKI for machine readable travel documents offering ICC read-
that grants the access right to IS directly through Autho- only access, Technical Report, Version 1.1, 2004.
[2] ICAO, Technical advisory group on machine readable travel docu-
rized Smartcard. It is more reliable and practical than indi-
ments, TAG-MRTD/17-WP/11, March 2007.
rectly authorization approach of EU-EAC scheme. [3] Federal Oce for Information Security, Advanced Security Mech-
For Singapore EAC scheme, it is also a direct access anisms for Machine Readable Travel Documents, Extended Access
authorization. But once the IS got the EAC-KEY using his Control (EAC), version 1.01, Technical Guideline TR-03110, BSI, Bonn,
private key, he possesses the plaintext of EAC-KEY per- Germany, 2006.
[4] Federal Oce for Information Security, Advanced Security Mech-
manently. It leaves the opportunity to do harm to the e-
anisms for Machine Readable Travel Documents, Extended Access
passport holders privacy. Control (EAC), version 2.01, Technical Guideline TR-03110, BSI, Bonn,
(3) Revocation method. The EU-EAC scheme offers the Germany, 2009.
possibility for authorization revocation. Because the e- [5] ICAO, Machine Readable Travel Documents: Development of a Logical
passport has no internal clock, this makes it vulnerable to Data Structure LDS, Technical Report, version 1.7, 2004.
[6] V. Pasupathinathan, J. Pieprzyk, H. Wang, An on-line secure e-
attack using expired certicates. In Singapore EAC scheme,
passport protocol, in: Information Security Practice and Experience,
this is not technically supported. 4th International Conference, in: Lecture Notes in Comput. Sci.,
In EU-EAC scheme, the message of date is not in- vol. 4991, Springer-Verlag, Berlin, 2008, pp. 1428.
volved in cryptography operations. It simply compares the [7] V. Pasupathinathan, J. Pieprzyk, H. Wang, Security analysis of Aus-
expiration date to the current date. In our protocol, the ex- tralian and E.U. e-passport implementation, Journal of Research and
Practice in Information Technology 40 (3) (2008) 187205.
piration data EXP is computed in the authentication pro-
[8] J. Lschner, Z. Rha, How to achieve and enhance interoperability
tocol. The message ID_Receiver = ID_ISEXP sent to the e- of e-passports, in: Identity Fraud & Theft: The Logistics for Organ-
passport chip should be in conformity with which used to ised Crime, www.idfraudconferencept2007.org/cms/les/programa/
compute S ID_Receiver , because S ID_Receiver = s Q ID_Receiver = PFL47344673e580d.pdf.
s H (ID_Receiver). If the IS submits a modied ID_Receiver [9] S. Vaudenay, E. Polytechnique, F. Lausanne, E-passport threats, IEEE
Security & Privacy 5 (6) (2007) 7275.
to the e-passport chip, the verication will be failed in-
[10] R. Chaabouni, S. Vaudenay, The extended access control for machine
evitably. readable travel documents, in: BIOSIG 2009, Biometrics and Elec-
tronic Signatures, in: LNI, vol. 155, Gesellschaft fr Informatik (GI),
4. Conclusions Bonn, Germany, 2009, pp. 93103.
[11] A. Shamir, Identity-Based Cryptosystems and signature schemes, in:
Proceedings of CRYPTO 84, in: Lecture Notes in Comput. Sci., vol. 196,
By introducing IBC, our scheme has many merits over
Springer-Verlag, Berlin, 1984, pp. 4753.
EU-EAC scheme, such as no need to construct the complex [12] D. Boneh, M. Franklin, Identity based encryption from the Weil pair-
PKI, and less computer and labor force for it, and not nec- ing, in: Cryptology CRYPTO2001, in: Lecture Notes in Comput. Sci.,
essary to verify the certicate chain. It also provides two vol. 2139, Springer-Verlag, Berlin, 2001, pp. 213229.