The PACE|AA Protocol for Machine Readable Travel Documents, and Its Security

We discuss an efficient combination of the cryptographic protocols adopted by the International Civil Aviation Organization (ICAO) for securing the communication of machine readable travel documents and readers. Roughly, in the original protocol the parties first run the Password-Authenticated Connection Establishment (PACE) protocol to establish a shared key and then the reader (optionally) invokes the Active Authentication (AA) protocol to verify the passport’s validity. Here we show that by carefully re-using some of the secret data of the PACE protocol for the AA protocol one can save one exponentiation on the passports’s side. We call this the PACE|AA protocol. We then formally prove that this more efficient combination not only preserves the desirable security properties of the two individual protocols but also increases privacy by preventing misuse of the challenge in the Active Authentication protocol. We finally discuss a solution which allows deniable authentication in the sense that the interaction cannot be used as a proof towards third parties.

[1]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[2]  Serge Vaudenay,et al.  The Security of DSA and ECDSA , 2003, Public Key Cryptography.

[3]  Rafael Pass,et al.  On Deniability in the Common Reference String and Random Oracle Model , 2003, CRYPTO.

[4]  Jean-Sébastien Coron,et al.  Efficient Indifferentiable Hashing into Ordinary Elliptic Curves , 2010, CRYPTO.

[5]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[6]  Marc Fischlin,et al.  Security Analysis of the PACE Key-Agreement Protocol , 2009, ISC.

[7]  Serge Vaudenay,et al.  About Machine-Readable Travel Documents , 2007 .

[8]  Jonathan Katz,et al.  Composability and On-Line Deniability of Authentication , 2009, TCC.

[9]  Thomas Icart,et al.  How to Hash into Elliptic Curves , 2009, IACR Cryptol. ePrint Arch..

[10]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[11]  Marc Fischlin,et al.  TLS, PACE, and EAC: ACryptographic View at Modern Key Exchange Protocols , 2012, Sicherheit.

[12]  Marc Fischlin,et al.  Security Analysis of the Extended Access Control Protocol for Machine Readable Travel Documents , 2010, ISC.

[13]  Sufyan Salim Mahmood Al Dabbagh,et al.  Digital signature algorithm , 2011 .

[14]  Ahmad-Reza Sadeghi,et al.  Improved Security Notions and Protocols for Non-transferable Identification , 2008, ESORICS.

[15]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[16]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[17]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[18]  About Machine-Readable Travel Documents Privacy Enhancement Using ( Weakly ) Non-Transferable Data Authentication , 2007 .

[19]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[20]  Ahmad-Reza Sadeghi,et al.  Resettable and Non-Transferable Chip Authentication for E-Passports , 2008 .