Extended Access Control (EAC) is a security mechanism specified to allow only authorized Inspection System (IS) to read sensitive biometric data such as fingerprints from e-passports. Although European Union EAC scheme offers more flexibility than Singapore scheme, there is clearly room for improvement. By adopting Identity-Based Cryptography (IBC) technology, a simple and secure EAC implementation scheme (IBC-EAC) is proposed. The authorization mechanism based on IBC is more trustable because the access right to sensitive data is granted directly to the IS through Authorized Smartcard. A new authentication protocol based on IBC is performed between the e-passport chip and the Authorized Smartcard. The protocol also provides an important contribution towards terminal revocation. By using IBC-EAC scheme, the complexity of deploying and managing PKI can be reduced. And the computational cost for e-passport to verify the certificate chain in EU-EAC scheme can be saved.
[1]
Adi Shamir,et al.
Identity-Based Cryptosystems and Signature Schemes
,
1984,
CRYPTO.
[2]
Matthew K. Franklin,et al.
Identity-Based Encryption from the Weil Pairing
,
2001,
CRYPTO.
[3]
Huaxiong Wang,et al.
Security Analysis of Australian and E.U. E-passport Implementation
,
2008,
J. Res. Pract. Inf. Technol..
[4]
Serge Vaudenay,et al.
E-Passport Threats
,
2007,
IEEE Security & Privacy.
[5]
Huaxiong Wang,et al.
An On-Line Secure E-Passport Protocol
,
2008,
ISPEC.
[6]
Roland L. Trope,et al.
Setting Boundaries at Borders: Reconciling Laptop Searches and Privacy
,
2007,
IEEE Security & Privacy.
[7]
Loeschner Jan,et al.
How to achieve and enhance interoperability of e-passports
,
2007
.
[8]
Serge Vaudenay,et al.
The Extended Access Control for Machine Readable Travel Documents
,
2009,
BIOSIG.