iPIN and mTAN for Secure eID Applications

Recent attacks on the German identity card show that a compromised client computer allows for PIN compromise and man-in-the-middle attacks on eID cards. We present a selection of new solutions to that problem which do not require changes in the card specification. All presented solutions protect against PIN compromise attacks, some of them additionally against man-in-the-middle attacks.

[1]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[2]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[3]  Jörg Schwenk,et al.  On the design and implementation of the Open eCard App , 2012, Sicherheit.

[4]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[5]  Colin Boyd,et al.  Protocols for Authentication and Key Establishment , 2003, Information Security and Cryptography.

[6]  Colin Boyd,et al.  Protocols for Key Establishment and Authentication , 2003 .

[7]  Ueli Maurer,et al.  General Secure Multi-party Computation from any Linear Secret-Sharing Scheme , 2000, EUROCRYPT.

[8]  Franziskus Kiefer,et al.  Towards a mobile eCard Client , 2010 .

[9]  Detlef Hühnlein,et al.  Mobile Authentisierung und Signatur , 2011 .

[10]  Marc Fischlin,et al.  Security Analysis of the PACE Key-Agreement Protocol , 2009, ISC.

[11]  Detlef Hühnlein,et al.  An efficient mobile PACE implementation , 2011, ASIACCS '11.

[12]  Marcel Keller,et al.  Secure Multiparty AES , 2010, Financial Cryptography.

[13]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[14]  Marc Fischlin,et al.  Security Analysis of the Extended Access Control Protocol for Machine Readable Travel Documents , 2010, ISC.

[15]  M. Ullmann,et al.  Password Authenticated Key Agreement for Contactless Smart Cards , 2008 .

[16]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[17]  Ivan Damgård,et al.  Multiparty Computation from Threshold Homomorphic Encryption , 2000, EUROCRYPT.

[18]  Moritz Horsch Mobile Authentisierung mit dem neuen Personalausweis (MONA) , 2011 .

[19]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.