MobilePACE - Password Authenticated Connection Establishment implementation on mobile devices

Syntax Notation One (ASN.1) ist eine Beschreibungssprache zur Definition von Datenstrukturen. Die Domain-Parameter und die verwendeten bzw. unterstützten kryptographischen Protokolle sind auf dem elektronischen Personalausweis in der Datei EF.CardAccess abgelegt und in ASN.1 kodiert. Für die Ausführung des PACE Protokolls muss diese Datei ausgelesen werden und die benötigten Informationen extrahiert werden. Paket: de.tud.cdc.mecca.asn1 • de.tud.cdc.mecca.asn1.ECDHAlgorithmIdentifier Der Algorithm Identifier bzw. die Domain-Parameter für elliptische Kurven sind in dieser Klasse implementiert. Dabei werden die jeweiligen Informationen bzw. Werte aus der Datei EF.CardAccess extrahiert. • de.tud.cdc.mecca.asn1.TLV Die Daten im EF.CardAccess sind im TLV-Format (Type, Length, Value) gespeichert. Die Klasse implementiert das Kodieren und Dekodieren des TLV-Formats. Paket: de.tud.cdc.mecca.asn1.eac • de.tud.cdc.mecca.asn1.eac.ISecurityInfo Die Klasse definiert eine Schnittstelle für alle SecurityInfos. • de.tud.cdc.mecca.asn1.eac.SecurityInfo Diese Klasse bildet eine einzelne SecurityInfo ab, bestehend aus dem Object Identifier des Protokolls und den dazugehörigen benötigten bzw. optionalen Daten [3, Kapitel A.1]. SecurityInfo ::= SEQUENCE { protocol OBJECT IDENTIFIER, requiredData ANY DEFINED BY protocol, optionalData ANY DEFINED BY protocol OPTIONAL } • de.tud.cdc.mecca.asn1.eac.SecurityInfos Die Klasse repräsentiert eine Menge der einzelnen SecurityInfos und vereint alle in der EF.CardAccess vorhandenen SecurityInfos. Die Klasse implementiert folgende ASN.1 Datenstruktur [3, Kapitel A.1]. SecurityInfos ::= SET OF SecurityInfo Paket: de.tud.cdc.mecca.asn1.eac.pace • de.tud.cdc.mecca.asn1.eac.pace.PACEDomainParameterInfo Die Klasse implementiert folgende ASN.1 Datenstruktur: PACEDomainParameterInfo ::= SEQUENCE { protocol OBJECT IDENTIFIER(id-PACE-DH | id-PACE-ECDH), domainParameter AlgorithmIdentifier, parameterId INTEGER OPTIONAL } Zum Zugriff auf die Daten stehen die Methoden getProtocol(), getDomainParameter() und getParameterId() zur Verfügung. Mit Hilfe der Methode isPACEObjectIdentifer(DERObjectIdentifier o) lässt sich überprüfen, ob der gegebene Object Identifer ein PACE Object Identifer der Form id-PACE-DH oder id-PACE-ECDH ist.

[1]  Daniel W. Engels,et al.  RFID Systems and Security and Privacy Implications , 2002, CHES.

[2]  Bart Preneel,et al.  Security Overview of Bluetooth , 2004 .

[3]  Vivek Kapoor,et al.  Elliptic curve cryptography , 2008, UBIQ.

[4]  Yong Wang,et al.  The Performance of Elliptic Curve Based Group Diffie-Hellman Protocols for Secure Group Communication over Ad Hoc Networks , 2006, 2006 IEEE International Conference on Communications.

[5]  Stefan Lucks,et al.  Open Key Exchange: How to Defeat Dictionary Attacks Without Encrypting Public Keys , 1997, Security Protocols Workshop.

[6]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[7]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  Colin Boyd,et al.  Protocols for Authentication and Key Establishment , 2003, Information Security and Cryptography.

[9]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[10]  Mislav Grgic,et al.  Comparison of JPEG Image Coders , 2001 .

[11]  Joost-Pieter Katoen,et al.  A UMTS network architecture , 1994 .

[12]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[13]  Jennifer Seberry,et al.  Public Key Cryptography , 2000, Lecture Notes in Computer Science.

[14]  Bart Jacobs,et al.  Crossing Borders: Security and Privacy Issues of the European e-Passport , 2006, IWSEC.

[15]  Dennis Kügler,et al.  "Man in the Middle" Attacks on Bluetooth , 2003, Financial Cryptography.

[16]  Stefan Bertschi Günter Burkart: Handymania. Wie das Mobiltelefon unser Leben verändert hat , 2007 .

[17]  Mahmoud Naghshineh,et al.  Bluetooth: vision, goals, and architecture , 1998, MOCO.

[18]  Ulrike Meyer,et al.  A man-in-the-middle attack on UMTS , 2004, WiSe '04.

[19]  Gene Itkis,et al.  Forward Security Adaptive Cryptography : Time Evolution Gene Itkis ? , 2004 .

[20]  Peter Honeyman,et al.  Secure Internet Smartcards , 2000, Java Card Workshop.

[21]  Walter Hinz Authentication for Web Services with the Internet Smart Card , 2008, ISSE.

[22]  Thomas Walloschke Infrastructures and Middleware for the Application of eID Cards in eGovernment , 2008, ISSE.

[23]  Ernst Haselsteiner Security in Near Field Communication ( NFC ) Strengths and Weaknesses , 2006 .

[24]  Collin Mulliner,et al.  Vulnerability Analysis and Attacks on NFC-Enabled Mobile Phones , 2009, 2009 International Conference on Availability, Reliability and Security.

[25]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[26]  Philip MacKenzie,et al.  On the Security of the SPEKE Password-Authenticated Key Exchange Protocol , 2001, IACR Cryptol. ePrint Arch..

[27]  David P. Jablon Strong password-only authenticated key exchange , 1996, CCRV.

[28]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[29]  Detlef Hühnlein,et al.  eVoting with the European Citizen Card , 2008, BIOSIG.

[30]  Mislav Grgic,et al.  Effects of JPEG and JPEG2000 Compression on Face Recognition , 2005, ICAPR.

[31]  Vibhor Sharma,et al.  Near Field Communication , 2013, Encyclopedia of Biometrics.

[32]  David P. Jablon Extended password key exchange protocols immune to dictionary attack , 1997, Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[33]  Andreas P. Heiner,et al.  Secure software installation in a mobile environment , 2007, SOUPS '07.

[34]  M. Ullmann,et al.  Password Authenticated Key Agreement for Contactless Smart Cards , 2008 .

[35]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[36]  Gisela Meister,et al.  Secure E-Business applications based on the European Citizen Card , 2008, ISSE.

[37]  Ivar Jacobson,et al.  The unified modeling language reference manual , 2010 .

[38]  Juan E. Tapiador,et al.  RFID Systems: A Survey on Security Threats and Proposed Solutions , 2006, PWC.

[39]  Gavin Lowe,et al.  An Attack on the Needham-Schroeder Public-Key Authentication Protocol , 1995, Inf. Process. Lett..

[40]  Marc Fischlin,et al.  Security Analysis of the PACE Key-Agreement Protocol , 2009, ISC.

[41]  Albrecht Schmidt,et al.  Mobile interaction with web services through associated real world objects , 2007, Mobile HCI.

[42]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[43]  Steven M. Bellovin,et al.  Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise , 1993, CCS '93.

[44]  Mark Grand Patterns in Java: A Catalog of Reusable Design Patterns Illustrated with UML , 2002 .

[45]  D. Bernstein Understanding brute force , 2005 .

[46]  Matthias Büger Deployment of German Electronic Citizen Cards in Banking: Opportunities and Challenges , 2008, ISSE.

[47]  Praveen Yalagandula A Survey on Security Issues in Wireless Networks , 2007 .