E-passport EAC scheme based on identity-based cryptography. (English) Zbl 1260.68139
Summary: Extended access control (EAC) is a security mechanism specified to allow only authorized inspection system (IS) to read sensitive biometric data such as fingerprints from e-passports. Although European Union EAC scheme offers more flexibility than Singapore scheme, there is clearly room for improvement. By adopting identity-based cryptography (IBC) technology, a simple and secure EAC implementation scheme (IBC-EAC) is proposed. The authorization mechanism based on IBC is more trustable because the access right to sensitive data is granted directly to the IS through authorized smartcard. A new authentication protocol based on IBC is performed between the e-passport chip and the authorized smartcard. The protocol also provides an important contribution towards terminal revocation. By using IBC-EAC scheme, the complexity of deploying and managing PKI can be reduced. And the computational cost for e-passport to verify the certificate chain in EU-EAC scheme can be saved.
MSC:
| 68P30 | Coding and information theory (compaction, compression, models of communication, encoding schemes, etc.) (aspects in computer science) |
| 94A62 | Authentication, digital signatures and secret sharing |
| 94A60 | Cryptography |
Keywords:
E-passport security; extended access control; identity-based cryptography; safety/security in digital systemsReferences:
| [6] | Pasupathinathan, V.; Pieprzyk, J.; Wang, H., An on-line secure e-passport protocol, (Information Security Practice and Experience, 4th International Conference. Information Security Practice and Experience, 4th International Conference, Lecture Notes in Comput. Sci., vol. 4991 (2008), Springer-Verlag: Springer-Verlag Berlin), 14-28 |
| [7] | Pasupathinathan, V.; Pieprzyk, J.; Wang, H., Security analysis of Australian and E.U. e-passport implementation, Journal of Research and Practice in Information Technology, 40, 3, 187-205 (2008) |
| [8] | Löschner, J.; Říha, Z., How to achieve and enhance interoperability of e-passports, in: Identity Fraud & Theft: The Logistics for Organised Crime |
| [9] | Vaudenay, S.; Polytechnique, E.; Lausanne, F., E-passport threats, IEEE Security & Privacy, 5, 6, 72-75 (2007) |
| [10] | Chaabouni, R.; Vaudenay, S., The extended access control for machine readable travel documents, (BIOSIG 2009, Biometrics and Electronic Signatures. BIOSIG 2009, Biometrics and Electronic Signatures, LNI, vol. 155 (2009), Gesellschaft für Informatik (GI): Gesellschaft für Informatik (GI) Bonn, Germany), 93-103 |
| [11] | Shamir, A., Identity-Based Cryptosystems and signature schemes, (Proceedings of CRYPTO 84. Proceedings of CRYPTO 84, Lecture Notes in Comput. Sci., vol. 196 (1984), Springer-Verlag: Springer-Verlag Berlin), 47-53 · Zbl 1359.94626 |
| [12] | Boneh, D.; Franklin, M., Identity based encryption from the Weil pairing, (Cryptology - CRYPTO’2001. Cryptology - CRYPTO’2001, Lecture Notes in Comput. Sci., vol. 2139 (2001), Springer-Verlag: Springer-Verlag Berlin), 213-229 · Zbl 1002.94023 |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
