Electronic passport promises the possibility of a secure, simple and quick travel formalities. Many countries have started delivering electronic documents to their citizens. This is a proof of the importance of ePassport protocols which aim to improve the document security and the traveller authentication. Three generations of security solutions in ePassports were specied. We model via this work a new protocol of ePassport to provide better authentication and to protect sensitive data. Elliptic curve cryptography and secret sharing scheme present the main topics referred to in the proposed protocol. This coupling strengthens the eMRTD security, data storage and the authentication of both ePassport and its bearer. The Spi calculus is an adequate formalism to model cryptographic aspect of such electronic protocol and allows us to verify its properties.
Developing technologies and security standards has encourage governments to
pursue the issuance of more sophisticated Machine Readable Travel Documents
(MRTDs) to their citizens. The electronic MRTDs, also called ePassports or
biometric passports dier from the ordinary travel booklets, they contain biometric
traits and embedded Radio Frequency chip to store information about the
document owner. A successful implementation of biometric and radio frequency
identication (RFID) technologies [
Related Work
Because of the sensitive data that can be stored in ePassport and the
importance of this document, several studies are conducted in order to enhance security
and privacy issues of ePassport. The International Civil Aviation Organization
(ICAO) is the rst responsible organization for cross border policies and air
travelling standards. It sets a standard specication for ePassports. It denes
a security mechanism based on several protocols with the use of RFID
(Radio Frequency Identication) and biometric technologies [
Paper Organization We rst describe the related structure of an electronic passport and existing protocols. Then, we introduce our scheme providing authentication in ePassport. The proposed solution employs distributed authority mechanism. We exploit the Elliptic Curve Cryptography features. This approach aims to enhance security properties and struggles against data leakage. This paper is organized as follows: the next section describes the ePassport structure and the used technologies. In section 3, we describe the existing schemes and mention some of their vulnerabilities. In section 4, we introduce a detailed description of our contribution. Section 5 contains a formal verication of the ePassport protocol and an automated verication using Proverif reasoning tool. Finally, we conclude this work. The aim of this contribution is to avoid falsication, identity theft and to prevent authentication aws by protecting the stored data in the ePassport and to ensure that the bearer is genuine. 2
This section sheds the light on the technical structure of the existing ePassport. Two main specications distinguish an electronic Machine Readable Travel Document (eMRTD) from a classic one: the Radio Frequency Identication (RFID) technology and the Integrated Circuit Card (ICC) adapted to communicate with RFID tags or readers. 2.1
RFID
Radio Frequency Identication is a term for a family of technologies that
transmit data via a wireless network based on Radio frequency radiations. The
advantage of RFID is the absence of direct contact or line-of-sight scanning [
Integrated Circuit Card
To ensure a global interoperability, the ICAO issues a standardized data
structure called Logical Data Structure (LDS) for the storage of data elements. The
LDS initially consists of 16 data groups. The specications state that all the 16
data groups are write protected and can be written only at the time of issue
of the ePassport. A hash of data groups 1-16 are stored in a ( SOD) , each of
these hashes should be signed by the issuing state. So, an Integrated Circuit
Card (ICC) of ePassport is composed of a LDS and SOD . ICAO species that
only DG1 and DG2 are mandatory and the rest of DGs depends on the issuing
country schemes and implementation. The Figure 1 from ICAO ocial
document [
ISO/IEC Biometrics
Biometrics are considered as sensitive data. They are used as supplemental
verication item to enhance security. To protect biometrics while storage and transfer,
ISO/IEC 24745 provides a standard under various requirements. The
architecture according to ISO/IEC is valid for all biometric modalities. When enrolment
of a biometric modality takes place, a feature extraction from the captured
sample results a Pseudonymous Identier (P I ) and Auxiliary Data (AD ). During a
verication, a new feature extraction from fresh biometric sample results a new
pseudonymous identier (P I ) which equals P I if and only if the same person
provided the biometric sample [
In order to provide full protection of electronic passport, a set o security
features is implemented. Cryptographic protocols are specied to prevent skimming
of data from the Integrated Chip (IC), prevent eavesdropping on legitimate
communication between IC and reader. Thus, ICAO [
Gain a secure access to IC, Data authentication, Chip authentication, Additional access mechanism to biometrics, Reading data securely.
Fig. 1: Logical Data Structure.
In literature, two protocols are dedicated to provide access control: Basic
Access Control (BAC) [
BAC: Is a session key establishment mechanism based on symmetric cryptography. Keys are derived from Machine Readable Zone (MRZ) of the ePassport, Document Number(DN), Date Of Birth (DOB) and Date Of Expiry (DOE) followed respectively by their checksums are the extracted data and concatenated under SHA 1 to result a key Kseed. The 16 more signicant bytes of Kseed are concatenated to 00000001. The result is hashed under SHA 1 to compute the key encryption KENC . The same process is performed to compute KMAC by concatenation of Kseed to 00000002.
Kseed = SHA_1(DN jDOBjDOE) KENC = SHA_1(Kseedj00000001)
KMAC = SHA_1(Kseedj00000002) Then, a set of messages is exchanged between IC and reader to verify keys and to establish a session and secure messaging mechanism.
PACE: Is a supplemental access control launched in 2014. It is a
countermeasure to weaknesses of BAC. PACE is a Die-Hellman [
Passive Authentication PA: To ensure data authentication, the Document of
Security Objects SOD contains hashes of existing data groups and is signed by
the issuing country. Inspection systems contain Document Signer public keys of
each State or have read related certicates. It is a passive authentication
mechanism that read hashes and verify signature of SOD to validate data authenticity
and integrity. PA is the only mandatory protocol [
Active Authentication AA: Implementing this protocol makes the chip authenticate itself to the reader. AA public key is stored in the data group DG15 and its corresponding private key in stored in a secure memory of the integrated chip. AA aims to verify is not cloned.
EAC: To protect supplemental sensitive information, an Extended Access
Control (EAC) mechanism takes place. EAC is a set of Extended Access Keys used
instead of BAC [
CA: Keys are computed using Die-Hellman key agreement protocol. CA provides implicit authentication of both IC itself and the stored data by performing secure messaging after establishment of session keys.
TA: A successful execution of terminal authentication is a proof to the chip that
interrogating reader is not an intruder. This protocol requires a specic
certication architecture. Regarding to the BSI, each country issuing EAC ePassport
needs a trusted point: Country Verifying Certicate Authority (CVCA) issues
Document Verier DV certicates. CVCA public key must be stored in
ePassport chip and DV issues certicates for Inspection Systems. More details are set
in [
Vulnerabilities
Many vulnerabilities have been identied in the literature. Attacks can be
classied according to their objectives [
Obtaining data contained in ePassport’s chip, Recognition of a set of passports, Recognition of individual passport,
Obtaining a proof of presence.
Attackers can easily identify and track an ePassport. The main aw is the absence of a standard normalization. It is a lack of interoperability. According to ICAO specication, only two GDs are required and the rest is optional. Security measures depends on issuing country. This diversity is a benecial factor for attackers to identify batch of ePassport depending on error messages, response time and other aspects related to manufacturing and country policies. The security of the BAC protocol is based on a low entropy of two access keys derived from data items on the MRZ of ePassport. Keys are easily guessable because their entropy is, at maximum 46 bits. In some cases, when the MRZ generation pattern is known, the entropy is lower. This allows identifying an ePassport, tracking and obtaining its data applying brute-force attacks. PACE provides better entropy compared to BAC but still depends on passwords derived from MRZ. PA and EAC require sophisticated cetication structure and roots verications. ePassports suer from lack of international standards and implementations. 4
Our proposal is based on the Elliptic Curve Cryptography and its advantages specially for ICC. 4.1
Elliptic Curve Cryptography
Elliptic curves have been studied in mathematics for 150 years. Their use within
cryptography was rst proposed in 1985, by Koblitz [
E : y2 = x3 + ax + b (1) for a; b 2 Fq such that 4a3 + 27b2 6= 0.
Montgomery [
Although ECC is not a dominant implementation for cryptography, it promises a high security with harder discrete logarithm problems. It will be used in practice progressively to instantiate cryptographic protocols. In this paper, we consider elliptic curves over a nite eld Fq. We describe in the following the proposed scheme. 4.2
The Protocol in Detail The protocol begins in a setup phase. In this stage, a set of authorities in cooperation generate the key materials and publish the corresponding public parameters. Then, the registration phase takes place. In order to authenticate himself, an ePassport bearer needs to prove his identity using his ngerprint template.
Our system consists four entities: The user is the person who requests to have an ePassport noted US; The reception authority that delivers ePassport at the citizen request noted RA; The document verier is the entity who conrms the ePassport creation (It can be the interior ministry), noted DV; The inspection system veries the eMRTD and its bearer while crossing border, noted IS.
First, the user is enrolled during the personalization phase. His biometric
enrolment is realized according to the ISO/IEC 24745 and resulting (PI/AD) [
As prerequisite, we consider the equation 2 of the Montgomery form [
SA = S1 + S2 + S3
S1 = H1(P I) S2 = H1(Xa)
S3 = H1(Xdv) while P I is generated from the biometric enrolment (Personal Identier), Xa and Xdv are random numbers chosen respectively by the reception authority and the document verier. Then, an ePassport Identier (ID), Expiration Date (ED) and the built secret SAP are written on the LDS (Figure 1): Data is stored in the related DGs and SAP is hashed in the Document Security Object ( SOD). The DV is the most honest authority as mentioned above. It supplies a segment of the secret to the IS to avoid connexion establishment risks. In fact, it sends an entity X = S2P + S3P and the inspection system saves it in its local database. Then, the electronic document is delivered to its owner. Now, the ePassport is ready to be used.
To verify the traveller’s identity and if the ePassport is original, the Inspection System (IS) needs to collect data and verify the secret. As prerequisite, this approach is run under the assumption that a Password Authentication Connection Establishment (PACE) is executed in order to establish a secure communication between IS and the ePassport chip. Reading the MRZ allows inspection system to load the corresponding certicates and parameters of electronic document and (3) (4) (5) (6) its issuing country. Consequently, IS queries its local data base to get the secret fragment given by the DV after the registration phase ( X = S2P + S3P ).
A connection is established between the chip and the IS in order to read the stored secret SAP . The ePassport bearer needs to regenerate his segment of the shared secret. Thus, a biometric probe is measured and (PI*, AD) are extracted, the secret (S 10P ) is generated and sent to the IS when P is a generator of the elliptic curve.
As mentioned above, the DV sends beforehand the partially generated secret X = S2P + S3P . IS retrieves the secret SA0P = S10P + X after receiving S10P and compares it to SAP stored in the chip of correspondent ePassport. The proposal aims to optimize the use of resources by using only one elliptic curve and to avoid storage of all the user entire related data in the DV database. The short keys length is an interest for the RFID technology which uses less memory. From a secure point of view, our contribution provides an authentication protocol based on the uniqueness of ngerprint template, ECC and secret sharing advantages. On the proposed scheme, there is no need to verify independently the chip and its holder.
The next session describes an analysis and a formal verication of the protocol authentication process with the Spi calculus. 5
The need for applying formal methods has been recognized and widely used. It
helps specifying and reasoning about security properties. The Spi calculus [
The Spi Calculus The Spi calculus is a language for describing systems of processes that communicate on named channels. It is a mathematical model that describes concurrent processes and their interactions. It has been used to study a variety of security protocols, such as those for private authentication.
To describe protocols with the Spi calculus, one needs to dene a set of names, a set of variables which will be used in order to dene terms. Processes are considered to describe behaviour and terms are representing data (messages, keys, channels). We start with a sort of variables (such as x and y) and a sort of names (such as n). The set of terms is dened by the grammar: U; V ::= terms c; n; s; K names (M; N ) pair x; y variables 0 zero suc(M ) successor fM1; ::; MkgN shared-key encryption
The set of processes is dened by the grammar The nill process 0 does nothing, P j Q is the parallel composition of P and Q, the replication !P behaves as an innite number of copies of P running in parallel. The process n:P makes a new name n then behaves as P . We often use as a generator of unguessable seeds. In some cases, those values may serve as nonces or as keys. In others, they may serve as seeds, and various transformations may be applied for deriving keys from seeds. The match [M is N ]P construct if M = N then P else the process is
P; Q ::= plain processes 0 nil process P j Q parallel composition !P replication ( n):P name restriction [M is N ]P match u(x):P message input uhN i:P message output case L of fxgN in P sharedkey decryption stuck. The input process u(x):P is ready to input from channel u, then to run P with the actual message replaced for the formal parameter x, while the output process uhN i:P is ready to output message N on channel u, then to run P . In both of these, we may omit P when it is 0. Processes are intended to represent the components of a protocol, but they may also represent attackers, users, or other entities that interact with the protocol. As an abbreviation, we may write: let x = U in P . It can be dened as ( c)(chU ijc(x):P ), where c is a name that does not occur in U or in P . Shared-key decryption process runs when a shared key N is only known by the sharing principals. It attempts to decrypt a term L with the key N . 5.2
Protocol modelling The Spi calculus representations of protocols often model secure channels as primitive, without showing their possible cryptographic implementations. As preliminaries, we assume that c is a secure channel on which all principals may communicate. Therefore, we do not restrict the scope of c with the operator. In our formulation, it is possible for a principal to receive a message intended for other principal, and for the processing to get stuck. Master keys are related to trusted authorities witch are : Inspection system, document verier and reception authority. On the verication phase, only IS master key is needed KI . We model the messages in the protocol rather directly. We describe each principal of the ePassport protocol via a process: C for the chip, I for the inspection system and U for the User. The variable msg is used as and msg = "Get_id" and the id refers to the ePassport identier which is known by the inspection system after reading the MRZ. KIC is a shared keys between Inspection System and Chip. KIU is a shared keys between Inspection System and User.
The process F represents the behaviour of Inspection System while comparing collected data. We assemble the pieces so as to represent a system with the process P . I(id; msg) U (S10P ) F (x; y) P
(SP ):(chfid; SP gKIC i): , chfmsggKIC iin c(y):case y of fx1; x2gKIC in [x1 is id] c(z):case z of fz2gKIU in F (z2; x2):
(S10P ) chfS10P gKIU i: , , , [x is y]:0
(KIC ; KIU )( !C j !I j !U j !F )
Discrete logarithm problem Let A be the process of an active intruder. As mentioned above, if a process receives a message from an intended principal, the processing gets stuck. We suppose that the intruder breaks a key and tries to behave as one of the principals.
A , chfmsggKIC iin
c(x):case x of fygKIC : This scenario is the hardest that an intruder can get. Even if a shared key is guessed or broken, the secret SAP is not broken because it still protected by the DLP (Discrete logarithm problem) and is applicable to all communicated messages via the ePassport protocol. This way, we guarantee the authentication property.
Observational Equivalences In the analysis of protocol security, we usually
verify that two given processes cannot be distinguished by any attacker. The
processes are observationally equivalent. In Spi calculus, static equivalence is
written s it relates processes that cannot be distinguished by any term of
comparison [
(M1):chfid1; M1gKIC i s (M2):chfid2; M2gKIC i M1 and M2 are not distinguished by A. An attacker who observes the communicated messages cannot distinguish the two substitutions and the secret SAP still protected. The proposed protocol may detect many threats and cover ePassport security aws: Cloned document, unauthorized ePassport, unauthorized ePassport holder can be detected if the comparison of shared secrets results a failure.
This paper presents the ePassport specications and reveals the evolution of cryptographic protocols used to improve MRTDs security features. It points out weaknesses of previous generations specied by ICAO, EU and BSI. In a second part, the paper illustrates a new scheme of ePassport authentication. The protocol is based on Elliptic Curve Cryptography, uniqueness of biometric features and the secret sharing between entities. The proposed scheme is modelled and veried (manual reasoning) using the Spi calculus. An automated analyse of the property of secrecy succeeds using Proverif verication tool. Nevertheless, countries follow dierent and dissimilar policies. Security weaknesses are based on inconsistent implementations and measurements. This work aim to reduce vulnerabilities and help to build a more robust solution for the future.