PACE with Mutual Authentication -- towards an upgraded  eID in Europe

                Patryk Koziel,  Przemyslaw Kubiak, Miroslaw Kutylowski 
                    Wroclaw University of Science and Technology
                    
          
In this paper we present modifications to the protocols PACE and PACE CAM from ICAO specification. 
We show that with slight changes it is possible to convert PACE that is limited to password authentication 
and PACE CAM where only the chip is strongly authenticated to a full-fledged authentication where apart 
from password authentication both the terminal and the chip are authenticated in a strong cryptographic way. 

The new protocols provide better privacy protection and resilience against key leakage than the previous 
protocols and are implementation friendly. The idea is not to reveal an exponent (as in case of PACE CAM) 
but to reuse the Diffie-Hellman key exchange for static Diffie-Hellman authentication in the PACE protected channel.  

The proposed fine tuning of the schemes adopted by International Civic Aviation Organization for biometric passports  
may contribute to the future European eID practice, since the ICAO standards have been chosen as obligatory basic platform 
for official personal identity documents issued after August 2021 in all EU countries.    
         
          
accepted for ESORICS'21