Chip Authentication for E-Passports: PACE with Chip Authentication Mapping v2
             
                   Lucjan Hanzlik, Miroslaw Kutylowski
                   Wroclaw University of Science and Technology


According to the European Commission Decision C(2006) 2909, EU Member States must implement  
Supplemental Access Control (SAC) on biometric passports. The SAC standard describes 
two versions of a  password based authenticated key exchange protocol called PACE GM and PACE IM.
Moreover, it defines an extension called PACE CAM which, beside session key security,
executes an active authenticationof the ePassport with just one extra  modular multiplication.
However, it uses PACE GM  as a building block and does not work with the more efficient protocol PACE IM

In this paper we propose an active authentication extension, which can be used with both 
PACE GM and PACE IM.  It elegantly bypasses the patent on PACE CAM while the efficiency, on the side 
of the ePassport, remains the same.

Moreover, we improve previous security analysis: we prove security of PACE CAM under standard
and not non-standard knowledge assumptions. The results from this paper show possible future 
enhancement for the ICAO  standard and give a formal proof on how good the current solutions 
protect against cloning of the ePassport.

Keywords: Supplemental Access Control; Chip Authentication Mapping; PACE; Active Authentication.

---------------

Paper accepted for ISC'2016, to be published in LNCS