Poster: eID in Europe - Password Authentication Revisited
                            
                            Patryk Koziel, Przemyslaw Kubiak, Miroslaw Kutylowski, 
                                 Wroclaw University of Science and Technology 
                                                 Yanmei Cao 
                                              Xidian University

A EU Regulation from 2019  aims to  achieve a minimal degree of interoperability of personal identity documents 
in Europe (eID). In particular,  eID document verification should be  performed according to ICAO protocols,
including  biometric verification. At the same time, additional functionalities implemented by the Member States 
must not  interfere with the obligatory ICAO part. As presenting personal data from an eID requires an explicit 
consent of the eID owner,  PACE -  a password authenticated  key exchange (PAKE) protocol, 
the core part of the ICAO specification -- must be used.

A side effect of the EU Regulation are problems  regarding already deployed  additional functionalities, 
such as digital signatures. In this paper we present a pragmatic approach for solving this problem. 
Instead of installing these functionalities independently -- e.g. at a cost of extra code on the eID chip 
and potential compatibility problems -- we may reuse the basic ICAO protocols. As an example of this approach 
we show a proof-of-presence protocol derived from PACE.

Keywords:
eID, ICAO, PAKE, PACE, Authentication,  Proof of presence, Privacy


IFIP Networking 2021 (poster)
https://ieeexplore.ieee.org/document/9472856