Securing E-passports with Elliptic Curves

Author

Chabanne, Hervé ; Tibouchi, Mehdi

Volume

9

Issue

2

fYear

2011

Firstpage

75

Lastpage

78

Abstract

In this paper, security of ID documents (such as passports) is discussed. A class of cryptographic protocols called Password-Authenticated Key Exchange (PAKE) provides a more robust solution to this problem. PAKE protocols ensure that an eavesdropper can´t learn any information on the low-entropy secret. They´re also required to be as secure as possible against all passive and active attacks. Basically, all an adversary can do to learn the password is an online dictionary attack (guess the password and try to execute the protocol with one of the parties). We can prevent this through latency, smart card blocking, and so on. For implementing PAKE protocols, especially in constrained environments such as e-passports, elliptic-curve cryptography is fast and requires little memory. However, it involves representing numeric values (in this case, passwords) as points on an elliptic curve, and how to do this efficiently and se curely isn´t obvious.

Keywords

authorisation; computer crime; cryptographic protocols; public key cryptography; cryptographic protocols; e-passports security; elliptic-curve cryptography; low-entropy secret; online dictionary attack; password-authenticated key exchange; smart card blocking; Elliptic curve cryptography; Elliptic curves; Encoding; Protocols; PACE; PAKE; Password-Authenticated Communication Establishment; Password-Authenticated Key Exchange; computer security; cryptography; e-passports; elliptic curves; machine-readable travel documents; offline dictionary attacks; online dictionary attacks; privacy;

fLanguage

English

Journal_Title

Security & Privacy, IEEE

Publisher

ieee

ISSN

1540-7993

Type

jour

DOI

10.1109/MSP.2011.37

Filename

5739642