| Author | Fischlin, Marc; Heyden, Jonas von der; Margraf, Marian; Morgner, Frank; Wallner, Andreas; Bock, Holger |
|---|
| Date | 2023 |
|---|
| Type | Conference Proceedings |
|---|
| Abstract | The Extended Access Control (EAC) protocol for authenticated key agreement is mainly used to secure connections between machine-readable travel documents (MRTDs) and inspection terminals, but it can also be adopted as a universal solution for attribute-based access control with smart cards. The security of EAC is currently based on the Diffie-Hellman problem, which may not be hard when considering quantum computers.
In this work we present PQ-EAC, a quantum-resistant version of the EAC protocol. We show how to achieve post-quantum confidentiality and authentication without sacrificing real-world usability on smart cards. To ease adoption, we present two main versions of PQ-EAC: One that uses signatures for authentication and one where authentication is facilitated using long-term KEM keys. Both versions can be adapted to achieve forward secrecy and to reduce round complexity. To ensure backwards-compatibility, PQ-EAC can be implemented using only Application Protocol Data Units (APDUs) specified for EAC in standard BSI TR-03110. Merely the protocol messages needed to achieve forward secrecy require an additional APDU not specified in TR-03110. We prove security of all versions in the real-or-random model of Bellare and Rogaway.
To show real-world practicality of PQ-EAC we have implemented a version using signatures on an ARM SC300 security controller, which is typically deployed in MRTDs. We also implemented PQ-EAC on a VISOCORE® terminal for border control. We then conducted several experiments to evaluate the performance of PQ-EAC executed between chip and terminal under various real-world conditions. Our results strongly suggest that PQ-EAC is efficient enough for use in border control. |
|---|
| Conference | 8th International Conference Security Standardisation Research (SSR 2023) |
|---|
| Isbn | 978-3-031-30730-0 |
|---|
| Serie | Lecture Notes in Computer Science |
|---|
| In | Security Standardisation Research, p.22-52 |
|---|
| Publisher | Springer |
|---|
| Url | https://tubiblio.ulb.tu-darmstadt.de/id/eprint/138885 |
|---|
