Paper 2023/352
Post-Quantum Security for the Extended Access Control Protocol
Abstract
The Extended Access Control (EAC) protocol for authenticated key agreement is mainly used to secure connections between machine-readable travel documents (MRTDs) and inspection terminals, but it can also be adopted as a universal solution for attribute-based access control with smart cards. The security of EAC is currently based on the Diffie-Hellman problem, which may not be hard when considering quantum computers. In this work we present PQ-EAC, a quantum-resistant version of the EAC protocol. We show how to achieve post-quantum confidentiality and authentication without sacrificing real-world usability on smart cards. To ease adoption, we present two main versions of PQ-EAC: One that uses signatures for authentication and one where authentication is facilitated using long-term KEM keys. Both versions can be adapted to achieve forward secrecy and to reduce round complexity. To ensure backwards-compatibility, PQ-EAC can be implemented using only Application Protocol Data Units (APDUs) specified for EAC in standard BSI TR-03110. Merely the protocol messages needed to achieve forward secrecy require an additional APDU not specified in TR-03110. We prove security of all versions in the real-or-random model of Bellare and Rogaway. To show real-world practicality of PQ-EAC we have implemented a version using signatures on an ARM SC300 security controller, which is typically deployed in MRTDs. We also implemented PQ-EAC on a VISOCORE terminal for border control. We then conducted several experiments to evaluate the performance of PQ-EAC executed between chip and terminal under various real-world conditions. Our results strongly suggest that PQ-EAC is efficient enough for use in border control.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Major revision. Security Standardisation Research, 8th International Conference (SSR 2023)
- DOI
- 10.1007/978-3-031-30731-7_2
- Keywords
- Access ControlMachine Readable Travel DocumentsPost-Quantum CryptographySmart Cards
- Contact author(s)
-
marc fischlin @ tu-darmstadt de
jvdh @ uni-wuppertal de
marian margraf @ aisec fraunhofer de
frank morgner @ bdr de
andreas wallner @ infineon com
holger bock @ infineon com - History
- 2023-10-18: revised
- 2023-03-10: received
- See all versions
- Short URL
- https://ia.cr/2023/352
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/352, author = {Marc Fischlin and Jonas von der Heyden and Marian Margraf and Frank Morgner and Andreas Wallner and Holger Bock}, title = {Post-Quantum Security for the Extended Access Control Protocol}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/352}, year = {2023}, doi = {10.1007/978-3-031-30731-7_2}, url = {https://eprint.iacr.org/2023/352} }