Abstract
We show that despite the cryptographic strength of the password authentication, we cannot exclude an attack by an adversary that penetrates the reader device at some moment, but apart from this is passive and manipulates neither the reader nor the microcontroller of the identity document. So even the most careful examination and certification of the smart cards and the readers cannot prevent attacks of this kind. We present concrete attack scenarios for PACE-GM, PACE-IM and SPEKE protocols.
We show that the weaknesses can be easily and effectively eluded via changing a few implementation details on the side of the reader. Our second contribution is that immunity against the attacks can be tested by the operator of the reader, thus replacing costly and unreliable certification process of black box devices.
Our more general contribution is to draw attention on hidden penetration attacks and to show that effective countermeasures are possible.
Partially supported by National Science Centre, HARMONIA 4 Programme, DEC-2013/08/M/ST6/00928.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The cases of spying PIN numbers with tiny cameras attached to ATM machines should serve as a warning that this in not only a hypothetical situation.
References
Abdalla, M., Fouque, P.-A., Pointcheval, D.: Password-based authenticated key exchange in the three-party setting. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 65–84. Springer, Heidelberg (2005)
Barker, E.B., Barker, W.C., Burr, W.E., Polk, W.T., Smid, M.E.: Sp 800–57. Recommendation for Key Management, part 1: General (revised). Technical report, Gaithersburg, MD, United States (2007)
Becker, G.T., Regazzoni, F., Paar, C., Burleson, W.P.: Stealthy dopant-level hardware Trojans: extended version. J. Crypt. Eng. 4(1), 19–31 (2014)
Bellare, M., Paterson, K.G., Rogaway, P.: Security of symmetric encryption against mass surveillance. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 1–19. Springer, Heidelberg (2014). Also IACR Cryptology ePrint Archive 2014, 438 (2014)
Bender, J., Fischlin, M., Kügler, D.: Security analysis of the PACE key-agreement protocol. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 33–48. Springer, Heidelberg (2009)
BSI: Advanced Security Mechanisms for Machine Readable Travel Documents 2.11. Technische Richtlinie TR-03110-3 (2013)
Bundesamt für Sicherheit in der Informationstechnik: Common Criteria Protection Profile for Inspection Systems (IS), BSI-CC-PP-0064 (2010). https://www.commoncriteriaportal.org/files/ppfiles/pp0064b_pdf.pdf
Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)
European Parliament and the Council: Regulation (EU) no 910/2014 on Electronic Identification and Trust Services for Electronic Transactions in the Internal Market and Repealing Directive 1999/93/EC (2014). http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32014R0910&from=EN
Hanzlik, L., Krzywiecki, Ł., Kutyłowski, M.: Simplified PACE\(|\)AA protocol. In: Deng, R.H., Feng, T. (eds.) ISPEC 2013. LNCS, vol. 7863, pp. 218–232. Springer, Heidelberg (2013)
ISO/IEC JTC1 SC17 WG3/TF5 for the International Civil Aviation Organization: Supplemental Access Control for Machine Readable Travel Documents. Technical report version 1.02, March 08 (2011)
Jablon, D.P.: Extended password key exchange protocols immune to dictionary attacks. In: WETICE, pp. 248–255. IEEE Computer Society (1997)
Killmann, W., Schindler, W.: A proposal for functionality classes for random number generators (2011). https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen/AIS_20_Functionality_classes_for_random_number_generators_e.pdf
LaMacchia, B.A., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. IACR Cryptology ePrint Archive 2006, 73 (2006)
Young, A.L., Yung, M.: Malicious Cryptography - Exposing Cryptovirology. Wiley, New York (2004)
Acknowledgment
We would like to thank an anonymous reviewer for remarks on security model for real world computations. Some valuable comments are incorporated almost literally. We also thank INSCRYPT PC chairs for many helpful suggestions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Hanzlik, L., Kubiak, P., Kutyłowski, M. (2015). Stand-by Attacks on E-ID Password Authentication. In: Lin, D., Yung, M., Zhou, J. (eds) Information Security and Cryptology. Inscrypt 2014. Lecture Notes in Computer Science(), vol 8957. Springer, Cham. https://doi.org/10.1007/978-3-319-16745-9_26
Download citation
DOI: https://doi.org/10.1007/978-3-319-16745-9_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-16744-2
Online ISBN: 978-3-319-16745-9
eBook Packages: Computer ScienceComputer Science (R0)