Full Text

Abstract: Nowadays e-passports base their security on Basic Access Control (BAC) protocol, whose encryption keys are derived from the Machine Readable Zone (MRZ) characters of the document. MRZ data has very low entropy, thus this security measurement does not mean a problem for potential attackers. This paper proposes an alternative access control protocol to improve e-passports' security, based on the holder's fingerprint. First an optimized implementation of an asymmetric matching algorithm for JavaCard platform is proposed, which offers a faster Match-On-Card (MOC) performance; this matching algorithm uses information from the best local minutiae on the fingerprint, and the spatial relationship between them, thus allowing less use of memory and a smaller runtime. Next, an alternative access control protocol for e-passports based on MRZ and random characters, and the bearer's fingerprint Match-On-Card, is presented. The proposed protocol uses the document's Active Authentication (AA) public key to send a candidate template to the card in a secure way, and a random key seed to set the session encryption and Message Authentication Code (MAC) keys; by this way, more secure e-passports can be produced. This access control protocol has been implemented on a Radio Frequency Identification (RFID) JavaCard to show effectiveness and security of our approach. The proposed protocol has been developed as a part of IDENTICA, an advanced identity verification project requested by Telvent, and co-financed by Ministry of Industry, Tourism and Commerce of Spain, in the framework of the National Plan of Scientific Research, Development and Technological Innovation 2004-2007.

Keywords: e-passport, security, fingerprints, minutiae, RFID, JavaCard