Basic access control

from Wikipedia, the free encyclopedia

Basic Access Control describes the authentication process between an inspection system and a machine-readable travel document in order to enable encrypted data exchange. The authentication method used is challenge-response authentication .

The procedure requires that the document holder presents his / her travel document (e.g. passport ) for inspection. This ensures that sensitive data cannot be read out without the consent of the traveler.

The procedure

graphic
  • Key generation
  1. The document holder presents their travel document for inspection.
  2. An optical reader reads the machine-readable zone (MRZ) printed on the document . Alternatively, the data can also be entered manually.
  3. The document number, the date of birth and the expiry date including the check digits are extracted from the data.
  5. Two keys, K_ENC and K_MAC, are generated from the extracted data, which are used to encrypt the following commands and to calculate the checksum.
  • Authentication and establishment of the session key
  2. A random number RND_ICC is generated from the document chip and sent to the inspection system.
  3. The inspection system generates two random numbers, RND_IFD and K_IFD.
  4. The concatenation of the random numbers is encrypted with the key K_ENC and the result is provided with a MAC checksum based on the key K_MAC .
  5. The data is sent to the document chip together with an authentication command.
  6. The chip verifies and decrypts the data and compares the random number it contains with the one it previously sent.
  7. The chip generates another random number K_ICC and forms the XOR link from K_ICC and K_IFD as the basis for generating the session keys KS_ENC and KS_MAC.
  8. The concatenation of the random numbers RND_ICC, RND_IFD and K_ICC is encrypted with the key K_ENC and the result is provided with a MAC checksum based on the key K_MAC and sent back to the inspection system. For later communication, an eight-byte-long counter is generated from the four low-order bytes of the random numbers RND_ICC and RND_IFD.
  • Start of secure communication
  2. The inspection system verifies the validity of the chip's response and decodes the result.
  3. The session key and the eight-byte counter are now calculated from the result.

Secure communication

The communication that follows between the inspection system and the travel document is called secure messaging. A message is encrypted with a session key and the result is given a checksum. Before each checksum calculation, the session counter is increased and the data used for the checksum calculation is placed in front of it. The encryption and checksum calculation are carried out with the generated keys KS_ENC and KS_MAC. The data is encrypted with 112-bit Triple DES .

criticism

The security of the procedure depends largely on the effective key length. While this can theoretically be 56 bits for a pure number-based serial number, in the Netherlands, for example, numbers are assigned that reduce the key strength to a maximum of 35 bits and actually suggest an even lower strength. The Dutch security company Riscure demonstrated an attack in which a recording of a legitimate BAC communication that had been tapped could be decrypted within a few hours with the processing power of a standard PC due to the encryption strength used.

It is sometimes argued that Basic Access Control is therefore not in itself a bad process. In general, the strength of an encryption method should be appropriate to the confidentiality of the data to be protected. Proponents of the system argue that the data contained on the chip of a BAC passport (name, date of birth, passport number, nationality, gender, period of validity of the passport, photo), in the above-mentioned "few hours", very likely also in other ways could be determined. In this respect, the insecurely applied BAC method offers attackers only one additional attack option with a similar effort as comparable attacks.

Further information