| To ensure the security of E-passport, International Civil Aviation Organization (ICAO) recommends four security mechanisms: Basic Access Control (BAC), Passive Authentication (PA), Active Authentication (AA) and Extension Access Control (EAC). But study reveals that these security mechanisms cannot completely attain ICAO's expectation of safe target, especially, Active Authentication is easily attacked by "Challenge Semantics". Improving the AA protocol is one of the most important topics need to be solved to enhance the security of E-passport system. This thesis attempts to design an AA protocol using Pairing-Based Cryptography(PBC) which can make E-passport chip be free from suffering "Challenge Semantics" attack while completing its own reliability proof.The key point in this research is the the improvement of Active Authentication protocol. Aim at "Challenge Semantics" attack, EU puts forward a project which uses Chip Authentication (CA) to support AA, but the project is still an establishment on the CA-PKI scheme and it involves some irregularities like tedious certificate management, complicate establishment and verification process of certificate chain, etc. In this article, a new AA protocol using PBC is proposed with the corresponding security architecture given close behind. The new protocol adopts Zero-Knowledge Proofs (ZKP) and it cannot only avoid suffering "Challenge Semantics" effectively, but also has the advantages of simple system structure and low management cost.A Java Card file packet, i.e. lds, is designed in this text, in which, the document structure of the chip data and the interactive commands are also defined to complete security authentication. Take this as foundation, an Active Authentication protocol, matches ICAO Doc9303 standard, is implemented on the Java Card platform and the core algorithm of Active Authentication using PBC is given at the latter part of this paper. |
PDF Full Text Request