A PACE Protocol Based On Remote Attestation And Privacy Preservation

With the development of information technology, using the e-passport has become an inevitable trend in international cooperations. ICAO and EU have issued three generations of e-passport, and the first and the second generation of e-passport have been used globally.The process of e-passort application reveals many security problems of the first and the second generation of e-passport. Thus ICAO proposes the PACE protocol as supplemental access control, which significantly improves the security of the e-passport. However, it is not adequate to merely protect the protocol layer. New threat is that some malware has been unperceivably injected into the e-passport. Currently, there are two aspects of new threats in e-passport:(1) As the remote application scenario, for example the online authentication of the e-passport, the adversary can launch a side-channel attack. Therefore, we propose a configuration measurement scheme to uncover these attacks.(2) The privacy issues are globally discussed, and there are many cases leaking the privacy of the user in the third-party applications.In this paper, we analyze the security of e-passport in physic layer, communication layer and protocol layer. Focusing on the security problems in e-passport, we propose two schemes.(1) Utilizing configuration attestation to provide creditability in e-passport by designing a cooperation scheme of remote attestation and PACE, which efficiently mitigate the vulnerability of malware injection and side-channel attacks. Furthermore, a cooperation scheme of remote attestation and PACE|AA is proposed so that the threats in AA can be solved.(2) Aiming to preserve privacy by designing remote attestation protocol based on zero-knowledge proof. Note that our work is based on e-passport, but the protocol can be used in other scenarios requiring channel security and terminal trust. In poof of security aspects, we use formal analysis to model the protocols in HLPSL, and the SPAN model checking tool is used to find attack paths automatically. According to the results of protocol analysis, the two proposed schemes are proved to be secure. In implementation aspects, we design general protocol framework based on PolarSSL and simulate the enhanced protocols. Preliminary experimental results show that the proposed enhanced protocols have feasibility.