Supplemental access control

Supplemental access control (SAC) is a set of security features defined by ICAO^[1] for protecting data contained in electronic travel documents (e.g. electronic passports). SAC specifies the Password Authenticated Connection Establishment (PACE) protocol, which itself supplements and improves upon the Basic Access Control (BAC) protocol also established by ICAO.^[2] PACE, like BAC, prevents two types of attacks:^[3]

• Skimming (online attack that consists in reading the RFID chip without physical access to the document and without the holder's approval). Prior to reading the chip, the inspection system needs to know some data that is printed on the document (e.g. the MRZ) or a key that is known only to the holder (personal identification number (PIN)), which means he has willingly handed the document for inspection. While BAC works only with the MRZ, PACE allows using card access numbers (short keys printed on the document) and PINs.
• Eavesdropping (offline attack that starts by recording the data exchanged between the reader and the chip, to be analyzed later). The inspection system uses PACE for establishing a secure communication channel with the contactless chip, but using stronger cryptography than BAC. PACE offers an excellent protection against offline attacks, raising the security of documents containing contactless chips to the level of documents using contact chips.

With the implementation of PACE begins the third generation of electronic passports.^{[4] [5] [6]} EU members must implement PACE in electronic passports by the end of 2014.^[7] States, for the sake of global interoperability, must not implement PACE without implementing BAC, and inspection systems should implement PACE and use it if supported by the MRTD chip. Thus, it is important that global interoperability is achieved, to make the enhancement reliable for the document verification process. To achieve interoperability, there are so called Interoperability Tests. The results of the last test focusing on SAC describe the current state of implementation in the field. ^[8]

Version 1.1 (April 2014) of ICAO's "Supplemental Access Control" Technical Report introduces the Chip Authentication protocol as an alternative to Active Authentication and integrates it with PACE, achieving a new protocol (Chip Authentication Mapping, PACE-CAM ^[9] ) which allows faster execution than the separate protocols. ^[10]

References

1. Supplemental Access Control for Machine Readable Travel Documents (PDF). International Civil Aviation Organization (ICAO). November 2010.
2. ICAO Doc 9303, Machine Readable Travel Documents, Part 1: Machine Readable Passports, Volume 2: Specifications for Electronically Enabled Passports with Biometric Identification Capability (PDF) (Sixth ed.). International Civil Aviation Organization (ICAO). 2006. Archived from the original (PDF) on 2015-06-05.
3. Jens Bender, Dennis Kügler (2009). Introducing the PACE solution (PDF). Bundesamt für Sicherheit in der Informationstechnik.
4. Gemalto (October 2011). Moving to the third generation of electronic passports (PDF).
5. Verna Heino (Gemalto) (April 2011). Moving to the third generation of electronic passports. Silicon Trust.
6. Markus Mösenbacher (2013). Preventing fraud in ePassports and eIDs (PDF). NXP.
7. European Commission (August 2011). Commission Decision C(2011) 5499 amending Commission Decision C(2006) 2909 laying down the technical specifications on the standards for security features and biometrics in passports and travel documents issued by Member States (PDF).
8. Holger Funke (2014). "Results of Interoperability Tests in Madrid". blog.protocolbench.org.
9. Holger Funke (2015). "Chip Authentication Mapping". blog.protocolbench.org.
10. TR - Supplemental Access Control for MRTDs V1.1 (PDF). ICAO. 2014.