PACE with Mutual Authentication - Towards an Upgraded eID in Europe

In this paper we present modifications to the protocols PACE (Password Authenticated Connection Establishment) and PACE CAM (PACE with Chip Authentication Mapping) from International Civil Aviation Organization (ICAO) specification. We show that with slight changes it is possible to convert PACE (which is limited to password authentication) and PACE CAM (where only the chip is strongly authenticated) to a full-fledged authentication where apart from password authentication both the terminal and the chip are authenticated in a strong cryptographic way. The new protocols provide better privacy protection and resilience against key leakage than the previous protocols and are implementation friendly. The idea is not to reveal an exponent (as in case of PACE CAM) - instead, we reuse the Diffie-Hellman key exchange for static Diffie-Hellman authentication in the PACE protected channel. The proposed fine tuning of the schemes adopted by ICAO for biometric passports may contribute to the future European eID practice, since the ICAO standards have been chosen by the EU as an obligatory basic platform for official personal identity documents issued since August 2021 in all EU countries.