To verify the traveller’s identity and the e-passport originality,
the Inspection System (IS) needs to collect data and
verify the secret. As a prerequisite, this approach is run under the assumption that a Password Authentication Connection Establishment (PACE) is executed in order to establish aTo verify the traveller’s identity and the e- passport originality, the Inspection System (IS) needs to collect data and verify the secret. As a prerequisite, this approach is run under the assumption that a Password Authentication Connection Establishment (PACE) is executed in order to establish a secure communication between IS and the e-passport chip. Reading the MRZ allows the Inspection System to load the corresponding certificates and parameters of the electronic document and its issuing country. Consequently, the IS queries its local database to get the secret fragment given by the DV after the registration phase (X = S2P +S3P). If data is not found stored in the database, the IS sends a query to the DV to recuperate it. At that case, the DV recovers the RA segment (S3P) and add it to its secret then sends the recovered (X) to the IS. A connection is established between the chip and the IS in order to read the stored secret SAP. The E-passport bearer needs to regenerate his segment of the shared secret. Thus, a biometric probe is measured and (PI*, AD) are extracted, the secret (S_ 1P) is generated and sent to the IS when P is a generator of the elliptic curve. As mentioned above, the DV sends beforehand the partially generated secret X = S2P + S3P. IS retrieves the secret S_ AP = S_ 1P + X after receiving S_ 1P and compares it to SAP stored in the chip of correspondent e-passport. The proposal aims to optimize the use of resources by using only one elliptic curve and to avoid storage of all the user entire related data in the DV database. The short keys length is an interest for the RFID technology which uses less memory. On the proposed scheme, there is no need to verify independently the chip and its holder. The figure 1 illustrates the hole contribution precess. Our proposed scheme aims to mitigate previous generations problems. Even if a reader with expired certificate reads the content, sensitive and protected data cannot be disclosed. It aims to optimize the use of resources by using only one elliptic curve and avoids storage of all the user’s related data in the database of DV. Keys are shorter and it is an advantage for the RFID technology which uses less memory. From a secure point of view, our contribution provides an authentication protocol based on the uniqueness of fingerprint template, ECC and secret sharing advantages. In next session, we formally verify authentication of the process. V. FORMAL VERIFICATION A. BAN logic overview The BAN logic is a formal verification language developed by Burrows, Abadi, and Needham in 1989 [7]. It’s designed to facilitate more rigorous analysis of cryptographic protocols than is possible by informal methods. Especially, it’s dedicated to verifying authentication properties. This logic describes knowledge and beliefs of involved parties in a formal manner and analyses them in each step of the protocol. BAN logic performs protocol analysing in four steps: Idealizing the protocol, Initiative premises or assumptions, Establishment of security goals and Protocol Analysis. Basic notations: P, Q are principals, K is an encryption key and X is a statement or a formula - P |≡ X : P believes X - P _ X : P sees X - P| ∼ X : P once said X - P |⇒ X : P has jurisdiction over X - #X : the formula X is fresh - P ←K→ Q : P and Q use the shared key K to communicate - − K→ P : P has K as public key - {X}K : X is encrypted under K BAN logic rules: 1) Message meaning Rules P|≡Q ←K→P,P_{X}K P|≡Q|∼{X} (1) P|≡− K→Q,P_{X}K P|≡Q|∼{X} (2) 2) Nonce verification rule P|≡#{X},P |≡Q|∼X P|≡Q|≡X (3) 1257 secure communication between IS and the e-passport chip. Reading the MRZ allows the Inspection System to load the corresponding certificates and parameters of the electronic document and its issuing country. Consequently, the IS queries its local database to get the secret fragment given by the DV after the registration phase (X = S2P +S3P). If data is not found stored in the database, the IS sends a query to the DV to recuperate it. At that case, the DV recovers the RA segment (S3P) and add it to its secret then sends the recovered (X) to the IS. A connection is established between the chip and the IS in order to read the stored secret SAP. The E-passport bearer needs to regenerate his segment of the shared secret. Thus, a biometric probe is measured and (PI*, AD) are extracted, the secret (S_ 1P) is generated and sent to the IS when P is a generator of the elliptic curve. As mentioned above, the DV sends beforehand the partially generated secret X = S2P + S3P. IS retrieves the secret S_ AP = S_ 1P + X after receiving S_ 1P and compares it to SAP stored in the chip of correspondent e-passport. The proposal aims to optimize the use of resources by using only one elliptic curve and to avoid storage of all the user entire related data in the DV database. The short keys length is an interest for the RFID technology which uses less memory. On the proposed scheme, there is no need to verify independently the chip and its holder. The figure 1 illustrates the hole contribution precess. Our proposed scheme aims to mitigate previous generations problems. Even if a reader with expired certificate reads the content, sensitive and protected data cannot be disclosed. It aims to optimize the use of resources by using only one elliptic curve and avoids storage of all the user’s related data in the database of DV. Keys are shorter and it is an advantage for the RFID technology which uses less memory. From a secure point of view, our contribution provides an authentication protocol based on the uniqueness of fingerprint template, ECC and secret sharing advantages. In next session, we formally verify authentication of the process. V. FORMAL VERIFICATION A. BAN logic overview The BAN logic is a formal verification language developed by Burrows, Abadi, and Needham in 1989 [7]. It’s designed to facilitate more rigorous analysis of cryptographic protocols than is possible by informal methods. Especially, it’s dedicated to verifying authentication properties. This logic describes knowledge and beliefs of involved parties in a formal manner and analyses them in each step of the protocol. BAN logic performs protocol analysing in four steps: Idealizing the protocol, Initiative premises or assumptions, Establishment of security goals and Protocol Analysis. Basic notations: P, Q are principals, K is an encryption key and X is a statement or a formula - P |≡ X : P believes X - P _ X : P sees X - P| ∼ X : P once said X - P |⇒ X : P has jurisdiction over X - #X : the formula X is fresh - P ←K→ Q : P and Q use the shared key K to communicate - − K→ P : P has K as public key - {X}K : X is encrypted under K BAN logic rules: 1) Message meaning Rules P|≡Q ←K→P,P_{X}K P|≡Q|∼{X} (1) P|≡− K→Q,P_{X}K P|≡Q|∼{X} (2) 2) Nonce verification rule P|≡#{X},P |≡Q|∼X P|≡Q|≡X (3) 1257