Your search keyword '"Extended Access Control"' showing total 7 results

1. An Overview of Electronic Passport Security Features

Author

Říha, Zdeněk, Matyáš, Vashek, editor, Fischer-Hübner, Simone, editor, Cvrček, Daniel, editor, and Švenda, Petr, editor

Published

2009

2. Towards a More Secure and Scalable Verifying PKI of eMRTD

Author

Harald Baier and Nicolas Buchmann

Subjects

Revocation, Computer science, business.industry, computer.internet_protocol, Public key infrastructure, Computer security, computer.software_genre, Certificate, Extended Access Control, Network Time Protocol, The Internet, Online Certificate Status Protocol, business, computer, Protocol (object-oriented programming)

Abstract

The new electronic passport stores biometric data on a contactless readable chip to uniquely link the travel document to its holder. This sensitive data is protected by a complex protocol called Extended Access Control (EAC) against unlawful readouts. EAC is manifold and thus needs a complex public key infrastructure (PKI). Additionally EAC is known to suffer from unsolved weaknesses, e.g., stolen (mobile) passport inspection systems due to its missing revocation mechanism. The paper at hand seeks for potential approaches to solve these shortcomings. As a result we present an evaluation framework with special focus on security and scalability to assess the different candidates and to give a best recommendation. Instead of creating new protocols, we focus on solutions, which are based on well-known protocols from the Internet domain like the Network Time Protocol (NTP), the Online Certificate Status Protocol (OCSP), and the Server-based Certificate Validation Protocol (SCVP). These protocols are openly standardised, widely deployed, thoroughly tested, and interoperable. Our recommendation is that the EAC PKI would benefit most from introducing NTP and OCSP.

Published

2014

3. Security Analysis of the Extended Access Control Protocol for Machine Readable Travel Documents

Author

Özgür Dagdelen and Marc Fischlin

Subjects

Provable security, Authenticated Key Exchange, Security analysis, Security association, Security service, Computer science, Extended Access Control, Information security, Computer security model, Computer security, computer.software_genre, computer

Abstract

We analyze the Extended Access Control (EAC) protocol for authenticated key agreement, recently proposed by the German Federal Office for Information Security (BSI) for the deployment in machine readable travel documents. We show that EAC is secure in the Bellare-Rogaway model under the gap Diffie-Hellman (GDH) problem, and assuming random oracles. Furthermore, we discuss that the protocol achieves some of the properties guaranteed by the extended CK security model of LaMacchia, Lauter and Mityagin (ProvSec 2008).

Published

2011

4. Distributed Access Control Management – A XACML-Based Approach

Author

David Brossard, Erik Rissanen, and Adriaan Slabbert

Subjects

Markup language, Computer access control, business.industry, Computer science, Business rule, XACML, Access control, World Wide Web, Extended Access Control, Role-based access control, Semantics of Business Vocabulary and Business Rules, business, computer, computer.programming_language

Abstract

Enterprises are increasingly pervasive with users and services belonging to different domains. Cross-enterprise business collaborations are soaring and so are business relationships with complex access control rules. Business rules no longer come from a single source. There is a need for multiple administrators to define rules that apply to their part of the collaboration. Traditional access control models are not sufficient. This demonstrator illustrates an authorization service developed by Swedish SME Axiomatics. It implements the eXtended Access Control Markup Language (XACML), a policy- and rule-based access control language which allows the expression of fine-grained access control rules in distributed environments.

Published

2009

5. An On-Line Secure E-Passport Protocol

Author

Josef Pieprzyk, Vijayakrishnan Pasupathinathan, and Huaxiong Wang

Subjects

Authentication, business.industry, Computer science, Civil aviation, Public key infrastructure, Computer security, computer.software_genre, Extended Access Control, ComputingMilieux_COMPUTERSANDSOCIETY, media_common.cataloged_instance, Smart card, European union, business, Protocol (object-oriented programming), computer, Implementation, media_common

Abstract

The first generation e-passport standard is proven to be insecure and prone to various attacks. To strengthen, the European Union (EU) has proposed an Extended Access Control (EAC) mechanism for e-passports that intends to provide better security in protecting biometric information of the e-passport bearer. But, our analysis shows, the EU proposal fails to address many security and privacy issues that are paramount in implementing a strong security mechanism. In this paper we propose an on-line authentication mechanism for electronic passports that addresses the weakness in existing implementations, of both The International Civil Aviation Organisation (ICAO) and EU. Our proposal utilises ICAO PKI implementation, thus requiring very little modifications to the existing infrastructure which is already well established.

Published

2008

6. Access Control Requirements for Processing Electronic Health Records

Author

Colin J. Fidge and Bandar Alhaqbani

Subjects

Computer access control, Computer science, business.industry, Access control, Computer security, computer.software_genre, Mandatory access control, Discretionary access control, Network Access Control, Extended Access Control, Role-based access control, Physical access, business, computer

Abstract

There is currently a strong focus worldwide on the potential of large-scale Electronic Health Record systems to cut costs and improve patient outcomes through increased efficiency. A number of countries are developing nationwide EHR systems to aggregate services currently provided by isolated Electronic Medical Record databases. However, such aggregation introduces new risks for patient privacy and data security, both by linking previously-separate pieces of information about an individual, and by creating single access points to a wide range of personal data. It is thus essential that new access control policies and mechanisms are devised for federated Electronic Health Record systems, to ensure not only that sensitive patient data is accessible by authorized personnel only, but also that it is available when needed in life-critical situations. Here we review the traditional security models for access control, Discretionary Access Control, Mandatory Access Control and Role-Based Access Control, and use a case study to demonstrate that no single one of them is sufficient in a federated healthcare environment. We then show how the required level of data security can be achieved through a judicious combination of all three mechanisms.

Published

2008

7. Crossing Borders: Security and Privacy Issues of the European e-Passport

Author

Bart Jacobs, Martijn Oostdijk, Ronny Wichers Schreur, Engelbert Hubbers, and Jaap-Henk Hoepman

Subjects

Information privacy, Computer science, business.industry, Access control, Computer security, computer.software_genre, Extended Access Control, ComputingMilieux_COMPUTERSANDSOCIETY, Entropy (information theory), Message authentication code, Confidentiality, Smart card, business, computer

Abstract

The first generation of European e-passports will be issued in 2006. We discuss how borders are crossed regarding the security and privacy erosion of the proposed schemes, and show which borders need to be crossed to improve the security and the privacy protection of the next generation of e-passports. In particular we discuss attacks on Basic Access Control due to the low entropy of the data from which the access keys are derived, we sketch the European proposals for Extended Access Control and the weaknesses in that scheme, and show how fundamentally different design decisions can make e-passports more secure.

Published

2006