Included Additional Content:
Liechtenstein has taken a significant step in improving the security of its electronic passports by implementing the Supplemental Access Control (SAC) safety standard. This change, which occurred by the end of August 2014, replaces the older Basic Access Control (BAC) standard and moves away from conventional symmetric encryption towards more secure asymmetric cryptography.
The SAC standard, managed by the Office for Post and Telecommunications (OeSD), offers increased security for electronic passports. It facilitates manual input and potentially improves protection against unauthorized access. The new passports now use a challenge-response mechanism, where the electronic passport chip proves possession of a private key to the inspection system using digital signatures.
One of the key advantages of SAC over conventional symmetric encryption is the use of asymmetric (public-key) cryptography. This approach provides stronger authentication and better protection against cloning and unauthorized reading. In addition, SAC enhances protection against skimming and eavesdropping, as unlike symmetric BAC, which uses static keys that can be intercepted and reused, SAC’s asymmetric keys make passive attacks far more difficult.
Moreover, SAC ensures mutual authentication between the passport and the inspection system, reducing risks of impersonation or man-in-the-middle attacks. This mutual authentication process verifies the authenticity of both parties, ensuring the integrity of the passport data and the inspection system.
While Liechtenstein is not a member of the European Union, it has chosen to adopt the SAC safety standard ahead of the EU deadline. This decision reflects Liechtenstein's commitment to maintaining high security standards for its passports. Liechtenstein's electronic passports can now be accessed using all three methods allowed by the International Civil Aviation Organization (ICAO), including access with SAC after reading the six-digit Card Access Number (CAN) or the Machine Readable Zone (MRZ).
The new passports are expected to offer improved protection against unauthorized access due to the change from symmetric to asymmetric encryption and the implementation of the SAC standard. Furthermore, mobile passport readers are likely to use the SAC access method with six-digit CAN in the future.
The implementation of the SAC safety standard in Liechtenstein's passports has resulted in the country having the most modern passports, as they are now equipped with the latest security features. Klaus Astner, the technical project manager at OeSD, and Claudia Schwendimann, the CEO of OeSD International GmbH and the project manager for the SAC implementation in Liechtenstein, have played crucial roles in this project.
In conclusion, the implementation of SAC in Liechtenstein's electronic passports signifies a significant leap forward in passport security. The use of asymmetric cryptography provides better protection for the access to the chip than conventional symmetric encryption, enhancing the existing BAC standard to PACE v2. This change will undoubtedly contribute to more secure border control in Liechtenstein and beyond.
[1] https://ec.europa.eu/home-affairs/what-we-do/policies/borders-and-visas/documents/eu-entry-exit-system-ees_en [3] https://ec.europa.eu/home-affairs/what-we-do/policies/borders-and-visas/biometrics/documents/biometrics-passports_en
Technology, specifically the Supplemental Access Control (SAC) standard, has been implemented in Liechtenstein's electronic passports to improve security, moving away from conventional symmetric encryption towards more secure asymmetric cryptography.
The use of asymmetric cryptography in SAC offers increased protection against unauthorized access and skimming, providing a more advanced level of security compared to traditional symmetric encryption.
