Building an Application that reads Secure Information Stored on the Chip of the Citizen Identity Card in Vietnam
Received: 29 November 2022 | Revised: 24 December 2022 | Accepted: 31 December 2022 | Online: 5 February 2023
Corresponding author: Nhu-Quynh Luc
Abstract
Reading the information on the CIC/passport is very meaningful in serving the life activities of citizens in Vietnam and of foreign citizens visiting Vietnam. This research is based on the operating modes, such as BAC, FACE, and EAC to read the data contained in the chip put on the Citizen Identity Card (CIC) out securely. Specifically, the authors used the BAC mode to perform safe data reading from the CIC’s chip. BAC mode uses 3DES and SHA1 algorithms to encrypt data to ensure security, so when the data are transmitted from the chip they are encrypted and decryption is performed by the application. In this paper, a complete application has been built for reading personal information stored securely on CIC. This application is built based on the BAC reading mode corresponding to CIC in Vietnam and meets the requirements of the ICAO 9303 standard, so it is able to read passports or CICs of other countries that use this standard. The performance of this application when reading data stored on fields DG1, DG2, and DG13 is improved with a speed of about 1.2s - 1.3s for all 3 data fields.
Keywords:
BAC, EAC, PACE, 3DES, MRZ, SHA, digital signatureDownloads
References
L. C. Guillou and M. Ugon, "Smart Card a Highly Reliable and Portable Security Device," in Lecture Notes in Computer Science, New York, NY, USA: Springer, 1987, pp. 464–479. DOI: https://doi.org/10.1007/3-540-47721-7_35
K. Vedder, "GSM: Security, Services, and the SIM," in Lecture Notes in Computer Science, Berlin, Heidelberg: Springer, 1998, pp. 224–240. DOI: https://doi.org/10.1007/3-540-49248-8_10
V. Guyot, "Smart card, the stealth leaker," Journal in Computer Virology, vol. 8, no. 1, pp. 29–36, May 2012. DOI: https://doi.org/10.1007/s11416-012-0159-y
W. Rankl and W. Effing, Smart Card Handbook, Fourth Edition. New York, NY, USA: John Wiley & Sons, 2010.
D. Basin, R. Sasse, and J. Toro-Pozo, "The EMV Standard: Break, Fix, Verify," in IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, Dec. 2021, pp. 1766–1781. DOI: https://doi.org/10.1109/SP40001.2021.00037
M. E. Haykin and R. B. J. Warnar, Smart Card Technology: New Methods for Computer Access Control. Gaithersburg, MD, USA: National Institute of Standards and Technology, 1988. DOI: https://doi.org/10.6028/NIST.SP.500-157
K. Markantonakis, "Multi Application Smart Card Platforms and Operating Systems," in Smart Cards, Tokens, Security and Applications, K. E. Mayes and K. Markantonakis, Eds. Boston, MA, USA: Springer, 2008, pp. 51–83. DOI: https://doi.org/10.1007/978-0-387-72198-9_3
W. Rankl and W. Effing, Smart Card Handbook, 1st Edition. Chichester, WS, England: Wiley, 2010. DOI: https://doi.org/10.1002/9780470660911
H. Guo, Smart Cards and their Operating Systems. Helsinki, Finland: Helsinki University of Technology, 2002.
K. Mekki, O. Necibi, C. Boussetta, and A. Gharsallah, "Miniaturization of Circularly Polarized Patch Antenna for RFID Reader Applications," Engineering, Technology & Applied Science Research, vol. 10, no. 3, pp. 5655–5659, Jun. 2020. DOI: https://doi.org/10.48084/etasr.3445
K. R. Wilcox, "Multi-application smart cards: Card operating systems and application security," presented at the 21st Computer Science Seminar, 2003.
E. Barker and N. Mouha, Recommendation for Triple Data Encryption Algorithm (TDEA) Block Cipher. Gaithersburg, MD, USA: National Institute of Standards and Technology, 2017. DOI: https://doi.org/10.6028/NIST.SP.800-67r2
B. Robisson et al., "Smart security management in secure devices," Journal of Cryptographic Engineering, vol. 7, no. 1, pp. 47–61, Apr. 2017. DOI: https://doi.org/10.1007/s13389-016-0143-4
T. Rosteck, Connected Secure Systems (CSS) Division Call hosted by Deutsche Bank. infineon, 2021.
A. H. Al-Omari, "Lightweight Dynamic Crypto Algorithm for Next Internet Generation," Engineering, Technology & Applied Science Research, vol. 9, no. 3, pp. 4203–4208, Jun. 2019. DOI: https://doi.org/10.48084/etasr.2743
P. A. Karger, D. C. Toll, E. R. Palmer, S. K. McIntosh, S. Weber, and J. W. Edwards, "Implementing a High-Assurance Smart-Card OS," in Financial Cryptography and Data Security, Tenerife, Canary Islands, Jan. 2010, pp. 51–65. DOI: https://doi.org/10.1007/978-3-642-14577-3_7
O. Dagdelen, "The Cryptographic Security of the German Electronic Identity Card," Ph.D. dissertation, Technical University of Berlin, Berlin, Germany, 2013.
U. Iftikhar, K. Asrar, M. Waqas, and S. A. Ali, "Evaluating the Performance Parameters of Cryptographic Algorithms for IOT-based Devices," Engineering, Technology & Applied Science Research, vol. 11, no. 6, pp. 7867–7874, Dec. 2021. DOI: https://doi.org/10.48084/etasr.4263
Order of Identification and Regulations for Issue Issuance. 1957.
Circular No. 59/2021/TT-BCA detailing the implementation of the Law on Citizen Identification. 2021.
ISO/IEC 18013-3:2017, Information technology — Personal identification — ISO-compliant driving licence — Part 3: Access control, authentication and integrity validation. ISO, 2017.
Doc 9303: Machine Readable Travel Documents: Part 3: Specifications Common to all MRTDs, 8th ed. ICAO, 2021.
"Radio Frequency Protocol and Application Test Standard for eMRTD – Part 3," ICAO, Technical Report, Mar. 2018.
D. Cooper, H. Ferraiolo, K. Mehta, S. Francomacaro, R. Chandramouli, and J. Mohler, NIST Special Publication 800-73-4: Interfaces for Personal Identity Verification – Part 1: PIV Card Application Namespace, Data Model and Representation. Gaithersburg, MD, USA: NIST, US Department of Commerce, 2015.
Advanced Security Mechanisms for Machine Readable Travel Documents and eIDAS Token – Part 1. Germany: Federal Office for Information Security, 2015.
ISO/IEC 14443-4:2008, Identification cards — Contactless integrated circuit cards — Proximity cards — Part 4: Transmission protocol. ISO, 2008.
ISO/IEC 7816-4:2020(en), Identification cards — Integrated circuit cards — Part 4: Organization, security and commands for interchange. ISO, 2020.
H. Mestiri, I. Barraj, and M. Machhout, "AES High-Level SystemC Modeling using Aspect Oriented Programming Approach," Engineering, Technology & Applied Science Research, vol. 11, no. 1, pp. 6719–6723, Feb. 2021. DOI: https://doi.org/10.48084/etasr.3971
A. S. Alshammari, "Comparison of a Chaotic Cryptosystem with Other Cryptography Systems," Engineering, Technology & Applied Science Research, vol. 10, no. 5, pp. 6187–6190, Oct. 2020. DOI: https://doi.org/10.48084/etasr.3745
G. McGraw, "Software Security: Building Security In," in 17th International Symposium on Software Reliability Engineering, Raleigh, NC, USA, Nov. 2006. DOI: https://doi.org/10.1109/ISSRE.2006.43
A. Apvrille and M. Pourzandi, "Secure software development by example," IEEE Security & Privacy, vol. 3, no. 4, pp. 10–17, Jul. 2005. DOI: https://doi.org/10.1109/MSP.2005.103
J. Koziol et al., The Shellcoder’s Handbook: Discovering and Exploiting Security Holes. New York, NY, USA: Wiley, 2004.
M. Howard and D. LeBlanc, Writing Secure Code, Second Edition, 2nd ed. Redmond, WA, USA: Microsoft Press, 2003.
"About Strsafe.h - Win32 apps," Microsoft. https://learn.microsoft.com/en-us/windows/win32/menurc/strsafe-ovw.
Downloads
How to Cite
License
Copyright (c) 2023 Van-Hoan Le, Nhu-Quynh Luc, Toan Thanh Dao, Quang-Trung Do
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
