BAC

BAC

Basic Access Control (BACBACApplicationePassport security using MRZ data.Click to view →) is a security protocol for ePassports that prevents unauthorized reading of passport chip data by requiring the reader to prove knowledge of information printed in the Machine Readable Zone (MRZ) before establishing an encrypted communication channel. Defined in ICAO 9303, BAC ensures that the contactless chip cannot be read without physical or optical access to the passport's data page.

Why BAC Is Necessary

Because ePassports use ISO 14443 contactless communication, the chip could theoretically be read from a distance without the holder's knowledge — a concern known as skimming. BAC mitigates this threat by requiring the reader to derive encryption keys from MRZ data that is only available when the passport is physically opened and optically scanned.

BAC Protocol Flow

The BAC authentication and key agreement proceeds in three steps:

1. MRZ Key Derivation: The inspection system reads the MRZ and extracts three data elements — passport number, date of birth, and date of expiry. These are concatenated with their check digits and hashed with SHA-1 to produce a basic access key (Kenc and Kmac) using 3DES key derivation.

2. Mutual Authentication: The reader and passport chip perform a challenge-response exchange:

3. The chip sends an 8-byte random number (RND.IC) to the reader
4. The reader generates its own random (RND.IFD) and a key seed (KIFD), encrypts the concatenation with Kenc, and MACs with Kmac
5. The chip verifies the MAC and decrypts to recover RND.IFD and KIFD

6. The chip sends back its response (encrypted and MACed with the same keys), including its own key seed (KIC)

7. Session Key Establishment: Both parties combine KIFD and KIC to derive session keys (KSenc and KSmac) for Secure Messaging. All subsequent APDUs are encrypted and integrity-protected with these session keys.

BAC Limitations

BAC has known security weaknesses that motivated the development of PACE:

• Low entropy: The MRZ-derived key material has limited entropy (approximately 56 bits effective), making it vulnerable to brute-force attacks if an attacker records a BAC session
• Offline attack: An eavesdropper who captures a complete BAC exchange can attempt an offline brute-force search of the MRZ key space
• 3DES dependency: BAC relies on Triple DES, which is being phased out in favor of AES

PACE as Successor

PACE (Password Authenticated Connection Establishment) addresses BAC's weaknesses by using elliptic curve Diffie-Hellman key agreement with password-based authentication, providing forward secrecy and resistance to offline dictionary attacks. EU member states have mandated PACEPACEApplicationStrong ePassport authentication protocol.Click to view → for all new ePassports since 2014, while BAC remains supported for backward compatibility with older inspection systems.