Abstract e-KTP (Indonesian: Kartu Tanda

Penduduk Elektronik) was introduced by the

Indonesian Interior Ministry to replace the existing
identity card. With contactless smart card
technology, e-KTP obligates every applicant to
have their fingerprints scanned, verified, and saved
in the central storage. Furthermore, the data of the
fingerprint will be stored in the e-KTP smart card
as well. Since it is a very sensitive data, thus, some
security controls must be implemented. This
project developed a system to address this issue.
First, a mutual authentication program between
smart card readers/terminals and e-KTP smart
cards, before transaction begins. The process
authenticates both sides and proves that they are
authorized by employing cryptographic protocols,
algorithms, and keys. Furthermore the project also
developed encryption and decryption program to
protect data during transmission.
I. INTRODUCTION
O ensure that only authorized readers are allowed
to access the data inside e-KTP smart cards,
therefore security measures have to be put in place.
One way to achieve it is by employing key
management system that manages cryptography keys
and algorithms for mutual authentication, data
encryption and decryption. In conjunction with e-KTP,
key management system is a vital part of the
implementation, hence it should be thought out
properly. Several aspects related to e KTP, such as
supporting infrastructure, requirement and policy must
be taken into account in designing the system.
Researches to determine and evaluate the key
management system that will be best suitable with the
e-KTP program are required.
II. SMART CARD
From the time it was introduced, smart card
technology has been utilized for many different
usages. The most apparent practices of smart cards
ATM and credit card. Physically, a smart card looks
similar with any other cards as it is made out of
plastic. The difference is, it has a microprocessor-chip
embedded on it that gives smart functionality to the
card.
There are several criteria for smart card, including,
it should not be easily forged or copied. As it will be
used primarily to add security, thus, it must have the
ability to store data securely by running a range of
security algorithms and functions for participating in
an automated electronic transaction. If any type of
card fulfills these requirements, then it can be
categorized as smart card [1].
Basically, a smart card is composed by a plastic
card and a microprocessor-chip. But actually the
components of a smart card may vary. It depends on
the chip type and the mechanism for data transmission
[2]. For example, a contactless smart card will have a
Radio Frequency (RF) interface as additional
component for data transfer from the card to readers.
Regardless the chip type or the data transfer method,
every smart card must have several basic elements
which are Central Processing Unit (CPU), Read Only
Memory (ROM), Electrically Erasable Programming
Read Only Memory (EEPROM), and Random Access
Memory (RAM).

TABLE I
SMART CARD BASIC ELEMENTS [2]
Elements Description
CPU The core component.
ROM
A memory whose contents are installed when
the card is manufactured and cannot be
modified. Usually it contains card operating
system.
EEPROM
A volatile memory used as temporary memory
for CPU's processes while operating.
III. CRYPTOGRAPHY
A. Challenge-Response
Authentication is the process of ensuring the identity
of the counter party involved in a communication [3].
It is a crucial part in security service whose main
purpose is to prevent fraud and unauthorized access.
Furthermore, entity authentication is based on
challenge-response protocol. The process starts by
providing a challenge, where the response is based on
Design and Implementation of e-KTP (Indonesian
Electronic Identity Card) Key Management System
Aravada Kevindra Darwis and Charles Lim
Faculty of Information Technology, Swiss German University
EduTown, BSD, City Tangerang, 15339, Indonesia

E-mail: aravadakd@gmail.com, charles.lims@gmail.com
T
ICACSIS 2011 ISBN: 978-979-1421-11-9
143



the shared secret and a particular algorithm, known
only authorized parties.
The advantage of the challenge-response protocol,
which is each communicating party does not need to
keep synchronized with the other's token. With
providing random challenges each time, the previous
token used for previous communication will not be
valid for further process. On the other hand users must
key in additional numbers when using the challenge-
response token [4].
B. Message Authentication Code
MAC which stands for Message Authentication
Code, is a set of algorithms that allows sender to send
message to receiver where the receiver can be sure that
the sender in fact produce the message [5]. Usually
MAC is used for data transmission. It has to be
computed first then appended to the message. Once
the receiver has received the message, he computes the
MAC of the message and check it if it matches the
received MAC. If it does, then the message is still the
same as the sender produced it.
IV. KEY MANAGEMENT
Key management is a practice that focuses on
techniques and procedures for establishing and
maintaining keying relationships between authorized
entities. Moreover, keying relationship means the
process of sharing data regarding cryptographic
techniques between communicating parties [6].
To be noted that the chances of a key being stolen
or compromised are always there but there are
methods in key management practices to reduce the
impact. One way to do it is by using different keys for
different purposes, this method is called key
diversification. So the key for digital signatures will be
different with the key for data encryption and so on. In
addition, key derivation, where each of the keys is
derived from different master keys, could be
implemented as well to strengthen the security.
Another key management best-practice is employing
dynamic keys or known as session keys or
temporary keys. It starts by producing a random
number. The next step is to pass the random number
with a particular value to the other party. The further
process depends on which cryptographic algorithms to
employ.
Using different keys for different process makes the
smart card more resistant to attacks [7]. For example,
one DoS attack needs to extract at least three different
keys used by the card. Moreover with key derivation
where each key are personalized as it is derived from
cards unique value (serial number), thus guessing
cards secret keys is almost infeasible for attackers as
long as the derivation process is not compromised.
Another way to add more security to the secrecy of
keys is by employing different versions of key. By
different versions means that every master key from
which individual keys are derived must have a span of
lifetime. When it is valid and when it will be expired
must be stated clearly. Changing keys from one
version to another does not always have to wait until it
is compromised, it is better to do it periodically.
V. RESULT
A. Mutual Authentication

Fig. 1. Mutual authentication.

The mutual authentication is triggered when a smart
card is inserted to or detected by the reader/terminal.
The purpose is to check whether the smart card or
terminal is authorized for e-KTP. The proposed
design of mutual authentication process is specified
step by step, as follow,
The terminal requests a random number from the
e-KTP smart card.
The terminal requests the serial number of the
card.
The terminal and the card generate a Message
Authentication Code (MAC) from the random
number, the serial number, and Card e-KTP Key
(made out of Master e-KTP Key and the cards
serial number) using a built-in function from
BasicCard called OMAC. This function uses AES
algorithm with 128 bits key and returns a 16-byte
string of the input.
The terminal sends the computed OMAC to the
card.
The card verifies whether the OMAC from the
terminal matches with the OMAC generated by
the card.
The terminal creates a random number to be sent
to the card and generates an OMAC out of it.
The card receives the random number, generates
an OMAC, then sends it back to terminal.
The terminal and the card generates a session key
based on both OMACs generated by each other
using a SHA-256 algorithm and format the hash
value from 32-byte to 16-byte hash.
The card opens the directory for data access.
B. Data Encryption / Decryption
After the initial mutual authentication has been carried
out successfully, the process may continue to viewing
or editing the files that are stored in the e-KTP.
During the transmission, every file will be encrypted
using 3-DES symmetric algorithm and the 16-byte
session key. Since 3-DES is a block encryption,
ICACSIS 2011 ISBN: 978-979-1421-11-9
144



therefore every file needs to be divided into several
blocks where each block consists of 8 bytes of data.
As for fingerprint data, it will not only be encrypted
or decrypted during transmission but also when it is
stored in the smart card. The algorithm used is 3-DES,
with a 16-byte card cipher key. This card cipher key is
generated from master cipher key and the cards serial
number.


Fig. 2. Activity diagram for mutual authentication process on
terminal


Fig. 3. Mutual authentication process.

Fig. 4. Activity diagram for mutual authentication process on
smart card.


Fig. 5. Decryption process.



Fig. 6. Encryption process.
ICACSIS 2011 ISBN: 978-979-1421-11-9
145



VI. CONCLUSION
The mutual authentication procedure employs
challenge-response protocol where particular
algorithm and shared secret are involved. It is required
to verify each communicating parties. Furthermore,
encryption/decryption is implemented to protect data
during transmission between e-KTP smart card and
reader/terminal, vice versa, from unauthorized
disclosure.

TABLE II
CRYPTOGRAPHIC KEYS MANAGED IN THE MUTUAL AUTHENTICATION
AND ENCRYPTION/DECRYPTION PROCESS
Key Name Parameter Purpose
Card e-KTP
key
Master e-KTP key +
card serial number
Generating MAC
Session key MAC1 + MAC2
Encryption / decryption
data during transmission
Card cipher
key
Master cipher key +
cards serial number
Encryption / decryption of
fingerprint data

In regards of key management, the system applies
Key diversification, as different cryptographic
keys are used for different purposes.
Key derivation, where some cryptographic keys
are derived from the master key and a unique
value retrieved from the card.
REFERENCES
[1] Mayes, K., Markantonakis, K. 2008, Smart Cards, Tokens,
Security, and Applications, Springer, Information Security
Group Smart Card Centre Royal Holloway, University of
London, United Kingdom.
[2] Rankl, W., Effing, W. 2003, Smart Card Handbook Third
Edition, John Wiley & Sons, Ltd, Giesecke & Devrient
GmbH, Munich, Germany.
[3] Buttyan, L., Nagy, A., Vajda, I. 2001, Efficient Multi-Party
Challenge-Response Protocols for Entity Authentication,
Swiss Federal Institute of Technology, Zurich, Switzerland.
[4] Smith, R.E. 2002, Authentication:Form Passwords to Public
Keys, Addison-Wesley, Boston, U.S.A.
[5] Black JR., J. R. 2000, Message Authentication Codes,
University Of California, Davis, U.S.A.
[6] Menezes, A.J., van Oorschot, P.C., Vanstone, S.A. 1996,
Handbook of Applied Cryptography, CRC Press, U.S.A.
[7] Silbermann, M. 2009, Security Analysis of Contactless
Payment Systems in Practice, Bochum, Germany.


ICACSIS 2011 ISBN: 978-979-1421-11-9
146