Privacy-Preserving Observation in Public Spaces

One method of privacy-preserving accounting or billing in cyber-physical systems, such as electronic toll collection or public transportation ticketing, is to have the user present an encrypted record of transactions and perform the accounting or billing computation securely on them. Honesty of the user is ensured by spot checking the record for some selected surveyed transactions. But how much privacy does that give the user, i.e. how many transactions need to be surveyed? It turns out that due to collusion in mass surveillance all transactions need to be observed, i.e. this method of spot checking provides no privacy at all. In this paper we present a cryptographic solution to the spot checking problem in cyber-physical systems. Users carry an authentication device that authenticates only based on fair random coins. The probability can be set high enough to allow for spot checking, but in all other cases privacy is perfectly preserved. We analyze our protocol for computational efficiency and show that it can be efficiently implemented even on plat- forms with limited computing resources, such as smart cards and smart phones

A Practical Set-Membership Proof for Privacy-Preserving NFC Mobile Ticketing

To ensure the privacy of users in transport systems, researchers are working on new protocols providing the best security guarantees while respecting functional requirements of transport operators. In this paper, we design a secure NFC m-ticketing protocol for public transport that preserves users' anonymity and prevents transport operators from tracing their customers' trips. To this end, we introduce a new practical set-membership proof that does not require provers nor verifiers (but in a specific scenario for verifiers) to perform pairing computations. It is therefore particularly suitable for our (ticketing) setting where provers hold SIM/UICC cards that do not support such costly computations. We also propose several optimizations of Boneh-Boyen type signature schemes, which are of independent interest, increasing their performance and efficiency during NFC transactions. Our m-ticketing protocol offers greater flexibility compared to previous solutions as it enables the post-payment and the off-line validation of m-tickets. By implementing a prototype using a standard NFC SIM card, we show that it fulfils the stringent functional requirement imposed by transport operators whilst using strong security parameters. In particular, a validation can be completed in 184.25 ms when the mobile is switched on, and in 266.52 ms when the mobile is switched off or its battery is flat

Android as a cloud ticket validator

Trabalho Final de Mestrado para a obtenção do grau de Mestre em Engenharia Informática e de ComputadoresNo âmbito do projeto foi desenvolvido um dispositivo, numa plataforma móvel, com o objetivo de implementar um validador de baixo custo para a bilhética de transportes coletivos de passageiros. O trabalho realizado é enquadrado no projeto SmartCITIES Cloud Ticketing, da Link Consulting SA, o qual propõe uma implementação multi-tenancy para terminais de bilhética. Adicionalmente, foi introduzido e aplicado o conceito de “thin device” que permite mover operações tradicionais de bilhética para uma nuvem computacional, permitindo desta forma aumentar a flexibilidade e interoperabilidade. Assim, neste contexto, é proposta a migração dos terminais de validação tradicionais para uma nova abordagem implementada num tablet com o sistema operativo Android. Foram analisados diversos tablets com o objetivo de encontrar um dispositivo capaz de interagir com o leitor de cartões e lidar com os cartões eletrónicos Lisboa Viva (smart card Calypso), para verificar, numa fase inicial através de um serviço, se o contrato presente no título de transporte é válido. Baseado nesta aproximação flexível é possível criar outros dispositivos associados à bilhética (por exemplo, máquinas de venda, cancelas, entre outros) usando um processo de leitura comum e fazendo alterações apenas nos serviços web. O dispositivo implementado pode ter a lógica de validação alojada numa nuvem computacional (Amazon Web Services). Fisicamente, o dispositivo é suportado num tablet com sistema operativo Android que acede a serviços alojados na nuvem. Parte deste resultado já se encontra em ambiente de produção na empresa Link.Abstract: In this project work it was developed a productive validation device in a mobile platform, to achieve a low cost ticketing device public transport passenger. This work is integrated in the project SmartCITIES Cloud Ticketing from Link Consulting SA, used to propose a multi‑tenancy implementation of ticketing terminals. Additionally, it was introduced the “thin device” concept which allows to move the traditional ticketing operations to cloud platform, allowing that way to increase elasticity and interoperability issues. Therefore, in that context, it is proposed the migration of a traditional ticketing validator for a novel approach in a tablet device with Android operating system. Current work analyzed several tablets to choose one able to interact with the card reader and oriented to the Lisboa Viva electronic card (smart card Calypso) to check in a first phase the ticket contract in a service basis out of the ticketing device. Based on this flexible approach was possible to create other ticketing devices (e.g sale machines, gates devices and others) using the common read process and change only web services. The device created is a prototype of this validation ticketing device with the validation services in a cloud platform (Amazon Web Services). Physically, the prototype consists in validator running on a tablet with Android operating system, but the validation logic remains out of the device in a service basis. Part of this result it’s being used in production environment by Link

User Privacy in Transport Systems Based on RFID E-Tickets

Abstract. Recently, operators of public transportation in many countries started to roll out electronic tickets (e-tickets). E-tickets offer several advantages to transit enterprises as well as to their customers, e.g., they aggravate forgeries by cryptographic means whereas customers benefit from fast and convenient verification of tickets or replacement of lost ones. Existing (proprietary) e-ticket systems deployed in practice are mainly based on RFID technologies where RFID tags prove authorization by releasing spatio-temporal data that discloses customer-related data, in particular their location. Moreover, available literature on privacy-preserving RFID-based protocols lack practicability for real world scenarios. In this paper, we discuss appropriate security and privacy requirements for e-tickets and point out the shortcomings of existing proposals. We then propose solutions for practical privacy-preserving e-tickets based on known cryptographic techniques and RFID technology. Key words: Location Privacy, E-Tickets, RFID

Trusted and Privacy-preserving Embedded Systems: Advances in Design, Analysis and Application of Lightweight Privacy-preserving Authentication and Physical Security Primitives

Radio Frequency Identification (RFID) enables RFID readers to perform fully automatic wireless identification of objects labeled with RFID tags and is widely deployed to many applications, such as access control, electronic tickets and payment as well as electronic passports. This prevalence of RFID technology introduces various risks, in particular concerning the privacy of its users and holders. Despite the privacy risk, classical threats to authentication and identification systems must be considered to prevent the adversary from impersonating or copying (cloning) a tag. This thesis summarizes the state of the art in secure and privacy-preserving authentication for RFID tags with a particular focus on solutions based on Physically Unclonable Functions (PUFs). It presents advancements in the design, analysis and evaluation of secure and privacy-preserving authentication protocols for RFID systems and PUFs. Formalizing the security and privacy requirements on RFID systems is essential for the design of provably secure and privacy-preserving RFID protocols. However, existing RFID security and privacy models in the literature are often incomparable and in part do not reflect the capabilities of real-world adversaries. We investigate subtle issues such as tag corruption aspects that lead to the impossibility of achieving both mutual authentication and any reasonable notion of privacy in one of the most comprehensive security and privacy models, which is the basis of many subsequent works. Our results led to the refinement of this privacy model and were considered in subsequent works on privacy-preserving RFID systems. A promising approach to enhance the privacy in RFID systems without lifting the computational requirements on the tags are anonymizers. These are special devices that take off the computational workload from the tags. While existing anonymizer-based protocols are subject to impersonation and denial-of-service attacks, existing RFID security and privacy models do not include anonymizers. We present the first security and privacy framework for anonymizer-enabled RFID systems and two privacy-preserving RFID authentication schemes using anonymizers. Both schemes achieve several appealing features that were not simultaneously achieved by any previous proposal. The first protocol is very efficient for all involved entities, achieves privacy under tag corruption. It is secure against impersonation attacks and forgeries even if the adversary can corrupt the anonymizers. The second scheme provides for the first time anonymity and untraceability of tags against readers as well as secure tag authentication against collisions of malicious readers and anonymizers using tags that cannot perform public-key cryptography (i.e., modular exponentiations). The RFID tags commonly used in practice are cost-efficient tokens without expensive hardware protection mechanisms. Physically Unclonable Functions (PUFs) promise to provide an effective security mechanism for RFID tags to protect against basic hardware attacks. However, existing PUF-based RFID authentication schemes are not scalable, allow only for a limited number of authentications and are subject to replay, denial-of-service and emulation attacks. We present two scalable PUF-based authentication schemes that overcome these problems. The first protocol supports tag and reader authentication, is resistant to emulation attacks and highly scalable. The second protocol uses a PUF-based key storage and addresses an open question on the feasibility of destructive privacy, i.e., the privacy of tags that are destroyed during tag corruption. The security of PUFs relies on assumptions on physical properties and is still under investigation. PUF evaluation results in the literature are difficult to compare due to varying test conditions and different analysis methods. We present the first large-scale security analysis of ASIC implementations of the five most popular electronic PUF types, including Arbiter, Ring Oscillator, SRAM, Flip-Flop and Latch PUFs. We present a new PUF evaluation methodology that allows a more precise assessment of the unpredictability properties than previous approaches and we quantify the most important properties of PUFs for their use in cryptographic schemes. PUFs have been proposed for various applications, including anti-counterfeiting and authentication schemes. However, only rudimentary PUF security models exist, limiting the confidence in the security claims of PUF-based security mechanisms. We present a formal security framework for PUF-based primitives, which has been used in subsequent works to capture the properties of image-based PUFs and in the design of anti-counterfeiting mechanisms and physical hash functions