Der elektronische Identitätsnachweis : Einsatzmöglichkeiten des neuen Personalausweises im privat-wirtschaftlichen Umfeld

Personalausweise werden heute nicht nur zur Feststellung z. B. der Identität bei der Grenz- oder Personenkontrolle durch Polizei oder Zoll eingesetzt, sondern finden auch häufig im privatwirtschaftlichen Umfeld Anwendung. Die im Chip des zukünftigen elektronischen Personalausweises enthaltenen Funktionen a) elektronischer Identitätsnachweis und b) qualifizierte elektronische Signatur, werden dafür sorgen, dass die herkömmliche Nutzung von Personalausweisen in der »Papierwelt« auf die elektronische Welt übertragen wird. Der Artikel geht auf die Hauptideen des elektronischen Identitätsnachweises ein, erläutert insbesondere die Unterschiede zur qualifizierten elektronischen Signatur und zeigt konkrete Einsatzszenarien

Topologische Laguerreräume und topologische verallgemeinerte Vierecke

Im ersten Teil der Arbeit werden lokalkompakte zusammenhängende Laguerreräume untersucht. Dies führt zu einem der Hautergebnisse, dass solche Laguerreräume vom Rang mindestens vier stets ovoidal über einem abgeschlossenen Ovoid in einem projektiven Raum über den reellen Zahlen sind. Im zweiten Teil bilden wir die sogenannte Liegeometrie von Laguerreräumen und zeigen, dass diese stets verallgemeinerte Vierecke liefern. Dieses Verfahren wenden wir auch auf den lokalkompakten zusammenhängenden Fall an und erhalten so kompakte zusammenhängende Vierecke. Der letzte Abschnitt behandelt die Frage, wann die sogenannte Ableitung eines Vierecks einen Laguerreraum liefert. Dies führt zum Begriff der Antiregularität. Wir zeigen unter anderem, dass die Ableitung auch lokalkompakte zusammenhängende Laguerreräume liefert, wenn wir mit kompakten zusammenhängenden Vierecken starten

Hijacking DNS Subdomains via Subzone Registration: A Case for Signed Zones

We investigate how the widespread absence of signatures in DNS (Domain Name System) delegations, in combination with a common misunderstanding with regards to the DNS specification, has led to insecure deployments of authoritative DNS servers which allow for hijacking of subdomains without the domain owner's consent. This, in turn, enables the attacker to perform effective man-in-the-middle attacks on the victim's online services, including TLS (Transport Layer Security) secured connections, without having to touch the victim's DNS zone or leaving a trace on the machine providing the compromised service, such as the web or mail server. Following the practice of responsible disclosure, we present examples of such insecure deployments and suggest remedies for the problem. Most prominently, DNSSEC (Domain Name System Security Extensions) can be used to turn the problem from an integrity breach into a denial-of-service issue, while more thorough user management resolves the issue completely

On iterated punctured Grover

Grover’s algorithm is a very versatile cryptanalytical tool. Even though it doesn’t provide an exponential speed-up, it still changed the cryptographic requirements all over the world. Usually, Grover’s algorithm is executed with a fixed well-defined function indicating good states. In this paper, we want to investigate what happens if the function is changed over time to mark less and less good states. We compute the amplitudes after $2^{s/2}$ steps of an adjusted Grover’s algorithm proposed by Zheng et al. in Nested Quantum Search Model on Symmetric Ciphers and Its Applications (2023). We use the amplitudes to reason that such an approach always leads to a worse run-time when compared to the naïve version. We also indicate at which point in Zheng et al. the counterintuitive nature of quantum computation leads to false assumptions

An overview of touchless 2D fingerprint recognition

Touchless fingerprint recognition represents a rapidly growing field of research which has been studied for more than a decade. Through a touchless acquisition process, many issues of touch-based systems are circumvented, e.g., the presence of latent fingerprints or distortions caused by pressing fingers on a sensor surface. However, touchless fingerprint recognition systems reveal new challenges. In particular, a reliable detection and focusing of a presented finger as well as an appropriate preprocessing of the acquired finger image represent the most crucial tasks. Also, further issues, e.g., interoperability between touchless and touch-based fingerprints or presentation attack detection, are currently investigated by different research groups. Many works have been proposed so far to put touchless fingerprint recognition into practice. Published approaches range from self identification scenarios with commodity devices, e.g., smartphones, to high performance on-the-move deployments paving the way for new fingerprint recognition application scenarios.This work summarizes the state-of-the-art in the field of touchless 2D fingerprint recognition at each stage of the recognition process. Additionally, technical considerations and trade-offs of the presented methods are discussed along with open issues and challenges. An overview of available research resources completes the work

Post-Quantum Security for the Extended Access Control Protocol

The Extended Access Control (EAC) protocol for authenticated key agreement is mainly used to secure connections between machine-readable travel documents (MRTDs) and inspection terminals, but it can also be adopted as a universal solution for attribute-based access control with smart cards. The security of EAC is currently based on the Diffie-Hellman problem, which may not be hard when considering quantum computers. In this work we present PQ-EAC, a quantum-resistant version of the EAC protocol. We show how to achieve post-quantum confidentiality and authentication without sacrificing real-world usability on smart cards. To ease adoption, we present two main versions of PQ-EAC: One that uses signatures for authentication and one where authentication is facilitated using long-term KEM keys. Both versions can be adapted to achieve forward secrecy and to reduce round complexity. To ensure backwards-compatibility, PQ-EAC can be implemented using only Application Protocol Data Units (APDUs) specified for EAC in standard BSI TR-03110. Merely the protocol messages needed to achieve forward secrecy require an additional APDU not specified in TR-03110. We prove security of all versions in the real-or-random model of Bellare and Rogaway. To show real-world practicality of PQ-EAC we have implemented a version using signatures on an ARM SC300 security controller, which is typically deployed in MRTDs. We also implemented PQ-EAC on a VISOCORE terminal for border control. We then conducted several experiments to evaluate the performance of PQ-EAC executed between chip and terminal under various real-world conditions. Our results strongly suggest that PQ-EAC is efficient enough for use in border control

Why Attackers Lose: Design and Security Analysis of Arbitrarily Large XOR Arbiter PUFs

In a novel analysis, we formally prove that arbitrarily many Arbiter PUFs can be combined into a stable XOR Arbiter PUF. To the best of our knowledge, this design cannot be modeled by any known oracle access attack in polynomial time. Using majority vote of arbiter chain responses, our analysis shows that with a polynomial number of votes, the XOR Arbiter PUF stability of almost all challenges can be boosted exponentially close to 1; that is, the stability gain through majority voting can exceed the stability loss introduced by large XORs for a feasible number of votes. Considering state-of-the-art modeling attacks by Becker and Rührmair et al., our proposal enables the designer to increase the attacker\u27s effort exponentially while still maintaining polynomial design effort. This is the first result that relates PUF design to this traditional cryptographic design principle

Experimentelle Untersuchungen von Wärmerohrsystemen für den Einsatz in elektrischen Arbeitskraftmaschinen

Gefördert im Rahmen des Projekts DEALBundesministerium für Wirtschaft und Klimaschutz. Grant Number: 0324326