Secure key storage with PUFs

Nowadays, people carry around devices (cell phones, PDAs, bank passes, etc.) that have a high value. That value is often contained in the data stored in it or lies in the services the device can grant access to (by using secret identification information stored in it). These devices often operate in hostile environments and their protection level is not adequate to deal with that situation. Bank passes and credit cards contain a magnetic stripe where identification information is stored. In the case of bank passes, a PIN is additionally required to withdraw money from an ATM (Automated Teller Machine). At various occasions, it has been shown that by placing a small coil in the reader, the magnetic information stored in the stripe can easily be copied and used to produce a cloned card. Together with eavesdropping the PIN (by listening to the keypad or recording it with a camera), an attacker can easily impersonate the legitimate owner of the bank pass by using the cloned card in combination with the eavesdropped PIN

ALGSICS - Combining physics and cryptography to enhance security and privacy in RFID systems

In this paper, we introduce several new mechanisms that are cheap to implement or integrate into RFID tags and that at the same time enhance their security and privacy properties. Our aim is to provide solutions that make use of existing (or expected) functionality on the tag or that are inherently cheap and thus, enhance the privacy friendliness of the technology "almost" for free. Our proposals, for example, make use of environmental information (presence of light temperature, humidity, etc.) to disable or enable the RFID tag. A second possibility that we explore is the use of delays in revealing a secret key used to later establish a secure communication channel. We also introduce the idea of a "sticky tag," which can be used to re-enable a disabled (or killed) tag whenever the user considers it to be safe. We discuss the security and describe usage scenarios for all solutions. Finally, we review previous works that use physical principles to provide security and privacy in RFID systems

Enhancing Privacy for Digital Rights Management

This chapter addresses privacy issues in DRM systems. These systems provide a means of protecting digital content, but may violate the privacy of users in that the content they purchase and their actions in the system can be linked to specific users. The chapter proposes a privacy-preserving DRM system in which users interact with the system in an pseudonymous way, while preserving all security requirements of usual DRM systems. To achieve this goal, a set of protocols and methods is proposed for managing user identities and interactions with the basic system during acquisition and consumption of digital content. Privacy-enhancing extensions are also proposed. Unlinkable purchase of content, which prevents content providers from linking all content purchased by a given user, is discussed. Moreover, a method which allows a user to transfer content rights to another user without the two users being linked by the content provider is provided

Anti-counterfeiting, key distribution, and key storage in an ambient world via physical unclonable functions

Virtually all applications which provide or require a security service need a secret key. In an ambient world, where (potentially) sensitive information is continually being gathered about us, it is critical that those keys be both securely deployed and safeguarded from compromise. In this paper, we provide solutions for secure key deployment and storage of keys in sensor networks and radio frequency identification systems based on the use of Physical Unclonable Functions (PUFs). In addition, to providing an overview of different existing PUF realizations, we introduce a PUF realization aimed at ultra-low cost applications. We then show how the properties of Fuzzy Extractors or Helper Data algorithms can be used to securely deploy secret keys to a low cost wireless node. Our protocols are more efficient (round complexity) and allow for lower costs compared to previously proposed ones. We also provide an overview of PUF applications aimed at solving the counterfeiting of goods and devices

RFID security : cryptography and physics perspectives

In this chapter, we provide an overview of mechanisms that are cheap to implement or integrate into RFID tags and that at the same time enhance their security and privacy properties. We emphasize solutions that make use of existing (or expected) functionality on the tag or that are inherently cheap and thus enhance the privacy friendliness of the technology "almost" for free. Technologies described include the use of environmental information (presence of light, temperature, humidity, etc.) to disable or enable the RFID tag, the use of delays to reveal parts of a secret key at different moments in time (this key is used to later establish a secure communication channel), and the idea of a "sticky tag," which can be used to re-enable a disabled (or killed) tag whenever the user considers it to be safe. We discuss the security and describe usage scenarios for all solutions. Finally, we summarize previous works that use physical principles to provide security and privacy in RFID systems and the security-related functionality in RFID standards

ALGSICS - Combining physics and cryptography to enhance security and privacy in RFID systems

In this paper, we introduce several new mechanisms that are cheap to implement or integrate into RFID tags and that at the same time enhance their security and privacy properties. Our aim is to provide solutions that make use of existing (or expected) functionality on the tag or that are inherently cheap and thus, enhance the privacy friendliness of the technology "almost" for free. Our proposals, for example, make use of environmental information (presence of light temperature, humidity, etc.) to disable or enable the RFID tag. A second possibility that we explore is the use of delays in revealing a secret key used to later establish a secure communication channel. We also introduce the idea of a "sticky tag," which can be used to re-enable a disabled (or killed) tag whenever the user considers it to be safe. We discuss the security and describe usage scenarios for all solutions. Finally, we review previous works that use physical principles to provide security and privacy in RFID systems

ALGSICS - Combining physics and cryptography to enhance security and privacy in RFID systems

In this paper, we introduce several new mechanisms that are cheap to implement or integrate into RFID tags and that at the same time enhance their security and privacy properties. Our aim is to provide solutions that make use of existing (or expected) functionality on the tag or that are inherently cheap and thus, enhance the privacy friendliness of the technology "almost" for free. Our proposals, for example, make use of environmental information (presence of light temperature, humidity, etc.) to disable or enable the RFID tag. A second possibility that we explore is the use of delays in revealing a secret key used to later establish a secure communication channel. We also introduce the idea of a "sticky tag," which can be used to re-enable a disabled (or killed) tag whenever the user considers it to be safe. We discuss the security and describe usage scenarios for all solutions. Finally, we review previous works that use physical principles to provide security and privacy in RFID systems