Biometric Passport from a Security Perspective

Charla invitadaBiometric passports, also known as ePassports, benefit from cryptographic mechanisms to guarantee their unforgeability. Since the first release of the ePassport standard, in 2004, the security of the biometric passports have been significantly improved. In this talk, we will review the cryptographic mechanisms used by the biometric passport and we will detail the past and current security weaknesses in terms of design, implementation, and use of these mechanisms. This talk will so address the following topics: security, cryptography, privacy, and contactless devices.Universidad de Málaga. Campus de Excelencia Internacional Andalucía Tech

Privacy issues in RFID banknote protection schemes

Radio Frequency Identification systems are in the limelight for a few years and become pervasive in our daily lives. These smart devices are nowadays embedded in the consumer items and may come soon into our banknotes. At Financial Cryptography 2003, Juels and Pappu proposed a practical cryptographic banknote protection scheme based on both Optical and Radio Frequency Identification systems. We demonstrate however that it severely compromises the privacy of the banknotes' bearers. We describe some threats and show that, due to the misuse of the secure integration method of Fujisaki and Okamoto, an attacker can access and modify the data stored in the smart device without optical access to the banknote. We prove also that despite what the authors claimed, an attacker can track the banknotes by using the access-key as a marker, circumventing the randomized encryption scheme that aims at thwarting such attacks

Radio Frequency Identification: Adversary Model and Attacks on Existing Protocols

Radio Frequency Identification (RFID) systems aim to identify objects in open environments with neither physical nor visual contact. They consist of transponders inserted into objects, of readers, and usually of a database which contains information about the objects. The key point is that authorised readers must be able to identify tags without an adversary being able to trace them. Traceability is often underestimated by advocates of the technology and sometimes exaggerated by its detractors. Whatever the true picture, this problem is a reality when it blocks the deployment of this technology and some companies, faced with being boycotted, have already abandoned its use. Using cryptographic primitives to thwart the traceability issues is an approach which has been explored for several years. However, the research carried out up to now has not provided satisfactory results as no universal formalism has been defined. In this paper, we propose an adversary model suitable for RFID environments. We define the notions of existential and universal untraceability and we model the access to the communication channels from a set of oracles. We show that our formalisation fits the problem being considered and allows a formal analysis of the protocols in terms of traceability. We use our model on several well-known RFID protocols and we show that most of them have weaknesses and are vulnerable to traceability

Fraud within Asymmetric Multi-Hop Cellular Networks

At Financial Cryptography 2003, Jakobsson, Hubaux, and Buttyan suggested a lightweight micro-payment scheme aimed at encouraging routing collaboration in asymmetric multi-hop cellular networks. We will show in this paper that this scheme suffers from some weaknesses. Firstly, we will describe an attack which enables two adversaries in the same cell to communicate freely without being challenged by the operator center. We will put forward a solution to fix this protocol. Then we will describe another method that allows an attacker to determine the secret keys of the other users. This attack thwarts the micro-payment scheme's purpose because an attacker can thus communicate without being charged. Finally we will suggest some solutions to counteract this attack

Cryptography with Guardian Angels: Bringing civilization to pirates - Abstract

In contrast with traditional cryptographic protocols in which parties can have access to common third parties, and where at least one of them is assumed to be honest, we propose here a new model which is relevant for networks of communication devices with security modules. We then focus on the problem of fair exchange in this model. We propose a probabilistic protocol which provides arbitrarily low unfairness (involving a complexity cost)

How to Safely Close a Discussion

In the secure communication problem, we focus on safe termination. In applications such as electronic transactions, we want each party to be ensured that both sides agree on the same state: success or failure. This problem is equivalent to the well known coordinated attack problem. Solutions exist. They however concentrate on the probability of disagreement, and attack incentives have been overlooked so far. Furthermore, they focus on a notion of round and are not optimal in terms of communication complexity. To solve the safe termination problem, we revisit the Keep-in-Touch protocol that we introduced in 2003. Considering the communication complexity, the probability of unsafe termination, and the attack incentive, we prove that the Keep-in-Touch protocol is optimal

Fair Exchange with Guardian Angels

In this paper we propose a new probabilistic Fair Exchange Protocol which requires no central Trusted Third Party. Instead, it relies on a virtually distributed and decentralized Trusted Third Party which is formalized as a Guardian Angel: a kind of Observer e.g. a tamper proof security device. We thus introduce a network model with Pirates and Guardian Angels which is well suited for Ad Hoc networks. In this setting we reduce the Fair Exchange Problem to a Synchronization Problem in which honest parties need to eventually decide whether or not a protocol succeeded in a synchronous way through a hostile network which does not guaranty that sent messages will be eventually received. This problem can be of independent interest in order to add reliability of protocol termination in secure channels

A Scalable and Provably Secure Hash-Based RFID Protocol

The biggest challenge for RFID technology is to provide benefits without threatening the privacy of consumers. Many solutions have been suggested but almost as many ways have been found to break them. An approach by Ohkubo, Suzuki and Kinoshita using an internal refreshment mechanism seems to protect privacy well but is not scalable. We introduce a specific time-memory trade-off that removes the scalability issue of this scheme. Additionally we prove that the system truly offers privacy and even forward privacy. Our third contribution is an extension of the scheme which offers a secure communication channel between RFID tags and their owner using building blocks that are already available on the tag. Finally we give a typical example of use of our system and show its feasibility by calculating all the parameters

Optimistic Fair Exchange based on Publicly Verifiable Secret Sharing

In this paper we propose an optimistic two-party fair exchange protocol which does not rely on a centralized trusted third party. Instead, the fairness of the protocol relies on the honesty of part of the neighbor participants. This new concept, which is based on a generic verifiable secret sharing scheme, is particularly relevant in networks where centralized authority can neither be used on-line nor off-line