Trusted-HB: a low-cost version of HB+ secure against Man-in-The-Middle attacks

Since the introduction at Crypto'05 by Juels and Weis of the protocol HB+, a lightweight protocol secure against active attacks but only in a detection based-model, many works have tried to enhance its security. We propose here a new approach to achieve resistance against Man-in-The-Middle attacks. Our requirements - in terms of extra communications and hardware - are surprisingly low.Comment: submitted to IEEE Transactions on Information Theor

The best of both worlds: Applying secure sketches to cancelable biometrics

AbstractCancelable biometrics and secure sketches have been introduced with the same purpose in mind: to protect the privacy of biometric templates while keeping the ability to match this protected data against a reference. The paradigm beyond cancelable biometrics is to perform an irreversible transformation over images and to make matching over transformed images. On one hand, a drawback of this technique is that for biometrics using a matching algorithm relying on some complex characteristics, such as the ones used for fingerprints, the irreversible transformation tends to break the underlying structure, thus degrading the performance accuracy. On the other hand, for secure sketches, matching is reduced to an error correction and we show here that applying secure sketch error correction to cancelable biometrics allows one to keep good matching performance. Moreover, the security’s advantages of both schemes adds up together

Analysis of Biometric Authentication Protocols in the Blackbox Model

In this paper we analyze different biometric authentication protocols considering an internal adversary. Our contribution takes place at two levels. On the one hand, we introduce a new comprehensive framework that encompasses the various schemes we want to look at. On the other hand, we exhibit actual attacks on recent schemes such as those introduced at ACISP 2007, ACISP 2008, and SPIE 2010, and some others. We follow a blackbox approach in which we consider components that perform operations on the biometric data they contain and where only the input/output behavior of these components is analyzed.Comment: 10 pages, 1 figures, submitted to IEEE Transactions on Information Forensics and Securit

Backward Unlinkability for a VLR Group Signature Scheme with Efficient Revocation Check

Verifier-Local Revocation (VLR) group signatures, introduced by Boneh and Shacham in 2004, are a particular case of dynamic group signature schemes where the revocation process does not influence the activity of the signers. The verifiers use a Revocation List to check if the signers are revoked. In all known schemes, checking a signature requires a computational time linear in the number of revoked members. Usually, it requires one pairing per revoked user. Recently, Chen and Li proposed a scheme where Revocation Check uses exponentiations instead of pairings. In this paper, we first propose a correction of their scheme to enable a full proof of the traceability property. Then our main contribution is to extend this tweaked scheme to ensure Backward Unlinkability. This important property prevents the loss of anonymity of past signatures when a user is revoked. We succeed in achieving this consequent improvement with a constant additional cost only. We thus obtain the scheme with the most efficient Revocation Check among VLR schemes enabling Backward Unlinkability

Password Based Key Exchange with Hidden Elliptic Curve Public Parameters

We here describe a new Password-based Authenticated Key Exchange (PAKE) protocol based on elliptic curve cryptography. We prove it secure in the Bellare-Pointcheval-Rogaway (BPR) model. Our proposal is conceived in a such a way that it ensures that the elliptic curve public parameters remain private. This is important in the context of ID contactless devices as, in this case, it is easy to link these parameters with the nationality of the ID document owners

Identification and Privacy: Zero-Knowledge is not Enough

At first glance, privacy and zero-knowledgeness seem to be similar properties. A scheme is private when no information is revealed on the prover and in a zero-knowledge scheme, communications should not leak provers\u27 secrets. Until recently, privacy threats were only partially formalized and some zero-knowledge (ZK) schemes have been proposed so far to ensure privacy. We here explain why the intended goal is not reached. Following the privacy model proposed by Vaudenay at Asiacrypt 2007, we then reconsider the analysis of these schemes and thereafter introduce a general framework to modify identification schemes leading to different levels of privacy. Our new protocols can be useful, for instance, for identity documents, where privacy is a great issue. Furthermore, we propose efficient implementations of zero-knowledge and private identification schemes based on modifications of the GPS scheme. The security and the privacy are based on a new problem: the Short Exponent Strong Diffie-Hellman (SESDH) problem. The hardness of this problem is related to the hardness of the Strong Diffie-Hellman (SDH) problem and to the hardness of the Discrete Logarithm with Short Exponent (DLSE) problem. The security and privacy of these new schemes are proved in the random oracle paradigm

There is Wisdom in Harnessing the Strengths of your Enemy: Customized Encoding to Thwart Side-Channel Attacks -- Extended Version --

Side-channel attacks are an important concern for the security of cryptographic algorithms. To counteract it, a recent line of research has investigated the use of software encoding functions such as dual-rail rather than the well known masking countermeasure. The core idea consists in encoding the sensitive data with a fixed Hamming weight value and perform all operations following this fashion. This new set of countermeasures applies to all devices that leak a function of the Hamming weight of the internal variables. However when the leakage model deviates from this idealized model, the claimed security guarantee vanishes. In this work, we introduce a framework that aims at building customized encoding functions according to the precise leakage model based on stochastic profiling. We specifically investigate how to take advantage of adversary\u27s knowledge of the physical leakage to select the corresponding optimal encoding. Our solution has been evaluated within several security metrics, proving its efficiency against side-channel attacks in realistic scenarios. A concrete experimentation of our proposal to protect the PRESENT Sbox confirms its practicability. In a realistic scenario, our new custom encoding achieves a hundredfold reduction in leakage compared to the dual-rail, although using the same code length