Analysis of Biometric Authentication Protocols in the Blackbox Model

In this paper we analyze different biometric authentication protocols considering an internal adversary. Our contribution takes place at two levels. On the one hand, we introduce a new comprehensive framework that encompasses the various schemes we want to look at. On the other hand, we exhibit actual attacks on recent schemes such as those introduced at ACISP 2007, ACISP 2008, and SPIE 2010, and some others. We follow a blackbox approach in which we consider components that perform operations on the biometric data they contain and where only the input/output behavior of these components is analyzed.Comment: 10 pages, 1 figures, submitted to IEEE Transactions on Information Forensics and Securit

InShopnito: an advanced yet privacy-friendly mobile shopping application

Mobile Shopping Applications (MSAs) are rapidly gaining popularity. They enhance the shopping experience, by offering customized recommendations or incorporating customer loyalty programs. Although MSAs are quite effective at attracting new customers and binding existing ones to a retailer's services, existing MSAs have several shortcomings. The data collection practices involved in MSAs and the lack of transparency thereof are important concerns for many customers. This paper presents inShopnito, a privacy-preserving mobile shopping application. All transactions made in inShopnito are unlinkable and anonymous. However, the system still offers the expected features from a modern MSA. Customers can take part in loyalty programs and earn or spend loyalty points and electronic vouchers. Furthermore, the MSA can suggest personalized recommendations even though the retailer cannot construct rich customer profiles. These profiles are managed on the smartphone and can be partially disclosed in order to get better, customized recommendations. Finally, we present an implementation called inShopnito, of which the security and performance is analyzed. In doing so, we show that it is possible to have a privacy-preserving MSA without having to sacrifice practicality

The Energy Budget for Wireless Security: Extended Version

Due to the numerous security and privacy risks, applications deployed in wireless networks require strong cryptographic protection. Reducing the energy cost of cryptographic algorithms and protocols that run on wireless embedded devices, is a crucial requirement when developing security and privacy solutions for wireless networks. The goal of this work is to give an insight to the global energy cost of secure wireless communications. We will compare the energy cost of different wireless standards and a wide range of cryptographic primitives. To illustrate these numbers, we will evaluate the energy consumption of several authentication schemes for RFID. The results show that both computation and communication cost are important factors in the energy budget, and clearly connected to the security and privacy properties of the wireless applications

Effect of anti-interleukin drugs in patients with COVID-19 and signs of cytokine release syndrome (COV-AID): a factorial, randomised, controlled trial.

BACKGROUND: Infections with SARS-CoV-2 continue to cause significant morbidity and mortality. Interleukin (IL)-1 and IL-6 blockade have been proposed as therapeutic strategies in COVID-19, but study outcomes have been conflicting. We sought to study whether blockade of the IL-6 or IL-1 pathway shortened the time to clinical improvement in patients with COVID-19, hypoxic respiratory failure, and signs of systemic cytokine release syndrome. METHODS: We did a prospective, multicentre, open-label, randomised, controlled trial, in hospitalised patients with COVID-19, hypoxia, and signs of a cytokine release syndrome across 16 hospitals in Belgium. Eligible patients had a proven diagnosis of COVID-19 with symptoms between 6 and 16 days, a ratio of the partial pressure of oxygen to the fraction of inspired oxygen (PaO(2):FiO(2)) of less than 350 mm Hg on room air or less than 280 mm Hg on supplemental oxygen, and signs of a cytokine release syndrome in their serum (either a single ferritin measurement of more than 2000 μg/L and immediately requiring high flow oxygen or mechanical ventilation, or a ferritin concentration of more than 1000 μg/L, which had been increasing over the previous 24 h, or lymphopenia below 800/mL with two of the following criteria: an increasing ferritin concentration of more than 700 μg/L, an increasing lactate dehydrogenase concentration of more than 300 international units per L, an increasing C-reactive protein concentration of more than 70 mg/L, or an increasing D-dimers concentration of more than 1000 ng/mL). The COV-AID trial has a 2 × 2 factorial design to evaluate IL-1 blockade versus no IL-1 blockade and IL-6 blockade versus no IL-6 blockade. Patients were randomly assigned by means of permuted block randomisation with varying block size and stratification by centre. In a first randomisation, patients were assigned to receive subcutaneous anakinra once daily (100 mg) for 28 days or until discharge, or to receive no IL-1 blockade (1:2). In a second randomisation step, patients were allocated to receive a single dose of siltuximab (11 mg/kg) intravenously, or a single dose of tocilizumab (8 mg/kg) intravenously, or to receive no IL-6 blockade (1:1:1). The primary outcome was the time to clinical improvement, defined as time from randomisation to an increase of at least two points on a 6-category ordinal scale or to discharge from hospital alive. The primary and supportive efficacy endpoints were assessed in the intention-to-treat population. Safety was assessed in the safety population. This study is registered online with ClinicalTrials.gov (NCT04330638) and EudraCT (2020-001500-41) and is complete. FINDINGS: Between April 4, and Dec 6, 2020, 342 patients were randomly assigned to IL-1 blockade (n=112) or no IL-1 blockade (n=230) and simultaneously randomly assigned to IL-6 blockade (n=227; 114 for tocilizumab and 113 for siltuximab) or no IL-6 blockade (n=115). Most patients were male (265 [77%] of 342), median age was 65 years (IQR 54-73), and median Systematic Organ Failure Assessment (SOFA) score at randomisation was 3 (2-4). All 342 patients were included in the primary intention-to-treat analysis. The estimated median time to clinical improvement was 12 days (95% CI 10-16) in the IL-1 blockade group versus 12 days (10-15) in the no IL-1 blockade group (hazard ratio [HR] 0·94 [95% CI 0·73-1·21]). For the IL-6 blockade group, the estimated median time to clinical improvement was 11 days (95% CI 10-16) versus 12 days (11-16) in the no IL-6 blockade group (HR 1·00 [0·78-1·29]). 55 patients died during the study, but no evidence for differences in mortality between treatment groups was found. The incidence of serious adverse events and serious infections was similar across study groups. INTERPRETATION: Drugs targeting IL-1 or IL-6 did not shorten the time to clinical improvement in this sample of patients with COVID-19, hypoxic respiratory failure, low SOFA score, and low baseline mortality risk. FUNDING: Belgian Health Care Knowledge Center and VIB Grand Challenges program

ARM: Anonymous Routing Protocol for Mobile Ad hoc Networks

Due to the nature of radio transmissions, communications in wireless networks are easy to capture and analyze. Next to this, privacy enhancing techniques (PETs) proposed for wired networks such as the Internet often cannot be applied to mobile ad hoc networks (MANETs). In this paper we present a novel anonymous on demand routing scheme for MANETs. We identify a number of problems of previously proposed works and propose an efficient solution that provides anonymity in a stronger adversary model

Cryptographic Algorithms and Protocols for Security and Privacy in Wireless Ad Hoc Networks (Algoritmen en protocollen voor beveiliging en privacy in draadloze ad-hoc netwerken)

Draadloze ad-hoc netwerken zijn de volgende evolutionaire stap in digitale communicatiesystemen. Vooraleer deze netwerken op grote schaal ingezet kunnen worden, zal men de nodige maatregelen moeten ondernemen om de beveiliging en privacy van de gebruikers en hun gegevens te kunnen garanderen. Zonder extra maatregelen is het eenvoudig om draadloze communicatie te onderscheppen en de activiteiten van de gebruikers te volgen. Het ontwerp van deze maatregelen wordt bemoeilijkt door de specifieke eigenschappen van ad-hoc netwerken, in het bijzonder de afwezigheid van vaste servers en de beperkte rekenkracht, rekencapaciteit, geheugen, bandbreedte en energievoorraad van de mobiele toestellen. Dit resulteert dan ook in een boeiend en uitdagend onderzoeksdomein. Deze thesis is gericht op het oplossen van een aantal belangrijke beveiligingsproblemen. De thesis begint met een overzicht van de efficiëntie van de belangrijkste cryptografische primitieven: blok- en stroomcijfers, hashfuncties, publieke-sleutelvercijferingsalgoritmen en digitale handtekeningen. Efficiëntie betekent hier het aantal processorcycli (of energieverbruik) per Byte of per operatie. De informatie die hier verzameld is, werd gebruikt in het ontwerp van de protocollen die in deze thesis gepresenteerd worden. Eénmalige-handtekeningschema's, die gebaseerd zijn op een éénwegsfunctie, zijn interessant voor toestellen met beperkte capaciteiten, aangezien zij efficiënt geïmplementeerd kunnen worden op basis van blokcijfers of hashfuncties. Het nadeel van deze schema's is echter dat ze erg grote sleutels nodig hebben die slechts éénmaal gebruikt kunnen worden. Deze thesis evalueert de globale performantie van verschillende éénmalige-handtekeningschema's en authentiseringsmechanismen voor publieke sleutels; en vergelijkt deze met conventionele schema's. Deze thesis stelt een constructie voor om éénmalige-handtekeningschema's om te zetten naar een drempelschema. In dit schema kunnen een aantal knopen samenwerken om een handtekening te plaatsen. Deze vorm van samenwerking kan bruikbaar zijn daar zij toelaat een zware taak te verdelen over verschillende toestellen. Dit schema wordt vervolgens gebruikt om een volledig authentiseringsmechanisme voor sensornetwerken te ontwerpen. Het afspreken van geheime sleutels is niet eenvoudig in ad-hoc netwerken door de afwezigheid van vaste servers. Deze thesis stelt een mechanisme voor om geheime sleutels af te spreken in een dynamisch ad-hoc netwerk. Om het systeem zo efficiënt mogelijk te houden, maken we geen gebruik van publieke-sleutelcryptografie. Het schema werkt autonoom, zonder hulp van vaste knopen die dienst doen als sleutelverdelingscentra. Dit schema wordt vervolgens geïntegreerd in een routeringsprotocol voor ad-hoc netwerken. De veiligheid en de efficiëntie van het protocol worden geanalyseerd. Ten slotte handelt deze thesis ook over privacy in ad-hoc netwerken. De thesis geeft een volledig overzicht en analyse van de state-of-the-art van anonieme routeringsprotocollen voor ad-hoc netwerken. Na deze analyse volgt de beschrijving van een nieuw anoniem routeringsprotocol dat bestaande protocollen tracht te verbeteren op twee gebieden: efficiëntie en anonimiteit. De veiligheid en efficiëntie van het schema worden geanalyseerd.1. Introduction 2. Efficiency of Cryptographic Primitives 3. Efficiency of One-Time Signature Schemes 4. Efficient Cooperative Signatures 5. Dynamic Key Establishment 6. Privacy in Ad Hoc Networks 7. Conclusions and Future Researchstatus: publishe

The Wandering Nodes: Key Management for Low-power Mobile Ad Hoc

This paper describes a key management scheme that is designed to work in low-power mobile ad hoc networks. The key management scheme is built around the concept of a neighborhood in which nodes dynamically establish link keys based on keying material they already possess. As nodes wander through the network, their neighborhood changes and the keys are updated to reflect this change in environment. Our protocol is designed to work in power constrained environments and only uses efficient symmetric cryptographic primitives

ARM: Anonymous Routing Protocol for Mobile Ad hoc Networks

In this paper we describe a novel anonymous on-demand routing protocol for wireless Mobile Ad Hoc Networks (MANETs) that is secure against both nodes that actively participate in the network and a passive global adversary who monitors all network traffic. Finally, we provided a detailed analysis of the privacy offered by hiding routes in limited broadcast groups, and padding messages. Copyright © 2009, Inderscience Publishers.status: publishe

User Privacy in RFID Networks

Wireless RFID networks are getting deployed at a rapid pace and have already entered the public space on a massive scale: public transport cards, the biometric passport, office ID tokens, customer loyalty cards, etc. Although RFID technology offers interesting services to customers and retailers, it could also endanger the privacy of the end-users. The lack of protection mechanisms being deployed could potentially result in a privacy leakage of personal data. Furthermore, there is the emerging threat of location privacy. In this paper, we will show some practical attack scenarios and illustrates some of them with cases that have received press coverage. We will present the main challenges of enhancing privacy in RFID networks and evaluate some solutions proposed in literature. The main advantages and shortcomings will be briefly discussed. Finally, we will give an overview of some academic and industrial research initiatives on RFID privacy.