A Practical Set-Membership Proof for Privacy-Preserving NFC Mobile Ticketing

To ensure the privacy of users in transport systems, researchers are working on new protocols providing the best security guarantees while respecting functional requirements of transport operators. In this paper, we design a secure NFC m-ticketing protocol for public transport that preserves users' anonymity and prevents transport operators from tracing their customers' trips. To this end, we introduce a new practical set-membership proof that does not require provers nor verifiers (but in a specific scenario for verifiers) to perform pairing computations. It is therefore particularly suitable for our (ticketing) setting where provers hold SIM/UICC cards that do not support such costly computations. We also propose several optimizations of Boneh-Boyen type signature schemes, which are of independent interest, increasing their performance and efficiency during NFC transactions. Our m-ticketing protocol offers greater flexibility compared to previous solutions as it enables the post-payment and the off-line validation of m-tickets. By implementing a prototype using a standard NFC SIM card, we show that it fulfils the stringent functional requirement imposed by transport operators whilst using strong security parameters. In particular, a validation can be completed in 184.25 ms when the mobile is switched on, and in 266.52 ms when the mobile is switched off or its battery is flat

Breaking Into the KeyStore: A Practical Forgery Attack Against Android KeyStore

We analyze the security of Android KeyStore, a system service whose purpose is to shield users credentials and cryptographic keys. The KeyStore protects the integrity and the confidentiality of keys by using a particular encryption scheme. Our main results are twofold. First, we formally prove that the used encryption scheme does not provide integrity, which means that an attacker is able to undetectably modify the stored keys. Second, we exploit this flaw to define a forgery attack breaching the security guaranteed by the KeyStore. In particular, our attack allows a malicious application to make mobile apps to unwittingly perform secure protocols using weak keys. The threat is concrete: the attacker goes undetected while compromising the security of users. Our findings highlight an important fact: intuition often goes wrong when security is concerned. Unfortunately, system designers still tend to choose cryptographic schemes not for their proved security but for their apparent simplicity. We show, once again, that this is not a good choice, since it usually results in severe consequences for the whole underlying system

Designing and proving an EMV-compliant payment protocol for mobile devices

International audienceWe devise a payment protocol that can be securely used on mobile devices, even infected by malicious applications. Our protocol only requires a light use of Secure Elements, which significantly simplify certification procedures and protocol maintenance. It is also fully compatible with the EMV SDA protocol and allows off-line payments for the users. We provide a formal model and full security proofs of our protocol using the TAMARIN prover

Malaria treatment in remote areas of Mali: use of modern and traditional medicines, patient outcome

Use of official health services often remains low despite great efforts to improve quality of care. Are informal treatments responsible for keeping a number of patients away from standard care, and if so, why? Through a questionnaire survey with proportional cluster samples, we studied the case histories of 952 children in Bandiagara and Sikasso areas of Mali. Most children with reported uncomplicated malaria were first treated at home (87%) with modern medicines alone (40%), a mixture of modern and traditional treatments (33%), or traditional treatment alone (27%). For severe episodes (224 cases), a traditional treatment alone was used in 50% of the cases. Clinical recovery after uncomplicated malaria was above 98% with any type of treatment. For presumed severe malaria, the global mortality rate was 17%; it was not correlated with the type of treatment used (traditional or modern, at home or elsewhere). In the study areas, informal treatments divert a high proportion of patients away from official health services. Patients' experience that outcome after standard therapeutic itineraries is not better than after alternative care may help to explain low use of official health services. We need to study whether some traditional treatments available in remote villages should be considered real, recommendable first ai

On Some Incompatible Properties of Voting Schemes

In this paper, we study the problem of simultaneously achieving several security properties, for voting schemes, without non-standard assumptions. More specifically, we focus on the universal veriability of the computation of the tally, on the unconditional privacy/anonymity of the votes, and on the receipt-freeness properties, for the most classical election processes. Under usual assumptions and efficiency requirements, we show that a voting system that wants to publish the final list of the voters who actually voted, and to compute the number of times each candidate has been chosen, we cannot achieve: - universal verifiability of the tally (UV) and unconditional privacy of the votes (UP) simultaneously, unless all the registered voters actually vote; - universal verifiability of the tally (UV) and receipt- freeness (RF), unless private channels are available between the voters and/or the voting authorities