TU Darmstadt / ULB / TUbiblio

Unpicking PLAID: A Cryptographic Analysis of an ISO-standards-track Authentication Protocol

Degabriele, Jean Paul ; Fehr, Victoria ; Fischlin, Marc ; Gagliardoni, Tommaso ; Günther, Felix ; Marson, Giorgia Azzurra ; Mittelbach, Arno ; Paterson, Kenneth G.
Chen, Liqun ; Mitchell, Chris (eds.) :

Unpicking PLAID: A Cryptographic Analysis of an ISO-standards-track Authentication Protocol.
In: LNCS (8893). Springer
[ Konferenzveröffentlichung] , (2014)

Kurzbeschreibung (Abstract)

The Protocol for Lightweight Authentication of Identity (PLAID) aims at secure and private authentication between a smart card and a terminal. Originally developed by a unit of the Australian Department of Human Services for physical and logical access control, PLAID has now been standardized as an Australian standard AS-5185-2010 and is currently in the fast track standardization process for ISO/IEC 25185-1.2. We present a cryptographic evaluation of PLAID. As well as reporting a number of undesirable cryptographic features of the protocol, we show that the privacy properties of PLAID are significantly weaker than claimed: using a variety of techniques we can fingerprint and then later identify cards. These techniques involve a novel application of standard statistical and data analysis techniques in cryptography. We also discuss countermeasures to our attacks.

Typ des Eintrags: Konferenzveröffentlichung ( nicht bekannt)
Erschienen: 2014
Herausgeber: Chen, Liqun ; Mitchell, Chris
Autor(en): Degabriele, Jean Paul ; Fehr, Victoria ; Fischlin, Marc ; Gagliardoni, Tommaso ; Günther, Felix ; Marson, Giorgia Azzurra ; Mittelbach, Arno ; Paterson, Kenneth G.
Titel: Unpicking PLAID: A Cryptographic Analysis of an ISO-standards-track Authentication Protocol
Sprache: ["languages_typename_1" not defined]
Kurzbeschreibung (Abstract):

The Protocol for Lightweight Authentication of Identity (PLAID) aims at secure and private authentication between a smart card and a terminal. Originally developed by a unit of the Australian Department of Human Services for physical and logical access control, PLAID has now been standardized as an Australian standard AS-5185-2010 and is currently in the fast track standardization process for ISO/IEC 25185-1.2. We present a cryptographic evaluation of PLAID. As well as reporting a number of undesirable cryptographic features of the protocol, we show that the privacy properties of PLAID are significantly weaker than claimed: using a variety of techniques we can fingerprint and then later identify cards. These techniques involve a novel application of standard statistical and data analysis techniques in cryptography. We also discuss countermeasures to our attacks.

Buchtitel: Proceedings of the 1st International Conference on Research in Security Standardisation (SSR)
Reihe: LNCS
(Heft-)Nummer: 8893
Verlag: Springer
Freie Schlagworte: Solutions;S4;Protocol analysis, ISO standard, PLAID, authentication protocol, privacy
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Kryptographie und Komplexitätstheorie
DFG-Sonderforschungsbereiche (inkl. Transregio)
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen
Veranstaltungsort: International Conference on Research in Security Standardisation
Hinterlegungsdatum: 15 Nov 2016 23:15
ID-Nummer: TUD-CS-2014-1001
Export:

Optionen (nur für Redakteure)

Eintrag anzeigen Eintrag anzeigen