TU Darmstadt / ULB / TUbiblio

Unpicking PLAID: A Cryptographic Analysis of an ISO-standards-track Authentication Protocol

Degabriele, Jean Paul and Fehr, Victoria and Fischlin, Marc and Gagliardoni, Tommaso and Günther, Felix and Marson, Giorgia Azzurra and Mittelbach, Arno and Paterson, Kenneth G.
Chen, Liqun and Mitchell, Chris (eds.) (2014):
Unpicking PLAID: A Cryptographic Analysis of an ISO-standards-track Authentication Protocol.
In: Security Standardisation Research : Proceedings of the 1st International Conference on Research in Security Standardisation (SSR), Cham, Springer, pp. 1-25, [Book Section]

Abstract

The Protocol for Lightweight Authentication of Identity (PLAID) aims at secure and private authentication between a smart card and a terminal. Originally developed by a unit of the Australian Department of Human Services for physical and logical access control, PLAID has now been standardized as an Australian standard AS-5185-2010 and is currently in the fast track standardization process for ISO/IEC 25185-1.2. We present a cryptographic evaluation of PLAID. As well as reporting a number of undesirable cryptographic features of the protocol, we show that the privacy properties of PLAID are significantly weaker than claimed: using a variety of techniques we can fingerprint and then later identify cards. These techniques involve a novel application of standard statistical and data analysis techniques in cryptography. We also discuss countermeasures to our attacks.

Item Type: Book Section
Erschienen: 2014
Editors: Chen, Liqun and Mitchell, Chris
Creators: Degabriele, Jean Paul and Fehr, Victoria and Fischlin, Marc and Gagliardoni, Tommaso and Günther, Felix and Marson, Giorgia Azzurra and Mittelbach, Arno and Paterson, Kenneth G.
Title: Unpicking PLAID: A Cryptographic Analysis of an ISO-standards-track Authentication Protocol
Language: English
Abstract:

The Protocol for Lightweight Authentication of Identity (PLAID) aims at secure and private authentication between a smart card and a terminal. Originally developed by a unit of the Australian Department of Human Services for physical and logical access control, PLAID has now been standardized as an Australian standard AS-5185-2010 and is currently in the fast track standardization process for ISO/IEC 25185-1.2. We present a cryptographic evaluation of PLAID. As well as reporting a number of undesirable cryptographic features of the protocol, we show that the privacy properties of PLAID are significantly weaker than claimed: using a variety of techniques we can fingerprint and then later identify cards. These techniques involve a novel application of standard statistical and data analysis techniques in cryptography. We also discuss countermeasures to our attacks.

Title of Book: Security Standardisation Research : Proceedings of the 1st International Conference on Research in Security Standardisation (SSR)
Series Name: Lecture Notes in Computer Science
Number: 8893
Place of Publication: Cham
Publisher: Springer
ISBN: 978-3-319-14054-4
Uncontrolled Keywords: Solutions;S4;Protocol analysis, ISO standard, PLAID, authentication protocol, privacy
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Cryptography and Complexity Theory
DFG-Collaborative Research Centres (incl. Transregio)
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1119: CROSSING – Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments
Event Location: International Conference on Research in Security Standardisation
Date Deposited: 15 Nov 2016 23:15
Identification Number: TUD-CS-2014-1001
Export:

Optionen (nur für Redakteure)

View Item View Item