Degabriele, Jean Paul ; Fehr, Victoria ; Fischlin, Marc ; Gagliardoni, Tommaso ; Günther, Felix ; Marson, Giorgia Azzurra ; Mittelbach, Arno ; Paterson, Kenneth G.
Hrsg.: Chen, Liqun ; Mitchell, Chris (2014)
Unpicking PLAID.
1st International Conference on Research in Security Standardisation. London, United Kingdom (16.-17.12.2014)
doi: 10.1007/978-3-319-14054-4_1
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
The Protocol for Lightweight Authentication of Identity (PLAID) aims at secure and private authentication between a smart card and a terminal. Originally developed by a unit of the Australian Department of Human Services for physical and logical access control, PLAID has now been standardized as an Australian standard AS-5185-2010 and is currently in the fast track standardization process for ISO/IEC 25185-1.2. We present a cryptographic evaluation of PLAID. As well as reporting a number of undesirable cryptographic features of the protocol, we show that the privacy properties of PLAID are significantly weaker than claimed: using a variety of techniques we can fingerprint and then later identify cards. These techniques involve a novel application of standard statistical and data analysis techniques in cryptography. We also discuss countermeasures to our attacks.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2014 |
| Herausgeber: | Chen, Liqun ; Mitchell, Chris |
| Autor(en): | Degabriele, Jean Paul ; Fehr, Victoria ; Fischlin, Marc ; Gagliardoni, Tommaso ; Günther, Felix ; Marson, Giorgia Azzurra ; Mittelbach, Arno ; Paterson, Kenneth G. |
| Art des Eintrags: | Bibliographie |
| Titel: | Unpicking PLAID |
| Sprache: | Englisch |
| Publikationsjahr: | 2014 |
| Verlag: | Springer |
| (Heft-)Nummer: | 8893 |
| Buchtitel: | Security Standardisation Research |
| Reihe: | Lecture Notes in Computer Science |
| Band einer Reihe: | 8893 |
| Veranstaltungstitel: | 1st International Conference on Research in Security Standardisation |
| Veranstaltungsort: | London, United Kingdom |
| Veranstaltungsdatum: | 16.-17.12.2014 |
| DOI: | 10.1007/978-3-319-14054-4_1 |
| Kurzbeschreibung (Abstract): | The Protocol for Lightweight Authentication of Identity (PLAID) aims at secure and private authentication between a smart card and a terminal. Originally developed by a unit of the Australian Department of Human Services for physical and logical access control, PLAID has now been standardized as an Australian standard AS-5185-2010 and is currently in the fast track standardization process for ISO/IEC 25185-1.2. We present a cryptographic evaluation of PLAID. As well as reporting a number of undesirable cryptographic features of the protocol, we show that the privacy properties of PLAID are significantly weaker than claimed: using a variety of techniques we can fingerprint and then later identify cards. These techniques involve a novel application of standard statistical and data analysis techniques in cryptography. We also discuss countermeasures to our attacks. |
| Freie Schlagworte: | Solutions, S4, Protocol analysis, ISO standard, PLAID, authentication protocol, privacy |
| ID-Nummer: | TUD-CS-2014-1001 |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Kryptographie und Komplexitätstheorie DFG-Sonderforschungsbereiche (inkl. Transregio) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen |
| Hinterlegungsdatum: | 15 Nov 2016 23:15 |
| Letzte Änderung: | 27 Jul 2023 13:18 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum