TU Darmstadt / ULB / TUbiblio

Unpicking PLAID: A Cryptographic Analysis of an ISO-standards-track Authentication Protocol

Degabriele, Jean Paul ; Fehr, Victoria ; Fischlin, Marc ; Gagliardoni, Tommaso ; Günther, Felix ; Marson, Giorgia Azzurra ; Mittelbach, Arno ; Paterson, Kenneth G.
Chen, Liqun ; Mitchell, Chris (eds.) (2014):
Unpicking PLAID: A Cryptographic Analysis of an ISO-standards-track Authentication Protocol.
In: Lecture Notes in Computer Science, In: Security Standardisation Research : Proceedings of the 1st International Conference on Research in Security Standardisation (SSR), pp. 1-25, Cham, Springer, ISBN 978-3-319-14054-4,
[Book Section]

Abstract

The Protocol for Lightweight Authentication of Identity (PLAID) aims at secure and private authentication between a smart card and a terminal. Originally developed by a unit of the Australian Department of Human Services for physical and logical access control, PLAID has now been standardized as an Australian standard AS-5185-2010 and is currently in the fast track standardization process for ISO/IEC 25185-1.2. We present a cryptographic evaluation of PLAID. As well as reporting a number of undesirable cryptographic features of the protocol, we show that the privacy properties of PLAID are significantly weaker than claimed: using a variety of techniques we can fingerprint and then later identify cards. These techniques involve a novel application of standard statistical and data analysis techniques in cryptography. We also discuss countermeasures to our attacks.

Item Type: Book Section
Erschienen: 2014
Editors: Chen, Liqun ; Mitchell, Chris
Creators: Degabriele, Jean Paul ; Fehr, Victoria ; Fischlin, Marc ; Gagliardoni, Tommaso ; Günther, Felix ; Marson, Giorgia Azzurra ; Mittelbach, Arno ; Paterson, Kenneth G.
Title: Unpicking PLAID: A Cryptographic Analysis of an ISO-standards-track Authentication Protocol
Language: English
Abstract:

The Protocol for Lightweight Authentication of Identity (PLAID) aims at secure and private authentication between a smart card and a terminal. Originally developed by a unit of the Australian Department of Human Services for physical and logical access control, PLAID has now been standardized as an Australian standard AS-5185-2010 and is currently in the fast track standardization process for ISO/IEC 25185-1.2. We present a cryptographic evaluation of PLAID. As well as reporting a number of undesirable cryptographic features of the protocol, we show that the privacy properties of PLAID are significantly weaker than claimed: using a variety of techniques we can fingerprint and then later identify cards. These techniques involve a novel application of standard statistical and data analysis techniques in cryptography. We also discuss countermeasures to our attacks.

Book Title: Security Standardisation Research : Proceedings of the 1st International Conference on Research in Security Standardisation (SSR)
Series: Lecture Notes in Computer Science
Issue Number: 8893
Place of Publication: Cham
Publisher: Springer
ISBN: 978-3-319-14054-4
Uncontrolled Keywords: Solutions;S4;Protocol analysis, ISO standard, PLAID, authentication protocol, privacy
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Cryptography and Complexity Theory
DFG-Collaborative Research Centres (incl. Transregio)
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1119: CROSSING – Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments
Event Location: International Conference on Research in Security Standardisation
Date Deposited: 15 Nov 2016 23:15
Identification Number: TUD-CS-2014-1001
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details