| 1. |
- Abidin, Aysajan, 1983, et al.
(författare)
-
A Privacy-preserving Biometric Authentication Protocol Revisited
- 2014
-
Ingår i: In Proceedings of YACC 2014, Porquerolles island, France, June 2014.
-
Konferensbidrag (refereegranskat)abstract
- Biometric authentication establishes the identity of an individual based on biometric templates (i.e. fingerprints, retina scans etc.). Although biometric authentication has important advantagesand many applications, it also raises serious security and privacy concerns. In this parer, we investigatea privacy-preserving biometric authentication protocol that has been proposed by Bringer et al. andadopts a distributed architecture (i.e. multiple entities are involved in the authentication process). Wepresent an attack algorithm that can be employed to mount a number of attacks on the protocol underinvestigation and propose an improved version of the Bringer et al. protocol that combats the presentedattacks.
|
|
| 2. |
- Abidin, Aysajan, 1983, et al.
(författare)
-
Attacks on Privacy-Preserving Biometric Authentication
- 2014
-
Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - 1611-3349 .- 0302-9743. ; 8788:2014, s. 293-294
-
Konferensbidrag (refereegranskat)
|
|
| 3. |
- Abidin, Aysajan, 1983, et al.
(författare)
-
Efficient Verifiable Computation of XOR for Biometric Authentication
- 2016
-
Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. ; 10052, s. 284-298
-
Konferensbidrag (refereegranskat)abstract
- This work addresses the security and privacy issues in remote biometric authentication by proposing an efficient mechanism to verify the correctness of the outsourced computation in such protocols. In particular, we propose an efficient verifiable computation of XORing encrypted messages using an XOR linear message authentication code (MAC) and we employ the proposed scheme to build a biometric authentication protocol. The proposed authentication protocol is both secure and privacy-preserving against malicious (as opposed to honest-but-curious) adversaries. Specifically, the use of the verifiable computation scheme together with an homomorphic encryption protects the privacy of biometric templates against malicious adversaries. Furthermore, in order to achieve unlinkability of authentication attempts, while keeping a low communication overhead, we show how to apply Oblivious RAM and biohashing to our protocol. We also provide a proof of security for the proposed solution. Our simulation results show that the proposed authentication protocol is efficient.
|
|
| 4. |
- Abidin, Aysajan, 1983, et al.
(författare)
-
Security aspects of privacy-preserving biometric authentication based on ideal lattices and ring-LWE
- 2014
-
Ingår i: 2014 IEEE International Conference on Communications Workshops, ICC 2014. ; , s. 60-65
-
Konferensbidrag (refereegranskat)abstract
- In this paper, we study the security of two recently proposed privacy-preserving biometric authentication protocols that employ packed somewhat homomorphic encryption schemes based on ideal lattices and ring-LWE, respectively. These two schemes have the same structure and have distributed architecture consisting of three entities: a client server, a computation server, and an authentication server. We present a simple attack algorithm that enables a malicious computation server to learn the biometric templates in at most 2N-τ queries, where N is the bit-length of a biometric template and τ the authentication threshold. The main enabler of the attack is that a malicious computation server can send an encryption of the inner product of the target biometric template with a bitstring of his own choice, instead of the securely computed Hamming distance between the fresh and stored biometric templates. We also discuss possible countermeasures to mitigate the attack using private information retrieval and signatures of correct computation.
|
|
| 5. |
- Abidin, Aysajan, 1983, et al.
(författare)
-
Security of a Privacy-Preserving Biometric Authentication Protocol Revisited
- 2014
-
Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. - 9783319122809 ; 8813, s. 290-304
-
Konferensbidrag (refereegranskat)abstract
- Biometric authentication establishes the identity of an individual based on biometric templates (e.g. fingerprints, retina scans etc.). Although biometric authentication has important advantages and many applications, it also raises serious security and privacy concerns. Here, we investigate a biometric authentication protocol that has been proposed by Bringer et al. and adopts a distributed architecture (i.e. multiple entities are involved in the authentication process). This protocol was proven to be secure and privacy-preserving in the honest-but-curious (or passive) attack model. We present an attack algorithm that can be employed to mount a number of attacks on the protocol under investigation. We then propose an improved version of the Bringer et al. protocol that is secure in the malicious (or active) insider attack model and has forward security.
|
|
| 6. |
- Aumasson, J.P., et al.
(författare)
-
A note on a privacy-preserving distance-bounding protocol
- 2011
-
Ingår i: Proceedings of the13th International Conference on Information and Communications Security (ICICS 2011). - Berlin, Heidelberg : Springer Berlin Heidelberg. - 9783642252426
-
Konferensbidrag (refereegranskat)abstract
- Distance bounding protocols enable a device to establish an upper bound on the physical distance to a communication partner so as to prevent location spoofing, as exploited by relay attacks. Recently, Rasmussen and Čapkun (ACM-CCS'08) observed that these protocols leak information on the location of the parties to external observers, which is undesirable in a number of applications-for example if the leaked information leads to the identification of the parties among a group of devices. To remedy this problem, these authors proposed a "privacy-preserving" distance bounding protocol, i.e. that leaks no information on the location of the parties. The present paper reports results from an in-depth security analysis of that new protocol, with as main result an attack that recovers the ephemeral secrets as well as the location information of the two parties for particular choices of parameters. Overall, our results do not contradict the preliminary security analysis by the designers, but rather extends it to other parts of the attack surface. © 2011 Springer-Verlag.
|
|
| 7. |
- Bay, A., et al.
(författare)
-
The Bussard-Bagga and other distance-bounding protocols under attacks
- 2013
-
Ingår i: Proceedings of the 8th International Conference on Information Security and Cryptology (Inscrypt 2012). - Berlin, Heidelberg : Springer Berlin Heidelberg. - 9783642385186
-
Konferensbidrag (refereegranskat)abstract
- The communication between an honest prover and an honest verifier can be intercepted by a malicious man-in-the-middle (MiM), without the legitimate interlocutors noticing the intrusion. The attacker can simply relay messages from one party to another, eventually impersonating the prover to the verifier and possibly gaining the privileges of the former. This sort of simple relay attacks are prevalent in wireless communications (e.g.; RFID-based protocols) and can affect several infrastructures from contactless payments to remote car-locking systems and access-control verification in high-security areas. As the RFID/NFC technology prevails, a practical and increasingly popular countermeasure to these attacks is given by distance-bounding protocols. Yet, the security of these protocols is still not mature. Importantly, the implications of the return channel (i.e.; knowing whether the protocol finished successfully or not) in the security of some distance-bounding protocols have not been fully assessed. In this paper, we demonstrate this by a series of theoretical and practical attacks. We first show that the Bussard-Bagga protocol DBPK-Log does not fulfill its goal: it offers no protection against distance fraud and terrorist fraud. Then, we show how to mount several concrete MiM attacks against several follow-up variants, including the protocol by Reid et al. © 2013 Springer-Verlag Berlin Heidelberg.
|
|
| 8. |
- Boureanu, Ioana, et al.
(författare)
-
On the Need for Secure Distance Bounding
- 2013
-
Ingår i: Early Symmetric Crypto (ESC) seminar.
-
Konferensbidrag (refereegranskat)abstract
- Distance-bounding is a practical solution to be used in security-sensitive contexts, mainly to prevent relay attacks. But subtle security shortcomings related to the PRF (pseudorandom function) assumption and ingenious attack techniques based on observing verifiers’ outputs have recently been put forward. In this extended abstract, we survey some of these security concerns and attempt to incorporate the lessons taught by these new developments in ideas of distance-bounding protocol design.
|
|
| 9. |
- Boureanu, I., et al.
(författare)
-
On the pseudorandom function assumption in (secure) distance-bounding protocols: PRF-ness alone does not stop the frauds!
- 2012
-
Ingår i: Proceedings of the 2nd International Conference on Cryptology and Information Security in Latin America ( LATINCRYPT 2012). - Berlin, Heidelberg : Springer Berlin Heidelberg. - 9783642334801
-
Konferensbidrag (refereegranskat)abstract
- In this paper, we show that many formal and informal security results on distance-bounding (DB) protocols are incorrect/ incomplete. We identify that this inadequacy stems from the fact that the pseudorandom function (PRF) assumption alone, invoked in many security claims, is insufficient. To this end, we identify two distinct shortcomings of invoking the PRF assumption alone: one leads to distance-fraud attacks, whilst the other opens for man-in-the-middle (MiM) attacks. First, we describe -in a more unitary, formal fashion- why assuming that a family of functions classically used inside DB protocols is solely a PRF is unsatisfactory and what generic security flaws this leads to. Then, we present concrete constructions that disprove the PRF-based claimed security of several DB protocols in the literature; this is achieved by using some PRF programming techniques. Whilst our examples may be considered contrived, the overall message is clear: the PRF assumption should be strengthened in order to attain security against distance-fraud and MiM attacks in distance-bounding protocols! © 2012 Springer-Verlag.
|
|
| 10. |
- Boureanu, I., et al.
(författare)
-
Practical and provably secure distance-bounding
- 2015
-
Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. - 9783319276588 ; 7807, s. 248-258
-
Konferensbidrag (refereegranskat)abstract
- From contactless payments to remote car unlocking, many applications are vulnerable to relay attacks. Distance bounding protocols are the main practical countermeasure against these attacks. At FSE 2013, we presented SKI as the first family of provably secure distance bounding protocols. At LIGHTSEC 2013, we presented the best attacks against SKI. In this paper, we present the security proofs. More precisely, we explicate a general formalism for distance-bounding protocols. Then, we prove that SKI and its variants is provably secure, even under the real-life setting of noisy communications, against the main types of relay attacks: distance-fraud and generalised versions of mafia- and terrorist-fraud. For this, we reinforce the idea of using secret sharing, combined with the new notion of a leakage scheme. In view of resistance to mafia-frauds and terrorist-frauds, we present the notion of circular-keying for pseudorandom functions (PRFs); this notion models the employment of a PRF, with possible linear reuse of the key. We also use PRF masking to fix common mistakes in existing security proofs/claims.
|
|
