This paper introduces an information theoretic model that allows to quantify the degree of anonymity provided by schemes for anonymous connections. It considers attackers that obtain probabilistic information about users. The degree is based on the probabilities an attacker, after observing the system, assigns to the different users of the system as being the originators of a message. As a proof of concept, the model is applied to some existing systems. The model is shown to be very useful for evaluating the level of privacy a system provides under various attack scenarios, for measuring the amount of information an attacker gets with a particular attack and for comparing different systems amongst each other.
Due to the nature of radio transmissions, communications in wireless networks are easy to capture and analyze. Next to this, privacy enhancing techniques (PETs) proposed for wired networks such as the Internet often cannot be applied to mobile ad hoc networks (MANETs). In this paper we present a novel anonymous on demand routing scheme for MANETs. We identify a number of problems of previously proposed works and propose an efficient solution that provides anonymity in a stronger adversary model.
In this paper we analyze the vulnerabilities of biometric authentication protocols with respect to user and data privacy. The goal of an adversary in such context is not to bypass the authentication but to learn information either on biometric data or on users that are in the system. We elaborate our analysis on a general system model involving four logical entities (sensor, server, database and matcher), and we focus on internal adversaries to encompass the situation where one or a combination of these entities would be malicious. Our goal is to emphasize that when going beyond the usual honest-but-curious assumption much more complex attacks can affect the privacy of data and users. On the one hand, we introduce a new comprehensive framework that encompasses the various schemes we want to look at. It presents a system model in which each internal entity or combination of entities is a potential attacker. Different attack goals are considered and resulting requirements on data flows are discussed. On the other hand, we develop different generic attacks. We follow a blackbox approach in which we consider components that perform operations on biometric data but where only the input/output behavior is analyzed. These attack strategies are exhibited on recent schemes such as the distributed protocol of Bringer et al. (ACISP 2007), which is based on the Goldwasser-Micali cryptosystem, the related protocol of Barbosa et al. (ACISP 2008), which uses the Paillier cryptosystem, and the scheme of Stoianov (SPIE 2010), that features the Blum-Goldwasser cryptosystem. All these schemes have been developed in the honest-but-curious adversary model and show potential weaknesses when considered in our malicious insider attack model.
Since the introduction of the concept of grouping proofs by Juels, which permit RFID tags to generate evidence that they have been scanned simultaneously, various new schemes have been proposed. Their common property is the use of symmetric-key primitives. However, it has been shown that such schemes often entail scalability, security and/or privacy problems. In this article, we extend the notion of public-key RFID authentication protocols and propose a privacy-preserving multi-party grouping-proof protocol which relies exclusively on the use of elliptic curve cryptography (ECC). It allows to generate a proof which is verifiable by a trusted verifier in an offline setting, even when readers or tags are potentially untrusted, and it is privacy-preserving in the setting of a narrowstrong attacker. We also demonstrate that our RFID grouping-proof protocol can easily be extended to use cases with more than two tags, without any additional cost for an RFID tag. To illustrate the implementation feasibility of our proposed solutions, we present a novel ECC hardware architecture designed for RFID.
Abstract.The standard IEEE 1149.1 (Test Access Port and Boundary-Scan Architecture, also known as JTAG port) provides a useful interface for embedded systems development, debug, and test. In an 1149.1-compatible integrated circuit, the JTAG port allows the circuit to be easily accessed from the external world, and even to control and observe the internal scan chains of the circuit. However, the JTAG port can be also exploited by attackers to mount several cryptographic attacks. In this paper we propose a novel architecture that implements a secure JTAG interface. Our JTAG scheme allows for mutual authentication between the device and the tester. In contrast to previous work, our scheme uses provably secure asymmetric-key based authentication and verification protocols. The complete scheme is implemented in hardware and integrated with the standard JTAG interface. Detailed area and timing results are also presented.
RFID (Radio Frequency Identification) technology enables readers to scan remote RFID tags, and label the objects and people to which they are attached. Current cryptographic authentication protocols deployed in heterogeneous environments are often not compatible, or reveal too much information to the RFID readers. To tackle this problem, we introduce the concept of RFID groups and propose a hierarchical RFID authentication protocol. By using this protocol, an RFID tag can tune its identification process to the type of reader it is communicating with. Only a subset of readers can learn the identity of a particular tag, while others can only acquire information on the group to which the tag belongs. Our protocol offers impersonation resistance and is narrowstrong privacy-preserving. Furthermore, we extend the concept to multiple level of subgroups, and demonstrate the feasibility of our proposed protocols for RFID tags.
The following full text is a publisher's version.For additional information about this publication click this link. http://hdl.handle.net/2066/92444Please be advised that this information was generated on 2024-06-02 and may be subject to change. Article 25fa End User AgreementThis publication is distributed under the terms of Article 25fa of the Dutch Copyright Act. This article entitles the maker of a short scientific work funded either wholly or partially by Dutch public funds to make that work publicly available for no consideration following a reasonable period of time after the work was first published, provided that clear reference is made to the source of the first publication of the work.Research outputs of researchers employed by Dutch Universities that comply with the legal requirements of Article 25fa of the Dutch Copyright Act, are distributed online and free of cost or other barriers in institutional repositories. Research outputs are distributed six months after their first online publication in the original published version and with proper attribution to the source of the original publication.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.