Authenticating Mandatory Access Controls and Preserving Privacy for a High-Assurance Smart Card

Scherzer, Helmut; Canetti, Ran; Karger, Paul A.; Krawczyk, Hugo; Rabin, Tal; Toll, David C.

doi:10.1007/978-3-540-39650-5_11

Cited by 10 publications

(9 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We have shown how the Caernarvon authentication protocol [38] can solve most of the vulnerabilities, without giving up flexibility is the use of PIV cards.…”

Section: Discussionmentioning

confidence: 99%

“…To avoid these privacy problems, IBM developed the Caernarvon authentication protocol [38] that preserves the card holder's privacy by revealing nothing until the reader has been authenticated. Very briefly, the Caernarvon protocol generates a Diffie-Hellman 6 session key first to protect all subsequent communications from external eavesdroppers.…”

Section: Solving the Chuid Exposurementioning

confidence: 99%

“…The Caernarvon authentication protocol [38] was specifically designed to protect the privacy of a smart card holder and is based on the SIGMA family [28] of protocols that form the basis of the Internet Key Exchange Protocol (IKE) [16]. Not only are the SIGMA protocols a widely used standard, they have also been formally proven correct [6].…”

Section: Solving the Chuid Exposurementioning

confidence: 99%

“…go on to ISO standardization after the CEN process has completed. A summary of the Caernarvon authentication protocol can be found in the Appendix, although for a full analysis of the protocol, the reader is directed to the published paper [38].…”

Section: Solving the Chuid Exposurementioning

confidence: 99%

“…The Diffie-Hellman key parameters are part of the signature in order to provide authenticity of the parameters. See [38] for details. At the conclusion of stage 5, B has authenticated A.…”

Section: A Caernarvon Authentication Protocolmentioning

confidence: 99%

See 4 more Smart Citations

Privacy and security threat analysis of the federal employee personal identity verification (PIV) program

Karger

2006

Proceedings of the Second Symposium on Usable Privacy and Security - SOUPS '06

Self Cite

View full text Add to dashboard Cite

This paper is a security and privacy threat analysis of new Federal Information Processing Standard for Personal Identity Verification (FIPS PUB 201). It identifies some problems with the standard, and it proposes solutions to those problems, using standardized cryptographic techniques that are based on the Internet Key Exchange (IKE) protocol [16]. When the standard is viewed in the abstract, it seems to effectively provide security and privacy, because it uses strong cryptographic algorithms. However, when you examine the standard in the context of potential user scenarios regarding its use; security, privacy, and usability problems can be identified. User scenarios are employed to provide the context for the identification of these problems, and the technical solutions are described to address the issues raised.

show abstract

“…We have shown how the Caernarvon authentication protocol [38] can solve most of the vulnerabilities, without giving up flexibility is the use of PIV cards.…”

Section: Discussionmentioning

confidence: 99%

Section: Solving the Chuid Exposurementioning

confidence: 99%

Section: Solving the Chuid Exposurementioning

confidence: 99%

Section: Solving the Chuid Exposurementioning

confidence: 99%

“…The Diffie-Hellman key parameters are part of the signature in order to provide authenticity of the parameters. See [38] for details. At the conclusion of stage 5, B has authenticated A.…”

Section: A Caernarvon Authentication Protocolmentioning

confidence: 99%

See 3 more Smart Citations

Privacy and security threat analysis of the federal employee personal identity verification (PIV) program

Karger

2006

Proceedings of the Second Symposium on Usable Privacy and Security - SOUPS '06

Self Cite

View full text Add to dashboard Cite

show abstract

An On-Line Secure E-Passport Protocol

Pasupathinathan

Pieprzyk

Wang

Information Security Practice and Experience

View full text Add to dashboard Cite

Designing a Side Channel Resistant Random Number Generator

Chari

Diluoffo

Karger

et al. 2010

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

This paper describes the design of the random number generator (RNG) in the Caernarvon high assurance smart card operating system. Since it is used in the generation of cryptographic keys and other sensitive materials, the RNG has a number of stringent security requirements that the random bits must be of good quality i.e. the bits must not be predictable or biased. To this end, a number of standards such as the German AIS 31 mandate that true random bits be continuously tested before use in sensitive applications such as key generation. A key issue in implementing this standard is that such testing before use in key generation greatly increases the attack surface for side-channel attacks. For example, template attacks which can extract information about the random bits from even a single run provided we use the same bits at many different points in the computation. Because of these potential risks, the Caernarvon operating system uses pseudo random number generators which are initially seeded by externally generated high quality random bits, and then perturbed by bits from the true random number generator. We describe a PRNG design which yields high quality random bits while also ensuring that it is not susceptible to side-channel attacks and provide an informal argument about its effectiveness.

show abstract

Authenticating Mandatory Access Controls and Preserving Privacy for a High-Assurance Smart Card

Cited by 10 publications

References 9 publications

Privacy and security threat analysis of the federal employee personal identity verification (PIV) program

Privacy and security threat analysis of the federal employee personal identity verification (PIV) program

An On-Line Secure E-Passport Protocol

Designing a Side Channel Resistant Random Number Generator

Contact Info

Product

Resources

About