Abstract:Abstract.We give an intuitive formal definition of untraceability in the standard Dolev-Yao intruder model, inspired by existing definitions of anonymity. We show how to verify whether communication protocols satisfy the untraceability property and apply our methods to known RFID protocols. We show a previously unknown attack on a published RFID protocol and use our framework to prove that the protocol is not untraceable.
“…In this kind of networks, we have provided a solution for detecting a particular trust relation between two nodes in an anonymous and unobservable way. We believe that these two properties will be of first importance in a near future in the design of security protocols, for instance in the RFID research field [16,10]. In future work, we plan to address some complexity issues of our solutions: decreasing the complexity of trust detection algorithm, reduce the use of asymmetric cryptography and add appropriate cryptographic puzzles for mitigating the exhaustion of computation resources.…”
Abstract. More and more mobile devices feature wireless communication capabilities. They can self-organize in a mobile ad hoc network in order to communicate and maintain connectivity without any infrastructure component.In this context, some devices may benefit from established trust relations in order to communicate private data. Various solutions already exist for establishing and detecting such trust relations. But is it still possible to detect a trust relation in an unobservable manner? That is, in a way that an attacker cannot understand whether devices share a trust relation or not.We exhibit a solution to this problem. Our solution guaranties the anonymity and the unobservability of participants against passive and active attackers. The security properties of the solution are machine checked with the AVISPA framework [2] and the SPAN tool [5].The main applications could be found in mobile ad hoc networks and in vehicular networks [6,7] where anonymity and unobservability contribute to a better privacy.
“…In this kind of networks, we have provided a solution for detecting a particular trust relation between two nodes in an anonymous and unobservable way. We believe that these two properties will be of first importance in a near future in the design of security protocols, for instance in the RFID research field [16,10]. In future work, we plan to address some complexity issues of our solutions: decreasing the complexity of trust detection algorithm, reduce the use of asymmetric cryptography and add appropriate cryptographic puzzles for mitigating the exhaustion of computation resources.…”
Abstract. More and more mobile devices feature wireless communication capabilities. They can self-organize in a mobile ad hoc network in order to communicate and maintain connectivity without any infrastructure component.In this context, some devices may benefit from established trust relations in order to communicate private data. Various solutions already exist for establishing and detecting such trust relations. But is it still possible to detect a trust relation in an unobservable manner? That is, in a way that an attacker cannot understand whether devices share a trust relation or not.We exhibit a solution to this problem. Our solution guaranties the anonymity and the unobservability of participants against passive and active attackers. The security properties of the solution are machine checked with the AVISPA framework [2] and the SPAN tool [5].The main applications could be found in mobile ad hoc networks and in vehicular networks [6,7] where anonymity and unobservability contribute to a better privacy.
“…So far, attempts at formalising privacy have usually been domain-specific (e.g., [22,2,10,3,4,23,11,12,24]). We advocate a domain-independent approach to privacy, and develop a formal framework to achieve this in Sect.…”
Abstract. Protecting privacy against bribery/coercion is a necessary requirement in electronic services, like e-voting, e-auction and e-health. Domain-specific privacy properties have been proposed to capture this. We generalise these properties as enforced privacy: a system enforces a user's privacy even when the user collaborates with the adversary. In addition, we account for the influence of third parties on a user's privacy. Third parties can help to break privacy by collaborating with the adversary, or can help to protect privacy by cooperating with the target user. We propose independency of privacy to capture the negative privacy impact that third parties can have, and coalition privacy to capture their positive privacy impact. We formally define these privacy notions in the applied pi calculus and build a hierarchy showing their relations.
“…Although these protocols tried to provide secure and untraceable communication for RFID systems, however many weaknesses have been found in them [16,17,18,19,20,21]. In this context, Yeh et al have recently proposed a RFID mutual authentication protocol compatible with EPC C-1 G-2 standard [22] that we name SRP (Securing RFID Protocol) in this paper.…”
Abstract. Yeh et al. have recently proposed a mutual authentication protocol based on EPC Class-1 Gen.-2 standard. They claim their protocol is secure against adversarial attacks and also provides forward secrecy. In this paper we show that the proposed protocol does not have cited security features properly. A powerful and practical attack is presented on this protocol whereby the whole security of the protocol is broken. Furthermore, Yeh et al.'s protocol does not assure the untraceabilitiy and backwarduntraceabilitiy attributes. We also will propose our revision to safeguard the Yeh et al.'s protocol against cited attacks.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.