Security Standardisation Research

The Protocol for Lightweight Authentication of Identity (PLAID) aims at secure and private authentication between a smart card and a terminal. Originally developed by a unit of the Australian Department of Human Services for physical and logical access control, PLAID has now been standardized as an Australian standard AS-5185-2010 and is currently in the fast track standardization process for ISO/IEC 251851.2. We present a cryptographic evaluation of PLAID. As well as reporting a number of undesirable cryptographic features of the protocol, we show that the privacy properties of PLAID are significantly weaker than claimed: using a variety of techniques we can fingerprint and then later identify cards. These techniques involve a novel application of standard statistical and data analysis techniques in cryptography. We also discuss countermeasures to our attacks.

[1]  Tibor Jager,et al.  Generic Compilers for Authenticated Key Exchange , 2010, ASIACRYPT.

[2]  Eric Rescorla Keying Material Exporters for Transport Layer Security (TLS) , 2010, RFC.

[3]  Mark Manulis,et al.  A Modular Framework for Multi-Factor Authentication and Key Exchange , 2014, SSR.

[4]  Andre Scedrov,et al.  A formal analysis of ome properties of kerberos 5 using MSR , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[5]  Ralf Küsters,et al.  Reducing protocol analysis with XOR to the XOR-free case in the horn theory based approach , 2008, CCS.

[6]  Dennis Longley,et al.  An automatic search for security flaws in key management schemes , 1992, Comput. Secur..

[7]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[8]  Douglas Stebila,et al.  Secure modular password authentication for the web using channel bindings , 2014, International Journal of Information Security.

[9]  Antonio González Burgueño Protocol analysis modulo exclusive-or theories: a case study in Maude-MPA , 2015 .

[10]  Catherine A. Meadows,et al.  Formal specification and analysis of the Group Domain Of Interpretation Protocol using NPATRL and the NRL Protocol Analyzer , 2004, J. Comput. Secur..

[11]  Catherine A. Meadows,et al.  Analysis of the Internet Key Exchange protocol using the NRL Protocol Analyzer , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[12]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[13]  José Meseguer,et al.  Sequential Protocol Composition in Maude-NPA , 2010, ESORICS.

[14]  Vitaly Shmatikov,et al.  Intruder deductions, constraint solving and insecurity decision in presence of exclusive or , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[15]  Véronique Cortier,et al.  Automatic Analysis of the Security of XOR-Based Key Management Schemes , 2007, TACAS.

[16]  J. Doug Tygar,et al.  The battle against phishing: Dynamic Security Skins , 2005, SOUPS '05.

[17]  David A. Basin,et al.  The TAMARIN Prover for the Symbolic Analysis of Security Protocols , 2013, CAV.

[18]  Mike Bond Attacks on Cryptoprocessor Transaction Sets , 2001, CHES.

[19]  Bodo Möller,et al.  Strong password-based authentication in TLS using the three-party group Diffie?Hellman protocol , 2007, Int. J. Secur. Networks.

[20]  Martín Abadi,et al.  Just fast keying in the pi calculus , 2004, TSEC.

[21]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[22]  Véronique Cortier,et al.  A generic security API for symmetric key management on cryptographic devices , 2014, Inf. Comput..

[23]  John Linn,et al.  Generic Security Service Application Program Interface Version 2, Update 1 , 2000, RFC.

[24]  Catherine A. Meadows,et al.  The NRL Protocol Analyzer: An Overview , 1996, J. Log. Program..

[25]  Aybek Mukhamedov Towards a Verified Reference Implementation of a Trusted Platform Module , 2009, Security Protocols Workshop.

[26]  Christian Cachin,et al.  A Secure Cryptographic Token Interface , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[27]  José Meseguer,et al.  Maude-NPA: Cryptographic Protocol Analysis Modulo Equational Properties , 2009, FOSAD.

[28]  Catherine A. Meadows,et al.  Applying Formal Methods to the Analysis of a Key Management Protocol , 1992, J. Comput. Secur..

[29]  Richard A. Kemmerer Using Formal Verification Techniques to Analyze Encryption Protocols , 1987, 1987 IEEE Symposium on Security and Privacy.

[30]  José Meseguer,et al.  Effective Symbolic Protocol Analysis via Equational Irreducibility Conditions , 2012, ESORICS.

[31]  Gavin Keighren Model Checking IBM's Common Cryptographic Architecture API , 2006 .

[32]  Yannick Chevalier,et al.  An NP decision procedure for protocol insecurity with XOR , 2005, Theor. Comput. Sci..

[33]  Véronique Cortier,et al.  New Decidability Results for Fragments of First-Order Logic and Application to Cryptographic Protocols , 2003, RTA.