Catálogo de publicaciones - libros

The EPCglobal Class-1 Generation-2 UHF tag standard is certain to become the worldwide specification for inexpensive RFID tags. Because of its sharp focus on simple “license plate” tags, it supports only the most rudimentary of security and privacy features, and essentially none of the cryptographic techniques that underpin authentication and privacy-protection in higher-powered computational devices. To support more-sophisticated applications, the drafters of this standard envisioned the re-use of the basic air interface and command set in higher-class standards. We propose ways to incorporate mainstream cryptographic functionality into the Class-1 Gen-2 standard. Our techniques circumvene the intended modes of operation of the standard, but adhere closely enough to preserve formal compliance. For this reason, we use the term to describe our layering of new security functionality on the standard.

The term proxy certificate is used to describe a certificate that is issued by an end user for the purpose of delegating responsibility to another user so that the latter can perform certain actions on behalf of the former. Such certificates have been suggested for use in a number of applications, particularly in distributed computing environments where delegation of rights is common. In this paper, we present a new concept called . Our approach allows to combine the verification of the validity of the proxy certificate and the authorization decision making in an elegant way that enhances the privacy of the end user. In contrast with standard proxy certificates that are generated using standard (public-key) signature schemes, the proposed certificates are generated using a signature scheme for which the validity of a generated signature proves the compliance of the signer with a credential-based policy. We present a concrete realization of our approach using bilinear pairings over elliptic curves and we prove its security under adapted attack models.

Rainbow is a fast asymmetric multivariate signature algorithm proposed by J. Ding and D. Schmidt in [5]. This paper presents a cryptanalysis of Rainbow which enables an attacker provided with the public key to recover an equivalent representation of the secret key, thus allowing her to efficiently forge a signature of any message. For the set of parameter values recommended by the authors of Rainbow in order to achieve a security level strictly higher than 2, the complexity of our attack is less than 2 operations. This is 2 times less than the complexity of the best known attack used by the authors to dimension their system.

HB is a shared-key authentication protocol, proposed by Juels and Weis at Crypto 2005, using prior work of Hopper and Blum. Its very low computational cost makes it attractive for low-cost devices such as radio-frequency identification(RFID) tags. Juels and Weis gave a security proof, relying on the hardness of the “learning parity with noise” (LPN) problem. Here, we improve the previous best known algorithm proposed by Blum, Kalai, and Wasserman for solving the LPN problem. This new algorithm yields an attack for HB in the detection-based model with work factor 2.

This is a short summary of the invited talk given by the author at the SCN conference.