Breaking Unlinkability of the ICAO 9303 Standard for e-Passports Using Bisimilarity

Filimonov, Ihor; Horne, Ross; Mauw, Sjouke; Smith, Zach

doi:10.1007/978-3-030-29959-0_28

Cited by 16 publications

(11 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The situation is mirrored, however, if we attempt to formulate a property using too coarse equivalence: real attacks may be missed. Recent work [26,28], comprehensively explains an attack on ePassports that allows unauthorised observers to track movements of the holder. This attack was overlooked by trace equivalence, which is strictly coarser than bisimilarity.…”

Section: Too Coarse An Equivalence Misses Real Attacksmentioning

confidence: 99%

See 1 more Smart Citation

Compositional Analysis of Protocol Equivalence in the Applied $$\pi $$-Calculus Using Quasi-open Bisimilarity

Horne

Mauw

Yurkov

2021

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

This paper shows that quasi-open bisimilarity is the coarsest bisimilarity congruence for the applied $$\pi $$ π -calculus. Furthermore, we show that this equivalence is suited to security and privacy problems expressed as an equivalence problem in the following senses: (1) being a bisimilarity is a safe choice since it does not miss attacks based on rich strategies; (2) being a congruence it enables a compositional approach to proving certain equivalence problems such as unlinkability; and (3) being the coarsest such bisimilarity congruence it can establish proofs of some privacy properties where finer equivalences fail to do so.

show abstract

Section: Too Coarse An Equivalence Misses Real Attacksmentioning

confidence: 99%

“…If the attack is also classically valid it is also a counterexample for observational equivalence. This methodology was used to resolve the problem of whether there is an attack on the BAC protocol for ePassports [26,28], as originally stated in terms of observational equivalence [8].…”

Section: Comparison To Related Work On Observational Equivalencementioning

confidence: 99%

Compositional Analysis of Protocol Equivalence in the Applied $$\pi $$-Calculus Using Quasi-open Bisimilarity

Horne

Mauw

Yurkov

2021

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Hirschi, Baelde and Delaune [15] weakened this definition by redefining unlinkability as a trace equivalence problem for which they develop tool support for obtaining proofs of unlinkability. However, in general, using trace equivalence may lead to missing attacks as pointed out in [16] where Horne, Mauw, and Smith study ePassport protocols and revisit bisimilarity-based strong unlinkability definitions.…”

Section: Related Workmentioning

confidence: 99%

Breaking and Fixing Unlinkability of the Key Agreement Protocol for 2nd Gen EMV Payments

Horne¹,

Mauw²,

Yurkov³

2021

Preprint

Self Cite

View full text Add to dashboard Cite

To address privacy problems with the EMV standard, EMVco proposed a Blinded Diffie-Hellman key establishment protocol. We point out that active attackers were not previously accounted for in the privacy requirements of this proposed protocol, despite the fact that an active attacker can compromise unlinkability. Here, we adopt a strong definition of unlinkability that does account for active attackers and propose an enhancement of the protocol proposed by EMVco where we make use of Verheul certificates. We prove that our protocol does satisfy strong unlinkability, while preserving authentication.

show abstract

“…The privacy goal is to ensure ePassport holders cannot be linked from one session to the next, which is called unlinkability. There are attacks on unlinkability, involving relaying messages to remote readers [14]. Note furthermore, that such attacks do not completely compromise unlinkability, e.g., ePassport holders cannot be tracked forever, only in a limited time window, so there are resource considerations here.…”

Section: An Algorithm For Attack-defence Framework In Its General Formmentioning

confidence: 99%

Attack-Defence Frameworks: Argumentation-Based Semantics for Attack-Defence Trees

Gabbay

Horne

Mauw

et al. 2020

Graphical Models for Security

Self Cite

View full text Add to dashboard Cite

This position paper connects the areas and communities of abstract argumentation and attack-defence trees in the area of security. Both areas deal with attacks, defence and support and both areas rely on applications dealing with human aggressive activities. The unifying idea we use in this paper is to regard arguments as AND-OR attack trees as proposed by Schneier in the security domain. The core model, which is acceptable for both communities, is a pair pS, q, where S is a set of attack trees (the "arguments") and is a binary relation on attack trees (the "attack" relation). This leads us to the notion of an attack-defence framework, which provides an argumentation-based semantics for attack-defence trees and more general attack-defence graphs.

show abstract

Breaking Unlinkability of the ICAO 9303 Standard for e-Passports Using Bisimilarity

Cited by 16 publications

References 25 publications

Compositional Analysis of Protocol Equivalence in the Applied $$\pi $$-Calculus Using Quasi-open Bisimilarity

Compositional Analysis of Protocol Equivalence in the Applied $$\pi $$-Calculus Using Quasi-open Bisimilarity

Breaking and Fixing Unlinkability of the Key Agreement Protocol for 2nd Gen EMV Payments

Attack-Defence Frameworks: Argumentation-Based Semantics for Attack-Defence Trees

Contact Info

Product

Resources

About