On Privacy for RFID

Vaudenay, Serge

doi:10.1007/978-3-319-26059-4_1

Cited by 6 publications

(6 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We disproved the result by [6] about the prover privacy of their protocol. In Table 2 we list all (secure) public-key distance bounding protocols (following [12]), where insecure soundness means that a terrorist fraud is possible, that is, a far away malicious prover could make the verifier accept with the help of a close-by malicious participant, and without having the information about his secret extractable from his view. Hence, the only existing pubic-key distance-bounding protocol offering privacy so far are the HPO protocol [2], privDB [9], and eProProx [12].…”

Section: Resultsmentioning

confidence: 99%

See 1 more Smart Citation

Privacy failure in the public‐key distance‐bounding protocols

Vaudenay

2016

IET Information Security

Self Cite

View full text Add to dashboard Cite

Section: Resultsmentioning

confidence: 99%

“…This work was partly sponsored by the ICT COST Action IC1403 Cryptacus in the EU Framework Horizon 2020. [2] insecure secure insecure GOR [6] insecure insecure insecure privDB [9] insecure secure secure ProProx [10,11] secure insecure insecure eProProx [12] secure secure secure…”

Section: Acknowledgmentsmentioning

confidence: 99%

Privacy failure in the public‐key distance‐bounding protocols

Vaudenay

2016

IET Information Security

Self Cite

View full text Add to dashboard Cite

“…Because of this disconnection, all DB protocols require separate security analysis for each of them. The only publickey DB protocols that are secure against all of them (MiM, DF, DH, TF') are ProProx [27], its variant eProProx [25] and TREAD [2]. Some important distance bounding protocols [6,8,10,15,21,23,19] are all vulnerable to TF'.…”

Section: Introductionmentioning

confidence: 99%

Formal Analysis of Distance Bounding with Secure Hardware

Kılınç

Vaudenay

2018

Applied Cryptography and Network Security

Self Cite

View full text Add to dashboard Cite

A distance bounding (DB) protocol is a two-party authentication protocol between a prover and a verifier which is based on the distance between the prover and the verifier. It aims to defeat threats by malicious provers who try to convince that they are closer to the verifier or adversaries which seek to impersonate a faraway prover. All these threats are covered in several security definitions and it is not possible to have a single definition covering all. In this paper, we describe a new DB model with three parties where the new party is named hardware. In this model, called secure hardware model (SHM), the hardware is held by the prover without being able to tamper with. We define an all-in-one security model which covers all the threats of DB and an appropriate privacy notion for SHM. In the end, we construct the most efficient (in terms of computation by the prover-hardware and number of rounds) and secure DB protocols achieving the optimal security bounds as well as privacy.

show abstract

“…If the distance of a prover is close enough, the verifier will be sure of the nonexistence of relay attack during the protocol execution. Apparently, it is necessary to utilize a secure distance bounding [20,26,25,27,12,6,24,9,10] in contactless payment.…”

Section: Introductionmentioning

confidence: 99%

Secure Contactless Payment

Kılınç

Vaudenay

2018

Information Security and Privacy

Self Cite

View full text Add to dashboard Cite

A contactless payment lets a card holder execute payment without any interaction (e.g., entering PIN or signing) between the terminal and the card holder. Even though the security is the first priority in a payment system, the formal security model of contactless payment does not exist. Therefore, in this paper, we design an adversarial model and define formally the contactless-payment security against malicious cards and malicious terminals including relay attacks. Accordingly, we design a contactless-payment protocol and show its security in our security model. At the end, we analyze EMV-contactless which is a commonly used specification by most of the mobile contactless-payment systems and credit cards in Europe. We find that it is not secure against malicious cards. We also prove its security against malicious terminals in our model. This type of cryptographic proof has not been done before for the EMV specification.

show abstract

On Privacy for RFID

Cited by 6 publications

References 37 publications

Privacy failure in the public‐key distance‐bounding protocols

Privacy failure in the public‐key distance‐bounding protocols

Formal Analysis of Distance Bounding with Secure Hardware

Secure Contactless Payment

Contact Info

Product

Resources

About