Unpicking PLAID: a cryptographic analysis of an ISO-standards-track authentication protocol |
| |
Authors: | Jean Paul Degabriele Victoria Fehr Marc Fischlin Tommaso Gagliardoni Felix Günther Giorgia Azzurra Marson Arno Mittelbach Kenneth G. Paterson |
| |
Affiliation: | 1.Information Security Group, Royal Holloway,University of London,London,UK;2.Cryptoplexity,Technische Universit?t Darmstadt,Darmstadt,Germany |
| |
Abstract: | The Protocol for Lightweight Authentication of Identity (PLAID) aims at secure and private authentication between a smart card and a terminal. Originally developed by a unit of the Australian Department of Human Services for physical and logical access control, PLAID has now been standardized as an Australian standard AS-5185-2010 and is currently in the fast-track standardization process for ISO/IEC 25185-1. We present a cryptographic evaluation of PLAID. As well as reporting a number of undesirable cryptographic features of the protocol, we show that the privacy properties of PLAID are significantly weaker than claimed: using a variety of techniques, we can fingerprint and then later identify cards. These techniques involve a novel application of standard statistical and data analysis techniques in cryptography. We discuss potential countermeasures to our attacks and comment on our experiences with the standardization process of PLAID. |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|