wide strong private rf identification based on zero
play

Wide Strong Private RF IDentification based on Zero-Knowledge Roel - PowerPoint PPT Presentation

Feb 08, 2023 •234 likes •501 views

Wide Strong Private RF IDentification based on Zero-Knowledge Roel Peeters and Jens Hermans Provable Privacy Workshop, 10 July 2012 RFID Privacy Wig model #4456 (cheap polyester) Replacement hip medical part #459382 Das Kapital and

  1. Wide Strong Private RF IDentification based on Zero-Knowledge Roel Peeters and Jens Hermans Provable Privacy Workshop, 10 July 2012

  2. RFID Privacy Wig model #4456 (cheap polyester) Replacement hip medical part #459382 Das Kapital and Communist-party handbook 500 Euros in wallet Serial numbers: 597387,389473… 30 items of lingerie

  3. RFID Privacy 41126751 Wig model #4456 (cheap polyester) 93479122 Replacement hip medical part #459382 Das Kapital and 54872164 Communist-party handbook 500 Euros in wallet 55542390 Serial numbers: 09840921 597387,389473… 30 items of lingerie

  4. RFID Privacy Model Weak Adversary DrawTag SendTag SendReader FreeTag ! Result

  5. RFID Privacy Model Forward Adversary DrawTag SendTag SendReader Corrupt FreeTag ! Result

  6. RFID Privacy Model Forward Adversary Secret

  7. RFID Privacy Model Strong Adversary DrawTag SendTag SendReader Corrupt FreeTag ! Result

  8. RFID Privacy Model Strong Adversary DrawTag SendTag SendReader Secret FreeTag ! Result

  9. Private Identification Protocol ! Requirements } ! Correct Should not be neglected ! ! Sound ! Private Not sound Not correct

  10. Design Goals ! RFID Identification protocol that is: ! Secure ! Wide-strong private ! Efficient ! Compact hardware

  11. Design Goals ! Secure, wide-strong private protocols require Public Key Cryptography ! Elliptic Curve Cryptography coprocessor can be implemented on RFID [LBSV’07] [WH’11] ! Limit the number of cryptographic building blocks, e.g. ideally no hash functions

  12. Secure, wide-strong protocols ! Two known protocols: ! Vaudenay’s Public Key Encryption ! Canard et al.’s Hashed ElGamal ! Both based on (variant) IND-CCA2

  13. Vaudenay’s Public Key Encryption Tag ( ID, K, PK ) Reader ( sk, DB ) a DHIES 2 EC mult IND-CCA2 1 Hash b = ENC PK (ID !! K !! a) 1 MAC 1 symm enc ID* !! K* !! a* = DEC sk (b) a* == a " (ID*, K*) # DB ?

  14. Canard et al.’s Hashed ElGamal Tag ( ID, K, Y ) Reader ( y, DB ) a 2 EC mult T 0 = MAC K (a !! b) 1 Hash T 1 = (T 0 !! ID !! b) $ H(rY) 1 MAC T 2 = rP T 1 , T 2 T 0 * !! ID* !! b* = T 1 $ H(rT 2 ) ID* # DB ? T 0 = MAC K* (a !! b*)?

  15. Randomized Schnorr Tag ( x, Y ) Reader ( y, DB ) R 1 = r 1 P, R 2 = r 2 Y e s = ex + r 1 + r 2 X* = e -1 (sP - R 1 - y -1 R 2 ) # DB ?

  16. Randomized Schnorr not wide-weak Tag ( x, Y ) Reader ( y, DB ) R 1 , R 2 , e, s R 1 = r 1 P, R 2 = r 2 Y R 1 + R 1 , R 2 + R 2 e - e e s = (e - e)x + r 1 + r 2 s + s = ex + r 1 + r 1 + r 2 + r 2 X* = e -1 (s*P - R 1 * - y -1 R 2 *) # DB ? result

  17. Randomized Hashed GPS Tag ( x, Y ) Reader ( y, DB ) R 1 = r 1 P, R 2 = r 2 Y h = H(R 1 ,R 2 ) e R 1 , R 2 , s = ex + r 1 + r 2 h = H(R 1 ,R 2 ) " X* = e -1 (sP - R 1 - y -1 R 2 ) # DB ?

  18. Randomized Hashed GPS not wide-strong Tag ( x, Y ) Reader ( y, DB ) x h = H(R 1 ,R 2 ) h e - 1 e R 1 , R 2 , s = (e-1)x + r 1 + r 2 R 1 , R 2 , s + x = ex + r 1 + r 2 h = H(R 1 ,R 2 ) " X* = e -1 (sP - R 1 - y -1 R 2 ) # DB ? result

  19. New Protocol Tag ( x, Y ) Reader ( y, DB ) R 1 = r 1 P, R 2 = r 2 P e d = x-coord(x-coord( r 2 Y ) P ) s = dx + er 1 d* = x-coord(x-coord( yR 2 ) P ) X* = d* -1 (sP - eR 1 ) # DB ?

  20. New Protocol Tag ( x, Y ) Reader ( y, DB ) R 1 = r 1 P, R 2 = r 2 P e One More Discrete Logarithm, just like Schnorr d = x-coord(x-coord( r 2 Y ) P ) s = dx + er 1 d* = x-coord(x-coord( yR 2 ) P ) X* = d* -1 (sP - eR 1 ) # DB ?

  21. New Protocol Tag ( x, Y ) Reader ( y, DB ) R 1 = r 1 P, R 2 = r 2 P e Diffie Hellman One More Discrete Logarithm, just like Schnorr d = x-coord(x-coord( r 2 Y ) P ) s = dx + er 1 d* = x-coord(x-coord( yR 2 ) P ) X* = d* -1 (sP - eR 1 ) # DB ?

  22. New Protocol Tag ( x, Y ) Reader ( y, DB ) R 1 = r 1 P, R 2 = r 2 P e Diffie Hellman One More Discrete Logarithm, just like Schnorr d = x-coord(x-coord( r 2 Y ) P ) s = dx + er 1 Oracle Diffie Hellman d* = x-coord(x-coord( yR 2 ) P ) ECC-based, no hash to X* = d* -1 (sP - eR 1 ) # DB ? keep HW design compact

  23. More Efficient Variant Tag ( x, Y ) Reader ( y, DB ) R = rP e d = x-coord( rY ) s = dx + er d* = x-coord( yR ) X* = d* -1 (sP - eR) # DB ?

  24. Conclusions ! Proven security and wide-strong privacy ! Efficient : only 2 EC multiplications ! Compact HW: no hash function

  25. Full paper on ePrint ! http://eprint.iacr.org/2012/389

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Game Bot Identification Game Bot Identification based on Manifold Learning based on Manifold

Game Bot Identification Game Bot Identification based on Manifold Learning based on Manifold

Game Bot Identification Game Bot Identification based on Manifold Learning based on Manifold Learning Kuan Ta Chen Academia Sinica Hsing Kuo Pao NTUST Hong Chung Chang NTUST ACM NetGames 2008 Game Bots Game bots: automated AI programs

371 views • 36 slides
Forensic Body Fluid Identification o Body fluid identification can provide information linking

Forensic Body Fluid Identification o Body fluid identification can provide information linking

Genome-wide methylation profiling and a multiplex construction for the identification of body fluids using epigenetic markers Hwan Young Lee, Ja Hyun An, Sang-Eun Jung, Yu Na Oh, Eun Young Lee, Ajin Choi, Woo Ick Yang, Kyoung-Jin Shin

232 views • 10 slides
& Development Esther Chia Lawrence Ho Sophia Sim Building strong movement foundations

& Development Esther Chia Lawrence Ho Sophia Sim Building strong movement foundations

Talent Identification & Development Esther Chia Lawrence Ho Sophia Sim Building strong movement foundations What is Physical Literacy? Physical Literacy is the ability to move with competence and confidence in a wide variety of physical

634 views • 45 slides
Extent- -based Incremental Identification based Incremental Identification Extent of Reaction

Extent- -based Incremental Identification based Incremental Identification Extent of Reaction

LABORATOIRE DAUTOMATIQUE AUTOMATIC CONTROL LABORATORY Extent- -based Incremental Identification based Incremental Identification Extent of Reaction Kinetics from Spectroscopic Data of Reaction Kinetics from Spectroscopic Data XIII

428 views • 23 slides
Identification of Human Gait Why Fourier-Based . . . Why Fourier-Based . . . in

Identification of Human Gait Why Fourier-Based . . . Why Fourier-Based . . . in

Introduction Formulation of the . . . Straightforward . . . Identification of Human Gait Why Fourier-Based . . . Why Fourier-Based . . . in Neuro-Rehabilitation: Shift Detection: . . . Towards Efficient Algorithms General Case Conclusions

502 views • 10 slides
THE PROBLEM OF PRIVATE IDENTIFICATION PROTOCOLS Ruxandra F. Olimid and Stig F. Mjlsnes Dept.

THE PROBLEM OF PRIVATE IDENTIFICATION PROTOCOLS Ruxandra F. Olimid and Stig F. Mjlsnes Dept.

THE PROBLEM OF PRIVATE IDENTIFICATION PROTOCOLS Ruxandra F. Olimid and Stig F. Mjlsnes Dept. of Information Security and Communication Technology, NTNU, Norway Real World Crypto 2018 Zurich, January 10 Motivation - LTE 2 LTE -

661 views • 25 slides
Observing Strategy Considerations for Strong Lensing Science Intro Strong gravitational lensed

Observing Strategy Considerations for Strong Lensing Science Intro Strong gravitational lensed

Observing Strategy Considerations for Strong Lensing Science Intro Strong gravitational lensed are rare events (1 in 10 4 galaxies capable of being a lens) Requirements for general strong lens discovery: Wide area with reasonable

494 views • 15 slides
WIDE Project RFID/Auto-ID activities Yojiro UO Auto-ID Labs, JAPAN WIDE Project Auto-ID

WIDE Project RFID/Auto-ID activities Yojiro UO Auto-ID Labs, JAPAN WIDE Project Auto-ID

WIDE Project RFID/Auto-ID activities Yojiro UO Auto-ID Labs, JAPAN WIDE Project Auto-ID activities in WIDE Why are we working for RFID? RFID (radio frequency Identification) is a one of the key device to glue Real and Virtual space

820 views • 6 slides
Journey Background GM- wide Healthier Together programme, based on hub & non-

Journey Background GM- wide Healthier Together programme, based on hub & non-

Manchester University NHS Foundation Trust Our Surgical AEC Journey Background GM- wide Healthier Together programme, based on hub & non- hub sites. Merger of two large university hospital Trusts with a wide range of

108 views • 6 slides
Person Re-Identification Yiheng Liu Outli line Background Image-Based Person

Person Re-Identification Yiheng Liu Outli line Background Image-Based Person

Person Re-Identification Yiheng Liu Outli line Background Image-Based Person Re-Identification Partial Person Re-identification Video-Based Person Re-Identification Our Methods Outli line Background Image-Based

373 views • 26 slides
From 5-pass MQ -based identification to MQ -based signatures Ming-Shing Chen 1 , 2 , Andreas

From 5-pass MQ -based identification to MQ -based signatures Ming-Shing Chen 1 , 2 , Andreas

From 5-pass MQ -based identification to MQ -based signatures Ming-Shing Chen 1 , 2 , Andreas Hlsing 3 , Joost Rijneveld 4 , Simona Samardjiska 5 , Peter Schwabe 4 National Taiwan University 1 / Academia Sinica 2 , Taipei, Taiwan Eindhoven

707 views • 44 slides
Strong normalization for the parameter-free Strong polymorphic lambda calculus based on the

Strong normalization for the parameter-free Strong polymorphic lambda calculus based on the

Strong Normalization Akiyoshi and Terui Introduction Our Results Strong normalization for the parameter-free Strong polymorphic lambda calculus based on the -rule Normalization Theorem Previous Results Buchholz -Rule Ryota

706 views • 35 slides
Secret Shuffling: A Novel Approach to RFID Private Identification Claude Castelluccia and Mate

Secret Shuffling: A Novel Approach to RFID Private Identification Claude Castelluccia and Mate

Secret Shuffling: A Novel Approach to RFID Private Identification Claude Castelluccia and Mate Soos INRIA, 655 avenue de lEurope, Montbonnot, France { claude.castelluccia, mate.soos } @inrialpes.fr Abstract. This paper considers the problem of

514 views • 12 slides
RFID-based Identification System in a Hospital

RFID-based Identification System in a Hospital

RFID-based Identification System in a Hospital IoT Conference, ETH Zurich 2008 Welcome Internet of Things 2008 Dr.med. Marc Oertle Medical Informatics Agenda

1.4k views • 23 slides
Genome Wide SNP Selection with Entropy Based Methods Zhenqiu Liu University of Maryland

Genome Wide SNP Selection with Entropy Based Methods Zhenqiu Liu University of Maryland

Genome Wide SNP Selection with Entropy Based Methods Zhenqiu Liu University of Maryland Greenebaum Cancer Center Genome Wide SNP Selection with Entropy Based Methods p. 1/40 The Genetic Diversity in Humane Any two unrelated people are 99%

606 views • 50 slides
LudgerT ag V-T ag for N-glycan profiling and identification Highlights of the V-Tag System

LudgerT ag V-T ag for N-glycan profiling and identification Highlights of the V-Tag System

LudgerT ag V-T ag for N-glycan profiling and identification Highlights of the V-Tag System V-Tag labeling Allows glycan identification and quantitation using (U)HPLC. Provides data comparable to gold-standard glycoprofiling method based on

175 views • 15 slides
Wall Crossings for Double Hurwitz Numbers Renzo Cavalieri Colorado State University FPSAC Aug

Wall Crossings for Double Hurwitz Numbers Renzo Cavalieri Colorado State University FPSAC Aug

Wall Crossings for Double Hurwitz Numbers Renzo Cavalieri Colorado State University FPSAC Aug 3, 2010 Renzo Cavalieri Wall Crossings for Double Hurwitz Numbers Coauthors This is joint work with Paul Johnson (Imperial College) and Hannah

638 views • 26 slides
EHEALTH COMMISSION MEETING WEB-CONFERENCE ONLY JULY 29, 2020 NOTE: NEW WEB-CONFERENCE LINK AND

EHEALTH COMMISSION MEETING WEB-CONFERENCE ONLY JULY 29, 2020 NOTE: NEW WEB-CONFERENCE LINK AND

EHEALTH COMMISSION MEETING WEB-CONFERENCE ONLY JULY 29, 2020 NOTE: NEW WEB-CONFERENCE LINK AND #+16699009128,,385634097# US IF YOU ARE EXPERIENCING AUDIO OR PRESENTATION DIFFICULTIES DURING THIS MEETING, PLEASE TEXT ISSUES TO 720-545-7779

507 views • 33 slides
Reasoning about Codata Ralf Hinze Computing Laboratory, University of Oxford Wolfson Building,

Reasoning about Codata Ralf Hinze Computing Laboratory, University of Oxford Wolfson Building,

Reasoning about Codata 0.0 Reasoning about Codata Ralf Hinze Computing Laboratory, University of Oxford Wolfson Building, Parks Road, Oxford, OX1 3QD, England ralf.hinze@comlab.ox.ac.uk http://www.comlab.ox.ac.uk/ralf.hinze/ May 2009

1.65k views • 138 slides
Implementing Semiring-Based Constraints using Mozart Alberto Delgado Carlos Alberto Olarte

Implementing Semiring-Based Constraints using Mozart Alberto Delgado Carlos Alberto Olarte

Implementing Semiring-Based Constraints using Mozart Alberto Delgado Carlos Alberto Olarte Jorge Andres Perez Camilo Rueda 1 1 Pontificia Universidad Javeriana-Cali Mozart/Oz Conference 2004 Delgado A., Olarte C., Perez J. and Rueda C.

402 views • 27 slides
A Short Introduction to Servo Web Engines Hackfest 2014 Martin Robinsonn @abandonedwig The

A Short Introduction to Servo Web Engines Hackfest 2014 Martin Robinsonn @abandonedwig The

A Short Introduction to Servo Web Engines Hackfest 2014 Martin Robinsonn @abandonedwig The Modern Browser Fast JavaScript engines Optimized layout routines Rapidly evolving rendering pipelines Ever increasing concurrency Not Good Enough

647 views • 23 slides
Symmetry-adapted bases for ab initio structure and reaction theory Alexis Mercenne, Kristina

Symmetry-adapted bases for ab initio structure and reaction theory Alexis Mercenne, Kristina

Symmetry-adapted bases for ab initio structure and reaction theory Alexis Mercenne, Kristina Launey, Tomas Dytrych, Jerry Draayer Department of Physics & Astronomy, Louisiana State University, Baton Rouge, LA, 70803 Jutta Escher

693 views • 18 slides
Ab initio nuclear structure calculations Thomas Papenbrock and Coworkers: G. Hagen, D. J. Dean,

Ab initio nuclear structure calculations Thomas Papenbrock and Coworkers: G. Hagen, D. J. Dean,

Ab initio nuclear structure calculations Thomas Papenbrock and Coworkers: G. Hagen, D. J. Dean, M. Hjorth-Jensen, B. Velamur Asokan Happy Birthday, Jochen! EMMI workshop Strongly coupled systems

381 views • 19 slides
Tuturial: ( ab initio ) Density Functional Calculations with FPLO Manuel Richter (IFW Dresden)

Tuturial: ( ab initio ) Density Functional Calculations with FPLO Manuel Richter (IFW Dresden)

Tuturial: ( ab initio ) Density Functional Calculations with FPLO Manuel Richter (IFW Dresden) FPLO: full-potential local-orbital code; http://www.fplo.de 100,000 FORTRAN lines; 100,000 C lines; 20 person years here: basic handling of the

384 views • 4 slides

More recommend