Houda Ferradi

When organized crime applies academic results: a forensic analysis of an in-card listening device

This paper describes the forensic analysis of what the authors believe to be the most sophisticated smart card fraud encountered to date. In 2010, Murdoch et al. (IEEE Symposium on Security and Privacy, pp 433–446, 2010) described a man-in-the-middle attack against EMV cards. Murdoch et al. (IEEE Symposium on Security and Privacy, pp 433–446, 2010) demonstrated the attack using a general purpose FPGA board, noting that “miniaturization is mostly a mechanical challenge, and well within the expertise of criminal gangs”. This indeed happened in 2011, when about 40 sophisticated card forgeries surfaced in the field. These forgeries are remarkable in that they embed two chips wired top-to-tail. The first chip is clipped from a genuine stolen card. The second chip plays the role of the man-in-the-middle and communicates directly with the point of sale terminal. The entire assembly is embedded in the plastic body of yet another stolen card. The forensic analysis relied on X-ray chip imaging, side-channel analysis, protocol analysis, and microscopic optical inspections.

Legally Fair Contract Signing Without Keystones

In two-party computation, achieving both fairness and guaranteed output delivery is well known to be impossible. Despite this limitation, many approaches provide solutions of practical interest by weakening somewhat the fairness requirement. Such approaches fall roughly in three categories: “gradual release” schemes assume that the aggrieved party can eventually reconstruct the missing information; “optimistic schemes” assume a trusted third party arbitrator that can restore fairness in case of litigation; and “concurrent” or “legally fair” schemes in which a breach of fairness is compensated by the aggrieved party having a digitally signed cheque from the other party (called the keystone).

New Algorithmic Approaches to Point Constellation Recognition

Point constellation recognition is a common problem with many pattern matching applications. Whilst useful in many contexts, this work is mainly motivated by fingerprint matching. Fingerprints are traditionally modelled as constellations of oriented points called minutiae. The fingerprint verifier’s task consists in comparing two point constellations. The compared constellations may differ by rotation and translation or by much more involved transforms such as distortion or occlusion.

Regulating the pace of von Neumann correctors

In a famous paper published in 1951 (Natl Bur Stand Appl Math Ser 12:36–38, 1951), von Neumann presented a simple procedure allowing to correct the bias of random sources. This procedure introduces latencies between the random outputs. On the other hand, algorithms such as stream ciphers, block ciphers, or even modular multipliers usually run in a number of clock cycles which are independent of the operands’ values: feeding such hardware blocks with the inherently irregular output of such de-biased sources frequently proves tricky and is challenging to model at the HDL level. We propose an algorithm to compensate these irregularities, by storing or releasing numbers at given intervals of time. This algorithm is modeled as a special queue that achieves zero blocking probability and a near-deterministic service distribution (i.e., of minimal variance). While particularly suited to cryptographic applications, for which it was designed, this algorithm also applies to a variety of contexts and constitutes an example of queue for which the buffer allocation problem can be solved.

Efficient subtree-based encryption for fuzzy-entity data sharing

Cloud storage brings strong conveniences for flexible data sharing. When sharing data with a large number of entities described with fuzzy identities, the data owners must leverage a suitable encryption scheme to meet the security and efficiency requirements. (hierarchical) Identity-based encryption is a promising candidate to ensure fuzzy-entity data sharing while meeting the security requirement, but encounters the efficiency difficulty in multireceiver settings. We introduce the notion of subtree-based encryption (SBE) to support multireceiver data sharing mechanism in large-scale enterprises. Users in SBE are organized in a tree structure. Superior users can generate the secret keys to their subordinates. Unlike HIBE merely allowing a single decryption path, SBE enables encryption for a subset of users. We define the security notion for SBE, namely Ciphertext Indistinguishability against Adaptively Chosen-Sub-Tree and Chosen-Ciphertext Attack (IND-CST-CCA2). We propose two secure SBE schemes (SBEs). We first propose a basic SBEs against Adaptively Chosen-Sub-Tree and Chosen-Plaintext Attack (IND-CST-CPA), in which we do not allow the attacker to get decryption results from other users in the security game. We then propose a CCA2-secure SBEs from the basic scheme without requiring any other cryptographic primitives. Our CCA2-secure scheme natively allows public ciphertext validity test, which is a useful property when a CCA2-secure SBEs is used to design advanced protocols and auditing mechanisms for fuzzy-entity data sharing.

Non-interactive Provably Secure Attestations for Arbitrary RSA Prime Generation Algorithms

RSA public keys are central to many cryptographic applications; hence their validity is of primary concern to the scrupulous cryptographer. The most relevant properties of an RSA public key \((n, e)\) depend on the factors of \(n\): are they properly generated primes? are they large enough? is \(e\) co-prime with \(\phi (n)\)? etc. And of course, it is out of question to reveal \(n\)’s factors.

Secure Application Execution in Mobile Devices

Smart phones have rapidly become hand-held mobile devices capable of sustaining multiple applications. Some of these applications allow access to services including healthcare, financial, online social networks and are becoming common in the smart phone environment. From a security and privacy point of view, this seismic shift is creating new challenges, as the smart phone environment is becoming a suitable platform for security- and privacy-sensitive applications. The need for a strong security architecture for this environment is becoming paramount, especially from the point of view of Secure Application Execution SAE. In this chapter, we explore SAE for applications on smart phone platforms, to ensure application execution is as expected by the application provider. Most of the proposed SAE proposals are based on having a secure and trusted embedded chip on the smart phone. Examples include the GlobalPlatform Trusted Execution Environment, M-Shield and Mobile Trusted Module. These additional hardware components, referred to as secure and trusted devices, provide a secure environment in which the applications can execute security-critical code and/or store data. These secure and trusted devices can become the target of malicious entities; therefore, they require a strong framework that will validate and guarantee the secure application execution. This chapter discusses how we can provide an assurance that applications executing on such devices are secure by validating the secure and trusted hardware.

Communicating Covertly through CPU Monitoring

This paper show covert channels using the CPU load are possible between clients connected to a multicore remote server.

Backtracking-Assisted Multiplication

This paper describes a new multiplication algorithm, particularly suited to lightweight microprocessors when one of the operands is known in advance. The method uses backtracking to find a multiplication-friendly encoding of the operand known in advance. A 68hc05 microprocessor implementation shows that the new algorithm indeed yields a twofold speed improvement over classical multiplication for 128-byte numbers.

Reusing Nonces in Schnorr Signatures

The provably secure Schnorr signature scheme is popular and efficient. However, each signature requires a fresh modular exponentiation, which is typically a costly operation. As the increased uptake in connected devices revives the interest in resource-constrained signature algorithms, we introduce a variant of Schnorr signatures that mutualises exponentiation efforts.