Jens Hermans

A new RFID privacy model

This paper critically examines some recently proposed RFID privacy models. It shows that some models suffer from weaknesses such as insufficient generality and unrealistic assumptions regarding the adversarys ability to corrupt tags. We propose a new RFID privacy model that is based on the notion of indistinguishability and that does not suffer from the identified drawbacks. We demonstrate the easy applicability of our model by applying it to multiple existing RFID protocols.

Speed records for NTRU

In this paper NTRUEncrypt is implemented for the first time on a GPU using the CUDA platform. As is shown, this operation lends itself perfectly for parallelization and performs extremely well compared to similar security levels for ECC and RSA giving speedups of around three to five orders of magnitude. The focus is on achieving a high throughput, in this case performing a large number of encryptions/decryptions in parallel. Using a modern GTX280 GPU a throughput of up to 200 000 encryptions per second can be reached at a security level of 256 bits. This gives a theoretical data throughput of 47.8 MB/s. Comparing this to a symmetric cipher (not a very common comparison), this is only around 20 times slower than a recent AES implementation on a GPU.

Parallel shortest lattice vector enumeration on graphics cards

In this paper we present an algorithm for parallel exhaustive search for short vectors in lattices. This algorithm can be applied to a wide range of parallel computing systems. To illustrate the algorithm, it was implemented on graphics cards using CUDA, a programming framework for NVIDIA graphics cards. We gain large speedups compared to previous serial CPU implementations. Our implementation is almost 5 times faster in high lattice dimensions. Exhaustive search is one of the main building blocks for lattice basis reduction in cryptanalysis. Our work results in an advance in practical lattice reduction.

Proper RFID Privacy: Model and Protocols

We approach RFID privacy both from modelling and protocol point of view. Our privacy model avoids the drawbacks of several proposed RFID privacy models that either suffer from insufficient generality or put forward unrealistic assumptions regarding the adversarys ability to corrupt tags. Furthermore, our model can handle multiple readers and introduces two new privacy notions to capture the recently discovered insider attackers. We analyse multiple existing RFID protocols, demonstrating the easy applicability of our model, and propose a new wide-forward-insider private RFID authentication protocol. This protocol provides sufficient privacy guarantees for most practical applications and is the most efficient of its kind, it only requires two scalar-EC point multiplications.

Efficient, secure, private distance bounding without key updates

We propose a new distance bounding protocol, which builds upon the private RFID authentication protocol by Peeters and Hermans [25]. In contrast to most distance-bounding protocols in literature, our construction is based on public-key cryptography. Public-key cryptography (specifically Elliptic Curve Cryptography) can, contrary to popular belief, be realized on resource constrained devices such as RFID tags. Our protocol is wide-forward-insider private, achieves distance-fraud resistance and near-optimal mafia-fraud resistance. Furthermore, it provides strong impersonation security even when the number of time-critical rounds supported by the tag is very small. The computational effort for the protocol is only four scalar-EC point multiplications. Hence the required circuit area is minimal because only an ECC coprocessor is needed: no additional cryptographic primitives need to be implemented.

Optimization of inland shipping

In this paper, we explore problems and algorithms related to the optimisation of locks, as used in inland shipping. We define several optimisation problems associated with inland shipping. We prove that the problem of scheduling a lock is NP-hard if one allows multiple ships to go through in the same lock operation. The single-ship lock optimization problem can, however, be solved in polynomial time and a novel deterministic scheduling algorithm for solving this problem is presented in this paper.

n-Auth: Mobile Authentication Done Right

Weak security, excessive personal data collection for user profiling, and a poor user experience are just a few of the many problems that mobile authentication solutions suffer from. Despite being an interesting platform, mobile devices are still not being used to their full potential for authentication. n-Auth is a firm step in unlocking the full potential of mobile devices in authentication, by improving both security and usability whilst respecting the privacy of the user. Our focus is on the combined usage of several strong cryptographic techniques with secure HCI design principles to achieve a better user experience. We specified and built n-Auth, for which robust Android and iOS apps are openly available through the official stores.

High-Speed Dating Privacy-Preserving Attribute Matching for RFID

This paper presents a new approach for RFID tag attribute matching problem. Unlike previous approaches, most notably the T-Match protocol, presented in [9], we do not need a central database server or any connectivity between readers. Furthermore, we do not need expensive homomorphic encryption or multiparty computation and we extend attribute matching to multiple attributes per tag; a feature that broadens the range of possible applications of the protocol. We achieve this increased flexibility and decreased complexity by moving some relatively cheap cryptographic computations to the tags. Specifically, one of the protocols presented in this paper only needs a (lightweight) hash function implemented on the tags. Two other protocols additionally need asymmetric encryption, which is feasible on more powerful tags that support elliptic-curve scalar multiplication.