Joaquin Garcia-Alfaro

Analysis and improvement of a pseudorandom number generator for EPC Gen2 tags

The EPC Gen2 is an international standard that proposes the use of Radio Frequency Identification (RFID) in the supply chain. It is designed to balance cost and functionality. The development of Gen2 tags faces, in fact, several challenging constraints such as cost, compatibility regulations, power consumption, and performance requirements. As a consequence, security on board of Gen2 tags is often minimal. It is, indeed, mainly based on the use of on board pseudorandomness. This pseudorandomness is used to blind the communication between readers and tags; and to acknowledge the proper execution of password-protected operations. Gen2 manufacturers are often reluctant to show the design of their pseudorandom generators. Security through obscurity has always been ineffective. Some open designs have also been proposed. Most of them fail, however, to prove their correctness. We analyze a recent proposal presented in the literature and demonstrate that it is, in fact, insecure.We propose an alternative mechanism that fits the Gen2 constraints and satisfies the security requirements.

J3Gen: A PRNG for Low-Cost Passive RFID

Pseudorandom number generation (PRNG) is the main security tool in low-cost passive radio-frequency identification (RFID) technologies, such as EPC Gen2. We present a lightweight PRNG design for low-cost passive RFID tags, named J3Gen. J3Gen is based on a linear feedback shift register (LFSR) configured with multiple feedback polynomials. The polynomials are alternated during the generation of sequences via a physical source of randomness. J3Gen successfully handles the inherent linearity of LFSR based PRNGs and satisfies the statistical requirements imposed by the EPC Gen2 standard. A hardware implementation of J3Gen is presented and evaluated with regard to different design parameters, defining the key-equivalence security and nonlinearity of the design. The results of a SPICE simulation confirm the power-consumption suitability of the proposal.

Dynamic deployment of context-aware access control policies for constrained security devices

Abstract: Securing the access to a server, guaranteeing a certain level of protection over an encrypted communication channel, executing particular counter measures when attacks are detected are examples of security requirements. Such requirements are identified based on organizational purposes and expectations in terms of resource access and availability and also on system vulnerabilities and threats. All these requirements belong to the so-called security policy. Deploying the policy means enforcing, i.e., configuring, those security components and mechanisms so that the system behavior be finally the one specified by the policy. The deployment issue becomes more difficult as the growing organizational requirements and expectations generally leave behind the integration of new security functionalities in the information system: the information system will not always embed the necessary security functionalities for the proper deployment of contextual security requirements. To overcome this issue, our solution is based on a central entity approach which takes in charge unmanaged contextual requirements and dynamically redeploys the policy when context changes are detected by this central entity. We also present an improvement over the OrBAC (Organization-Based Access Control) model. Up to now, a controller based on a contextual OrBAC policy is passive, in the sense that it assumes policy evaluation triggered by access requests. Therefore, it does not allow reasoning about policy state evolution when actions occur. The modifications introduced by our work overcome this limitation and provide a proactive version of the model by integrating concepts from action specification languages.

Data and Applications Security and Privacy XXVI

The 17 revised full and 15 short papers presented together with 1 invited paper were carefully reviewed and selected from 49 submissions. The papers are organized in topical sections on access control, confidentiality and privacy, smart cards security, privacy-preserving technologies, data management, intrusion and malware, probabilistic attacks and protection, and cloud computing.

A Practical Implementation Attack on Weak Pseudorandom Number Generator Designs for EPC Gen2 Tags

The Electronic Product Code Generation 2 (EPC Gen2) is an international standard that proposes the use of Radio Frequency Identification (RFID) in the supply chain. It is designed to balance cost and functionality. As a consequence, security on board of EPC Gen2 tags is often minimal. It is, indeed, mainly based on the use of on board pseudorandomness, used to obscure the communication between readers and tags; and to acknowledge the proper execution of password-protected operations. In this paper, we present a practical implementation attack on a weak pseudorandom number generator (PRNG) designed specifically for EPC Gen2 tags. We show that it is feasible to eavesdrop a small amount of pseudorandom values by using standard EPC commands and using them to determine the PRNG configuration that allows to predict the complete output sequence.

Analysis of Threats to the Security of EPC Networks

Detecting and responding to security and privacy threats to Electronic Product Code (EPC) and Radio Frequency IDentification (RFID) technologies are becoming major concerns of information security researchers. However, and before going further in these activities, an evaluation of the threats in terms of importance must be done. We present such an evaluation. Our analysis of the threats is based on a methodology proposed by the European Telecommunications Standards Institute (ETSI). According to this methodology, we rank the threats to EPC networks in order of relevance. This assessment is intended to prioritize threats for future research on appropriate countermeasure mechanisms.

Research in Attacks, Intrusions, and Defenses

Blacklists are commonly used to protect computer systems against the tremendous number of malware threats. These lists include abusive hosts such as malware sites or botnet Command & Control and dropzone servers to raise alerts if suspicious hosts are contacted. Up to now, though, little is known about the effectiveness of malware blacklists. In this paper, we empirically analyze 15 public malware blacklists and 4 blacklists operated by antivirus (AV) vendors. We aim to categorize the blacklist content to understand the nature of the listed domains and IP addresses. First, we propose a mechanism to identify parked domains in blacklists, which we find to constitute a substantial number of blacklist entries. Second, we develop a graph-based approach to identify sinkholes in the blacklists, i.e., servers that host malicious domains which are controlled by security organizations. In a thorough evaluation of blacklist effectiveness, we show to what extent real-world malware domains are actually covered by blacklists. We find that the union of all 15 public blacklists includes less than 20% of the malicious domains for a majority of prevalent malware families and most AV vendor blacklists fail to protect against malware that utilizes Domain Generation Algorithms.

MIRAGE: a management tool for the analysis and deployment of network security policies

We present the core functionality of MIRAGE, a management tool for the analysis and deployment of configuration policies over network security components, such as firewalls, intrusion detection systems, and VPN routers. We review the two main functionalities embedded in our current prototype: (1) a bottom-up analysis of already deployed network security configurations and (2) a top-down refinement of global policies into network security component configurations. In both cases, MIRAGE provides intra-component analysis to detect inconsistencies in single component deployments; and inter-component analysis, to detect multi-component deployments which are not consistent. MIRAGE also manages the description of the security architecture topology, to guarantee the proper execution of all the processes.

Multiple-polynomial LFSR based pseudorandom number generator for EPC Gen2 RFID tags

We present a lightweight pseudorandom number generator (PRNG) design for EPC Gen2 RFID tags. It is based on a linear feedback shift register (LFSR) configured with multiple feedback polynomials that are selected by a physical source of randomness. The proposal successfully handles the inherent linearity of LFSR based PRNGs and satisfies the statistical requirements imposed by the EPC Gen2 standard. Statistical analysis of the sequences generated by our generator confirms the validity of the proposed technique.We show that our proposal has, moreover, a simpler hardware implementation and energy consumption than previous designs reported in the literature.

A multipath routing strategy to prevent flooding disruption attacks in link state routing protocols for MANETs

Multipath routing has been proposed to increase resilience against network failures or improve security in Mobile Ad Hoc Networks (MANETs). The Optimized Link State Routing (OLSR) protocol has been adopted by several multipath routing strategies. They implement Multipoint Relay (MPR) nodes as a flooding mechanism for distributing control information. Ideally, the construction of multiple disjoint paths helps to increase resilience against network failures or malicious attacks. However, this is not always possible. In OLSR networks, partial link-state information is generated and flooded exclusively by the MPRs. Therefore, the nodes only obtain a partial view of the network topology. Additionally, flooding disruption attacks may affect either the selection of the MPRs or the propagation of control traffic information. As a consequence, the chances of constructing multiple disjoint paths are reduced. We present a strategy to compute multiple strictly disjoint paths between any two nodes in OLSR-based networks. We provide mechanisms to improve the view of the network topology by the nodes, as well as handling potential flooding disruption attacks to the multipath construction mechanism in OLSR-based networks. We conduct simulations that confirm our claims.