Petr Dzurenda

Privacy-PAC: Privacy-Enhanced Physical Access Control

The cryptographic privacy-enhancing technologies were originally designed to improve the privacy and digital identity protection in electronic applications, such as cloud services, private Internet databases or communication systems. However, the access to buildings can be controlled in a privacy-respecting way too. In this paper, we introduce the privacy-enhanced physical access control system (Privacy-PAC) based on cryptographic attribute-based authentication protocols. Using the Privacy-PAC, it is possible to control the physical access to restricted areas while respecting the privacy of users. Besides the cryptographic design, we also describe the implementation results on the platforms of smart phones and an embedded verification terminal.

Privacy-Enhanced Data Collection Scheme for Smart-Metering

New types of devices, such as smart-meters, wearables and home appliances, have been connected to the Internet recently. Data they send is usually very privacy sensitive, containing personal information about, e.g., household consumption, health status or behavior profiles of family members. In this paper, we propose a cryptographic scheme for the protection of data collection systems that is secure in the sense of data authenticity and integrity and privacy-friendly at the same time. This functionality is achieved by designing a novel group signature that provides signature anonymity, unlinkability and untraceability while retaining features for malicious user identification. Besides the full cryptographic specification, we also provide implementation results that confirm the computational efficiency of the scheme allowing easy deployment on existing devices.

Multidevice Authentication with Strong Privacy Protection

Card-based physical access control systems are used by most people on a daily basis, for example, at work, in public transportation, or at hotels. Yet these systems have often very poor cryptographic protection. User identifiers and keys can be easily eavesdropped on and counterfeited. The privacy-preserving features are almost missing in these systems. To improve this state, we propose a novel cryptographic scheme based on efficient zero-knowledge proofs and Boneh-Boyen signatures. The proposed scheme is provably secure and provides the full set of privacy-enhancing features, that is, the anonymity, untraceability, and unlinkability of users. Furthermore, our scheme supports distributed multidevice authentication with multiple RFID (Radio-Frequency IDentification) user devices. This feature is particularly important in applications for controlling access to dangerous sites where the presence of protective equipment is checked during each access control session. Besides the full cryptographic specification, we also show the results of our implementation on devices commonly used in access control applications, particularly the smart cards and embedded verification terminals. By avoiding costly operations on user devices, such as bilinear pairings, we were able to achieve times comparable to existing systems (around 500 ms), while providing significantly higher security, privacy protection, and features for RFID multidevice authentication.

Secure and efficient two-factor zero-knowledge authentication solution for access control systems

Abstract The authentication schemes based on common chip cards such as Mifare cards are still very popular and are used in various access control systems deployed in critical infrastructure sectors, universities, companies, libraries, hospitals, and other public and private institutions. On one hand, the access control systems based on these obsolete cards and cryptographic protocols have several security flaws and can be easily attacked. On the other hand, newer authentication schemes usually need many complex cryptographic operations and thus take impractical time on current programmable smart cards during the authentication of users. In this paper, we present a secure and efficient two-factor authentication protocol for fast access control systems and user-things identification schemes based on programmable smart cards. Our protocol is based on a zero-knowledge approach, and it is protected against common attacks. Further, we implement the proposed authentication protocol on current off-the-shelf programmable smart cards in order to demonstrate its efficiency and practicality. Finally, we compare our solution with related works and show the improvement of our solution in computation and communication perspectives.

Efficient and secure access control system based on programmable smart cards

In this paper, we present our smart-card-based access control system based on modern programmable smart cards. We propose an efficient and secure authentication protocol that is based on a zero-knowledge authentication method. Only users who prove the knowledge of private keys stored in smart cards are verified successfully. Our system provides also the tracebility and linkability of user entries. Moreover, all system entities use advanced cryptographic primitives in order to keep a high security level that is required in access control systems employed in critical infrastructures.

Anonymous Credentials with Practical Revocation using Elliptic Curves.

Anonymous Attribute-Based Credential (ABC) schemes allow users to anonymously prove the ownership of their attributes, such as age, citizenship, gender. The ABC schemes are part of a larger group of cryptographic constructions called Privacy Enhancing Technologies (PETs), aiming to increase user’s privacy. In the article, we present a new ABC scheme based on elliptic curves and HM12 scheme. The scheme provides anonymity, untraceability, unlinkability, selective disclosure of attributes, non-transferability, revocation and malicious user identification. By involving elliptic curves, we achieved faster verification phase (by 30%) and smaller communication cost between user and verifier (by 85%) compared to the original HM12 scheme, with equivalent or greater security level.

Anomalous Behaviour of Cryptographic Elliptic Curves over Finite Field

New wireless technologies and approaches enable to connect even the simplest sensors with limited computational power to the global network. The need for efficient and secure solutions is growing with the wider use of these devices. This paper provides a new method for speed optimization of Elliptic Curve Cryptography operations which are frequently used in the light-weight secure communication algorithms. This method is based on the anomalous behaviour of specific elliptic curves. We analyse more than 60 curves of various international standards. Further, our method is less complex, easy to deploy and comparable effective as ordinary, more complex methods. Last but not least, we show the importance of future research in the area of elliptic curve parameterization. DOI: http://dx.doi.org/10.5755/j01.eie.23.5.19248

Profiling power analysis attack based on MLP in DPA contest V4.2

DPA (Differential Power Analysis) Contest is well-known international framework that allows researchers to compare their power analysis attacks under the same conditions. The latest version of DPA Contest V4.2 provides an improved software implementation of the Rotating Sbox Masking (RSM) scheme. The improved RSM combines low-entropy boolean masking with the shuffling technique to protect AES (Advanced Encryption Standard) implementation on a smart card. The improvements were designed based on the lacks that were analyzed during the previous DPA Contest V4.1. Therefore, this new implementation should resist most of the proposed attacks to the origin RSM implementation. In this article, we proposed and implemented profiling power analysis attack that aimed improved RSM implementation and is based on template attack and MLP attack (multy-layer perceptorn).

Multi-Device Authentication using Wearables and IoT

The paper presents a novel cryptographic authentication scheme that makes use of the presence of electronic devices around users. The scheme makes authentication more secure by involving devices that are usually worn by users (such as smart-watches, fitness bracelets and smart-cards) or are in their proximity (such as sensors, home appliances, etc.). In our scheme, the user private key is distributed over all personal devices thus cannot be compromised by breaking into only a single device. Furthermore, involving wearables and IoT devices makes it possible to use multiple authentication factors, such as users position, his behavior and the state of the surrounding environment. We provide the full cryptographic specification of the protocol, its formal security analysis and the implementation results in this paper.

Practical privacy-enhancing technologies

The purpose of this paper is to provide an overview of current cryptographic Privacy-Enhancing Technologies (PETs) and show practical examples of services where these technologies can be deployed. In particular, the paper covers anonymous routing protocols, privacy-enhanced authentication systems and general-purpose systems like group signatures. Besides the overview of existing cryptographic technologies and relevant use-case scenarios, we provide also practical information regarding the performance of PETs on resource-restricted devices such as smart-cards, smart-phones and microcontrollers.