Raphael C.-W. Phan

Facial Expression Recognition in the Encrypted Domain Based on Local Fisher Discriminant Analysis

Facial expression recognition forms a critical capability desired by human-interacting systems that aim to be responsive to variations in the humans emotional state. Recent trends toward cloud computing and outsourcing has led to the requirement for facial expression recognition to be performed remotely by potentially untrusted servers. This paper presents a system that addresses the challenge of performing facial expression recognition when the test image is in the encrypted domain. More specifically, to the best of our knowledge, this is the first known result that performs facial expression recognition in the encrypted domain. Such a system solves the problem of needing to trust servers since the test image for facial expression recognition can remain in encrypted form at all times without needing any decryption, even during the expression recognition process. Our experimental results on popular JAFFE and MUG facial expression databases demonstrate that recognition rate of up to 95.24 percent can be achieved even in the encrypted domain.

Cryptanalysis of a New Ultralightweight RFID Authentication Protocol—SASI

Since RFID tags are ubiquitous and at times even oblivious to the human user, all modern RFID protocols are designed to resist tracking so that the location privacy of the human RFID user is not violated. Another design criterion for RFIDs is the low computational effort required for tags, in view that most tags are passive devices that derive power from an RFID readers signals. Along this vein, a class of ultralightweight RFID authentication protocols has been designed, which uses only the most basic bitwise and arithmetic operations like exclusive-OR, OR, addition, rotation, and so forth. In this paper, we analyze the security of the SASI protocol, a recently proposed ultralightweight RFID protocol with better claimed security than earlier protocols. We show that SASI does not achieve resistance to tracking, which is one of its design objectives.

Impossible differential cryptanalysis of 7-round advanced encryption standard (AES)

In 2000, Biham and Keller [Cryptanalysis of reduced variants of Rijndael, 3rd AES Conference, in press] presented an impossible differential cryptanalysis of the Advanced Encryption Standard (AES) up to 5 rounds. This was later improved in 2001 by Cheon et al. [Improved impossible differential cryptanalysis of Rijndael and Crypton, in: Lecture Notes in Comput. Sci., vol. 2288, Springer-Verlag, Berlin, 2001, pp. 39-49] to apply to 6 rounds of the AES. In this paper, we extend on previous results to present an attack on the AES up to 7 rounds. This is the best-known impossible differential attack on the AES, and works by exploiting weaknesses in the AES key schedule.

Privacy of recent RFID authentication protocols

Privacy is a major concern in RFID systems, especially with widespread deployment of wireless-enabled interconnected personal devices e.g. PDAs and mobile phones, credit cards, e-passports, even clothing and tires. An RFID authentication protocol should not only allow a legitimate reader to authenticate a tag but it should also protect the privacy of the tag against unauthorized tracing: an adversary should not be able to get any useful information about the tag for tracking or discovering the tags identity. In this paper, we analyze the privacy of some recently proposed RFID authentication protocols (2006 and 2007) and show attacks on them that compromise their privacy. Our attacks consider the simplest adversaries that do not corrupt nor open the tags. We describe our attacks against a general untraceability model; from experience we view this endeavour as a good practice to keep in mind when designing and analyzing security protocols.

Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)

Password-authenticated key exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Lu and Cao proposed a three-party password-authenticated key exchange protocol, so called S-3PAKE, based on ideas of the Abdalla and Pointcheval two-party SPAKE extended to three parties. S-3PAKE can be seen to have a structure alternative to that of another three-party PAKE protocol (3PAKE) by Abdalla and Pointcheval. Furthermore, a simple improvement to S-3PAKE was proposed very recently by Chung and Ku to resist the kind of attacks that applied to earlier versions of 3PAKE. In this paper, we show that S-3PAKE falls to unknown key-share attacks by any other client, and undetectable online dictionary attacks by any adversary. The latter attack equally applies to the recently improved S-3PAKE. Indeed, the provable security approach should be taken when designing PAKEs; and furthermore our results highlight that extra cautions still be exercised when defining models and constructing proofs in this direction.

Traceable privacy of recent provably-secure RFID protocols

One of the main challenges in RFIDs is the design of privacy-preserving authentication protocols. Indeed, such protocols should not only allow legitimate readers to authenticate tags but also protect these latter from privacy-violating attacks, ensuring their anonymity and untraceability: an adversary should not be able to get any information that would reveal the identity of a tag or would be used for tracing it. In this paper, we analyze some recently proposed RFID authentication protocols that came with provable security flavours. Our results are the first known privacy cryptanalysis of the protocols.

Distinguishers for Ciphers and Known Key Attack against Rijndael with Large Blocks

Knudsen and Rijmen introduced the notion of known-key distinguishers in an effort to view block cipher security from an alternative perspective e.g. a block cipher viewed as a primitive underlying some other cryptographic construction such as a hash function; and applied this new concept to construct a 7-round distinguisher for the AES and a 7-round Feistel cipher. In this paper, we give a natural formalization to capture this notion, and present new distinguishers that we then use to construct known-key distinguishers for Rijndael with Large Blocks up to 7 and 8 rounds.

Cryptanalysis of two anonymous buyer-seller watermarking protocols and an improvement for true anonymity

By combining techniques of watermarking and fingerprinting, a sound buyer-seller watermarking protocol can address the issue of copyright protection in e-commerce. In this paper, we analyze the security of two recent anonymous buyer-seller watermarking protocols proposed by Ju et. al and Choi et. al respectively, and prove that they do not provide the features and security as claimed. In particular, we show that i) the commutative cryptosystem used in Choi et. al’s protocol fails to prevent the watermark certification authority (WCA) from discovering the watermark (fingerprint) chosen by the buyer; ii) for both protocols, the seller can discover the watermark chosen by the buyer if he colludes with the WCA. Hence, these protocols cannot guard against conspiracy attacks. We further show that these protocols only provide “partial” anonymity, ie. the buyer’s anonymity is guaranteed only if WCA is honest. Our results suggest that the security of these protocols must assume the honesty of WCA, contrary to the designers’ original claim. Finally, we propose a new anonymous buyer-seller watermarking protocol which is more secure and efficient, and provides true anonymity.

Cryptanalysis of an improved client-to-client password-authenticated key exchange (C2C-PAKE) scheme

Password-Authenticated Key Establishment (PAKE) protocols allow two parties, to share common secret keys in an authentic manner based on an easily memorizable password. At ICCSA 2004, an improved PAKE protocol between two clients of different realms was proposed that was claimed to be secure against attacks including the replay attack. In this paper, we cryptanalyze this protocol by showing two replay attacks that allow an attacker to falsely share a secret key with a legal client.

Providing Security in 4G Systems: Unveiling the Challenges

Several research groups are working on designing new security architectures for 4G networks such as Hokey and Y-Comm. Since designing an efficient security module requires a clear identification of potential threats, this paper attempts to outline the security challenges in 4G networks. A good way to achieve this is by investigating the possibility of extending current security mechanisms to 4G networks. Therefore, this paper uses the X.805 standard to investigate the possibility of implementing the 3G’s Authentication and Key Agreement (AKA) protocol in a 4G communication framework such as YComm. The results show that due to the fact that 4G is an open, heterogeneous and IP-based environment, it will suffer from new security threats as well as inherent ones. In order to address these threats without affecting 4G dynamics, Y-Comm proposes an integrated security module to protect data and security models to target security on different entities and hence protecting not only the data but, also resources, servers and users.