Rolando Trujillo-Rasua

The Poulidor distance-bounding protocol

RFID authentication protocols are susceptible to different types of relay attacks such as mafia and distance frauds. A countermeasure against these types of attacks are the well-known distance-bounding protocols. These protocols are usually designed to resist to only one of these frauds, though, behave poorly when both are considered. In this paper (i) we extend the analysis of mafia and distance frauds in recently released protocols. (ii) We introduce the concept of distance-bounding protocols based on graphs while previous proposals rely on linear registers or binary trees. (iii) We propose an instance of the graph-based protocol that resists to both mafia and distance frauds without sacrificing memory. To the best of our knowledge, this protocol achieves the best trade-off between these two frauds.

Microaggregation- and permutation-based anonymization of movement data

Movement data, that is, trajectories of mobile objects, are automatically collected in huge quantities by technologies such as GPS, GSM or RFID, among others. Publishing and exploiting such data is essential to improve transportation, to understand the dynamics of the economy in a region, etc. However, there are obvious threats to the privacy of individuals if their trajectories are published in a way which allows re-identification of the individual behind a trajectory. We contribute to the literature on privacy-preserving publication of trajectories by presenting a distance measure for trajectories which naturally considers both spatial and temporal aspects of trajectories, is computable in polynomial time, and can cluster trajectories not defined over the same time span. Our distance measure can be naturally instantiated using other existing similarity measures for trajectories that are appropriate for anonymization purposes. Then, we propose two heuristics for trajectory anonymization which yield anonymized trajectories formed by fully accurate true original locations. The first heuristic is based on trajectory microaggregation using the above distance and on location permutation; it effectively achieves trajectory k-anonymity. The second heuristic is based only on location permutation; it gives up trajectory k-anonymity and aims at location k-diversity. The strong point of the second heuristic is that it takes into account reachability constraints when computing anonymized trajectories. Experimental results on a synthetic data set and a real-life data set are presented; for similar privacy protection levels and most reasonable parameter choices, our two methods offer better utility than comparable previous proposals in the literature.

A scalable RFID authentication protocol supporting ownership transfer and controlled delegation

RFID systems allow fast and automatic identification of RFID tags through a wireless channel. Information on product items like name, model, purpose, expiration date, etc., can be easily stored and retrieved from RFID tags attached to items. That is why, in the near future, RFID tags can be an active part of our everyday life when interacting with items around us. Frequently, such items may change hands during their life-cycle. Therefore, beyond RFID identification protocols, there is a need for secure and private ownership transfer protocols in RFID systems. To ensure privacy to tag owners, the keys of tags are usually updated during the ownership transfer process. However, none of the previous proposals takes advantage of this property to improve the system scalability. To the best of our knowledge, we propose the first RFID identification protocol supporting ownership transfer that is secure, private and scalable. Furthermore, our proposal achieves other valuable properties related to ownership transfer, such as controlled delegation and decentralization.

On the privacy offered by (k, δ)-anonymity

The widespread deployment of technologies with tracking capabilities, like GPS, GSM, RFID and on-line social networks, allows mass collection of spatio-temporal data about their users. As a consequence, several methods aimed at anonymizing spatio-temporal data before their publication have been proposed in recent years. Such methods are based on a number of underlying privacy models. Among these models, (k,@d)-anonymity claims to extend the widely used k-anonymity concept by exploiting the spatial uncertainty @d>=0 in the trajectory recording process. In this paper, we prove that, for any @d>0 (that is, whenever there is actual uncertainty), (k,@d)-anonymity does not offer trajectory k-anonymity, that is, it does not hide an original trajectory in a set of k indistinguishable anonymized trajectories. Hence, the methods based on (k,@d)-anonymity, like Never Walk Alone (NWA) and Wait For Me (W4M) can offer trajectory k-anonymity only when @d=0 (no uncertainty). Thus, the idea of exploiting the recording uncertainty @d to achieve trajectory k-anonymity with information loss inversely proportional to @d turns out to be flawed.

Privacy-preserving publication of trajectories using microaggregation

Huge amounts of movement data are automatically collected by technologies such as GPS, GSM, RFID, etc. Publishing such data is essential to improve transportation, to understand the dynamics of the economy in a region, etc. However, there are obvious threats to the privacy of individuals if their trajectories are published in a way which allows reidentification of the individual behind a trajectory. We contribute to the literature on privacy-preserving publication of trajectories by presenting: i) a distance measure for trajectories which naturally considers both spatial and temporal aspects of trajectories, is computable in polynomial time, and can cluster trajectories not defined over the same time span (something that previously proposed methods could not do); ii) a method to replace a cluster of trajectories by synthetic data that preserve all the visited locations and the number of original trajectories, among other features; iii) a comparison of our method with (k, Δ)-anonymity [1] using trajectories generated by the Brinkhoffs generator [4] in the city of Oldenburg.

Attack Trees for Practical Security Assessment: Ranking of Attack Scenarios with ADTool 2.0

In this tool demonstration paper we present the ADTool2.0: an open-source software tool for design, manipulation and analysis of attack trees. The tool supports ranking of attack scenarios based on quantitative attributes entered by the user; it is scriptable; and it incorporates attack trees with sequential conjunctive refinement.

Efficient probabilistic communication protocol for the private identification of RFID tags by means of collaborative readers

There is a need for efficient communication protocols that allow the private and scalable deployment of RFID systems with a large number of tags. In this paper, we leverage the idea of using distributed, collaborative readers to identify RFID tags and propose a new probabilistic communication protocol for those readers to privately identify RFID tags more efficiently in terms of computational cost and bandwidth usage. Our protocol, which is based on hash-locks, allows readers to exchange information so as to reduce the amount of tag IDs stored in their caches. Consequently, our proposal improves the scalability of the system, and allows the easy management of large amounts of tags. We provide simulation results showing that our proposal is more efficient and flexible than previous ones in terms of computational cost and bandwidth usage.

Using Attack-Defense Trees to Analyze Threats and Countermeasures in an ATM: A Case Study

Securing automated teller machines (ATMs), as critical and complex infrastructure, requires a precise understanding of the associated threats. This paper reports on the application of attack-defense trees to model and analyze the security of ATMs. We capture the most dangerous multi-stage attack scenarios applicable to ATM structures, and establish a practical experience report, where we reflect on the process of modeling ATM threats via attack-defense trees. In particular, we share our insights into the benefits and drawbacks of attack-defense tree modeling, as well as best practices and lessons learned.

Distance bounding facing both mafia and distance frauds

Contactless technologies such as radio-frequency identification, near field communication, and sensor networks are vulnerable to mafia and distance fraud. These types of fraud are aimed at successfully passing an authentication protocol by cheating on the actual distance between the prover and the verifier. Distance-bounding protocols have been designed to cope with these security issues, but none of them properly resist these two types of fraud without requiring additional memory and computation. The situation is even worse considering that just a few distance-bounding protocols are able to deal with the inherent background noise on the communication channels. This paper introduces a noise-resilient distance-bounding protocol that resists both mafia and distance fraud. The security of the protocol is analyzed against known attacks and illustrated by experimental results. The results demonstrate the significant advantage of the introduced lightweight design over previous proposals.

Comparing distance bounding protocols

Distance bounding protocols are security countermeasures designed to thwart relay attacks. Such attacks consist in relaying messages exchanged between two parties, making them believe they communicate directly with each other. Although distance bounding protocols have existed since the early 1990s, this research topic resurrected with the deployment of contactless systems, against which relay attacks are particularly impactful. Given the impressive number of distance bounding protocols that are designed every year, it becomes urgent to provide researchers and engineers with a methodology to fairly compare the protocols in spite of their various properties. This paper introduces such a methodology based on concepts from the decision making field. The methodology allows for a multi-criteria comparison of distance bounding protocols, thereby identifying the most appropriate protocols once the context is provided. As a side effect, this paper clearly identifies the protocols that should no longer be considered, regardless of the considered scenario.