Ton van Deursen

Untraceability of RFID protocols

We give an intuitive formal definition of untraceability inthe standard Dolev-Yao intruder model, inspired by existing definitionsof anonymity. We show how to verify whether communication protocolssatisfy the untraceability property and apply our methods to knownRFID protocols. We show a previously unknown attack on a publishedRFID protocol and use our framework to prove that the protocol is notuntraceable.

Algebraic Attacks on RFID Protocols

This work aims to identify the algebraic problems which enable many attacks on RFID protocols. Toward this goal, three emerging types of attacks on RFID protocols, concerning authentication, untraceability, and secrecy are discussed. We demonstrate the types of attacks by exhibiting previously unpublished vulnerabilities in several protocols and referring to various other flawed protocols. The common theme in these attacks is the fact that the algebraic properties of operators employed by the protocols are abused. While the methodology is applicable to any operator with algebraic properties, the protocols considered in this paper make use of xor , modular addition, and elliptic curve point addition.

Secure ownership and ownership transfer in RFID systems

We present a formal model for stateful security protocols. This model is used to define ownership and ownership transfer as concepts as well as security properties. These definitions are based on an intuitive notion of ownership related to physical ownership. They are aimed at RFID systems, but should be applicable to any scenario sharing the same intuition of ownership. We discuss the connection between ownership and the notion of desynchronization resistance and give the first formal definition of the latter. We apply our definitions to existing RFID protocols, exhibiting attacks on desynchronization resistance, secure ownership, and secure ownership transfer.

Hedaquin: A Reputation-based Health Data Quality Indicator

A number of applications based on personal health records (PHRs) are emerging in the field of health care and wellness. PHRs empower patients by giving them control over their health data. Health data for PHRs can be supplied by patients, wellness providers and health care providers. Health care providers may use the PHRs to provide medical care. Unfortunately, the quality of the health data cannot be guaranteed in all cases (e.g. consider cases where non-professionals such as patients and wellness providers supplied the data). To address this problem, we present in this paper Hedaquin, a system that provides health care professionals with an indication of the quality of health data in a PHR. This indication is based on the reputation of the supplier and on metadata provided by measurement devices. The proposed reputation system mimics the way trust in health data and their suppliers is built in the real world. Hedaquin uses the Beta reputation system as a starting point and extends it in several directions to cover specific PHR requirements. Firstly, Hedaquin supports the automatic calculation of a rating based on a repeated measurement. Secondly, certificates for the user such as diplomas are taken into account. Thirdly, Hedaquin calculates reputation for different scopes in order to discriminate among different tasks the suppliers of health data can perform. Finally, the time difference between the ratings and the calculation of the reputation influences the weight that is given to a rating.

On a new formal proof model for RFID location privacy

We discuss a recently proposed formal proof model for RFID location privacy. We show that protocols which intuitively and in several other models are considered not to be location private, are provably location private in this model. Conversely, we also show that protocols which obviously are location private, are not considered location private in this model. Specifically, we prove a protocol in which every tag transmits the same constant message to not be location private in the proposed model. Then we prove a protocol in which a tags identity is transmitted in clear text to be weakly location private in the model.

EC-RAC: enriching a capacious RFID attack collection

We demonstrate two classes of attacks on EC-RAC, a growing set of RFID protocols. Our first class of attacks concerns the compositional approach used to construct a particular revision of EC-RAC. We invalidate the authentication and privacy claims made for that revision. We discuss the significance of the fact that RFID privacy is not compositional in general. Our second class of attacks applies to all versions of EC-RAC and reveals hitherto unknown vulnerabilities in the latest version of EC-RAC. It is a general man-in-the-middle attack executable by a weak adversary. We show a general construction for improving narrow-weak private protocols to wide-weak private protocols and indicate specific improvements for the flaws of EC-RAC exhibited in this document.

Insider attacks and privacy of RFID protocols

We discuss insider attacks on RFID protocols with a focus on RFID tag privacy and demonstrate such attacks on published RFID protocols. In particular, we show attacks on a challenge-response protocol with IND-CCA1 encryption and on the randomized hashed GPS protocol. We then show that IND-CCA2 encryption can be used to prevent insider attacks and present a protocol secure against insider attacks. The protocol is based solely on elliptic-curve operations.

Improving Automatic Verification of Security Protocols with XOR

Kusters and Truderung recently proposed an automatic verification method for security protocols with exclusive or (XOR). Their method reduces protocols with XOR to their XOR-free equivalents, enabling efficient verification by tools such as ProVerif. Although the proposed method works efficiently for verifying secrecy, verification of authentication properties is inefficient and sometimes impossible. In this paper, we improve the work by Kusters and Truderung in two ways. First, we extend their method for authentication verification to a richer class of XOR-protocols by automatically introducing bounded verification. Second, we improve the efficiency of their approach by developing a number of dedicated optimizations. We show the applicability of our work by implementing a prototype and applying it to both existing benchmarks and RFID protocols. The experiments show promising results and uncover a flaw in a recently proposed RFID protocol.

50 Ways to Break RFID Privacy

We present a taxonomy of attacks on user untraceability in RFID systems. In particular, we consider RFID systems in terms of a layered model comprising a physical layer, a communication layer, and an application layer. We classify the attacks on untraceability according to their layer and discuss their applicability.