Project topics and materials
Get Complete Project Material File(s) Now! »
Game-based Security
The security model is defined in terms of an adversarial goal that specifies the security requirements, and an attack model that defines the adversary’s capabilities. The security model is then formalized using an interactive security game that is played between a polynomial-time adversary A and a challenger C. The challenger C controls a set of oracles that simulate all the computation required by the adversary A during the security game. In general, a security game consists of two main phases:
• Learning phase: Adversary A is allowed to make a polynomial number of queries to the oracles controlled by C.
• Challenge phase: Adversary A is asked to perform a particular action determined by an adversarial goal that is specified beforehand. The adversary is said to win the game, if he achieves his adversarial goal.
Proving that some cryptographic scheme is secure is done by showing that if there is an adversary A who wins the security game, then this adversary A can be transformed in polynomial-time into an adversary B that solves some known hard problem. The transformation is performed by simulating the attack environment of adversary A using the input of the hard problem to be solved, with the restriction that it should be computationally infeasible for adversary A to distinguish between the simulated environment and the real world environment.
Simulation-based Security
Simulation-based security (69, 70) deals with formulating the intuitive requirement that an adversary A must“gain nothing”when he is maliciously executing some cryptographic scheme. This paradigm states that an adversary “gains nothing” if whatever he learns by deviating from the prescribed honest behavior can also be learned in an “ideal model” (69), in which the cryptographic scheme is replaced with an ideal scheme. The ideal model in this paradigm captures the security requirements that the cryptographic scheme has to fulfill. Now, to prove that a scheme is secure with respect to the simulation-based security paradigm, one shows that there exists a polynomial transformation of any adversary A against the scheme in the real model into an adversary B against the ideal scheme.
Cryptographic Primitives
we describe herein the cryptographic primitives – and their related security definitions – that we will refer to in this thesis either to review previous work or to build our cryptographic protocols.
Cryptographic Hash Functions
A cryptographic hash function is a deterministic algorithm that maps a variable-length input string called preimage into a fixed length output string called hash, such that any slight change to the input results in a different output. Thus, if two input strings have the same hash, then this implies that they are identical with an overwhelming probability. A property holds with an overwhelming probability, if it holds with a probability larger than 1 − ǫ(τ ), where ǫ is a negligible function and τ is the security parameter.
Table of contents :
List of Figures
List of Tables
Papers Published during PhD
1 Introduction
2 Cryptography Fundamentals
2.1 Provable Security
2.1.1 Game-based Security
2.1.2 Simulation-based Security
2.2 Cryptographic Primitives
2.2.1 Cryptographic Hash Functions
2.2.1.1 Hash Functions and The Random Oracle Model
2.2.2 Pseudo-random Generators
2.2.3 Pseudo-random Function Family
2.2.4 Message Authentication Codes
2.2.5 Encryption
2.2.6 Digital Signatures
2.3 Elliptic Curve Cryptography
2.3.1 Elliptic curves
2.3.2 Elliptic Curves over Finite Fields
2.3.2.1 Elliptic Curve Discrete Logarithm Problem
2.3.2.2 Elliptic Curve Diffie-Hellman Problems
2.3.3 Bilinear Pairings
2.3.4 Bilinear Diffie-Hellman Problems
2.4 Summary
I From RFID Authentication to Privacy Preserving Supply Chain Man- agement
3 RFID Security and Privacy
3.1 RFID Fundamentals
3.1.1 RFID Tags
3.1.2 RFID Readers and Backend Systems
3.1.3 RFID Applications
3.1.4 Security and Privacy Threats
3.1.4.1 Security Threats
3.1.4.2 Privacy Threats
3.2 RFID Security and Privacy
3.2.1 Definitions
3.2.2 Security
3.2.2.1 Completeness
3.2.2.2 Soundness
3.2.3 Privacy
3.2.3.1 Indistinguishability-based Privacy
3.2.3.2 Unpredictability-based Privacy
3.2.3.3 Simulator-based Privacy
3.3 RFID Authentication Protocols
3.3.1 Lightweight Authentication
3.3.1.1 The HB Protocols
3.3.1.2 The Ff Protocol
3.3.2 Authentication based on Symmetric Primitives
3.3.3 Authentication based on Asymmetric Primitives
3.3.4 Physical Layer Techniques
3.3.4.1 Channel Impairment-based Protocols
3.3.4.2 Protocols based on PUF
3.4 On the Limitations of Tag Privacy
3.5 Summary
II Multi-party Protocols for RFID-enabled Supply Chains
4 RFID-based Ownership Transfer with Issuer Verification
4.1 Introduction
4.2 Background
4.2.1 Entities
4.2.2 RFID Ownership Transfer with Issuer Verification
4.2.3 Problem Statement
4.3 Adversary Model
4.3.1 Privacy
4.3.1.1 Forward Unlinkability
4.3.1.2 Backward Unlinkability
4.3.2 Security
4.3.2.1 Mutual Authentication
4.3.2.2 Exclusive Ownership
4.3.2.3 Issuer Verification
4.4 ROTIV
4.4.1 Preliminaries
4.4.1.1 Short Signature
4.4.1.2 Elliptic Curve Elgamal Cryptosystem
4.4.2 Protocol Overview
4.4.3 Protocol Description
4.4.3.1 Setup
4.4.3.2 Tag Initialization
4.4.3.3 Authentication Protocol
4.4.3.4 Ownership Transfer Protocol
4.5 Privacy Analysis
4.5.1 Forward Unlinkability
4.5.2 Backward Unlinkability
4.6 Security Analysis
4.6.1 Secure Authentication
4.6.2 Exclusive Ownership
4.6.3 Issuer Verification Security
4.7 Related Work
4.8 Summary
5 RFID-based Product Tracking in Supply Chains
5.1 Introduction
5.2 Notations
5.2.1 Entities
5.2.2 Supply Chain
5.2.3 A Tracking System
5.3 Adversary Model
5.3.1 Security
5.3.1.1 Completeness
5.3.1.2 Soundness
5.3.2 Privacy
5.4 TRACKER: Product Tracking by a Trusted Party
5.4.1 Path Encoding
5.4.2 Path Signature
5.4.2.1 Reader Computation
5.4.2.2 Tag State Decoding
5.4.3 TRACKER
5.4.4 Security Analysis
5.4.5 Privacy Analysis
5.4.6 Evaluation
5.5 CHECKER: On-site Checking in Supply Chains
5.5.1 Overview
5.5.2 CHECKER
5.5.2.1 Cramer-Shoup Encryption
5.5.2.2 Protocol Description
5.5.3 Security Analysis
5.5.4 Privacy Analysis
5.5.5 Evaluation
5.6 Related Work
5.7 Summary
6 RFID-based Item Matching in Supply Chains
6.1 Introduction
6.2 Preliminaries
6.2.1 Problem Statement
6.2.2 T-MATCH’s Setup
6.3 Adversary Models
6.3.1 Security
6.3.1.1 Completeness
6.3.1.2 Soundness
6.3.2 Privacy
6.3.2.1 Privacy against Readers and Backend Server
6.3.2.2 Privacy against Outsiders
6.4 Protocol
6.4.1 Tools
6.4.1.1 Boneh-Goh-Nissim (BGN) Cryptosystem
6.4.1.2 Attribute Encoding
6.4.2 T-MATCH Overview
6.4.3 Protocol Description
6.4.3.1 System Setup
6.4.3.2 Tag Initialization
6.4.3.3 Tag Matching
6.5 Security Analysis
6.5.1 Completeness
6.5.2 Soundness
6.6 Privacy Analysis
6.6.1 Privacy against Readers and the Backend Server
6.6.2 Privacy against Outsiders
6.7 Evaluation
6.8 Related Work
6.9 Summary
7 Conclusion and Future Work
7.1 Summary
7.1.1 Tag Ownership Transfer
7.1.2 Product Tracking
7.1.3 Item Matching
7.2 Future Work
A Resistance to Forgery of Matching References
B R´esum´e
B.1 S´ecurit´e et la Vie Priv´ee des Syst`emes RFID
B.1.1 Syst`emes RFID
B.1.1.1 Tags RFID
B.1.1.2 Lecteurs RFID et Syst`emes Backend
B.1.2 Applications RFID
B.1.3 Menaces de S´ecurit´e et de la Vie Priv´ee
B.1.3.1 Menaces de S´ecurit´e
B.1.3.2 Menaces de la Vie Priv´ee
B.1.4 Limitations de la S´ecurit´e et de la Vie Priv´ee des Syst`emes RFID
B.2 Protocoles Cryptographiques pour les Chaˆınes d’Approvisionnement ´Equip´ees de Tags RFID
B.2.1 Transfert de Propri´et´e avec V´erification d’Authenticit´e
B.2.1.1 Aper¸cu de ROTIV
B.2.1.2 Contributions
B.2.2 V´erification d’Authenticit´e de Produits dans la Chaˆıne d’Approvisionnement
B.2.2.1 Aper¸cu de Tracker
B.2.2.2 Aper¸cu de Checker
B.2.2.3 Contributions
B.2.3 Appariement de Produits dans la Chaˆıne d’Approvisionnement
B.2.3.1 Aper¸cu de T-MATCH
B.2.3.2 Contributions
B.3 Conclusion
Bibliography
