A Cryptographic Analysis of OPACITY

(Extended Abstract)
  • Özgür Dagdelen
  • Marc Fischlin
  • Tommaso Gagliardoni
  • Giorgia Azzurra Marson
  • Arno Mittelbach
  • Cristina Onete
Conference paper

DOI: 10.1007/978-3-642-40203-6_20

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8134)
Cite this paper as:
Dagdelen Ö., Fischlin M., Gagliardoni T., Marson G.A., Mittelbach A., Onete C. (2013) A Cryptographic Analysis of OPACITY. In: Crampton J., Jajodia S., Mayes K. (eds) Computer Security – ESORICS 2013. ESORICS 2013. Lecture Notes in Computer Science, vol 8134. Springer, Berlin, Heidelberg

Abstract

We take a closer look at the Open Protocol for Access Control, Identification, and Ticketing with privacY (OPACITY). This Diffie-Hellman-based protocol is supposed to provide a secure and privacy-friendly key establishment for contactless environments. It is promoted by the US Department of Defense and meanwhile available in several standards such as ISO/IEC 24727-6 and ANSI 504-1. To the best of our knowledge, so far no detailed cryptographic analysis has been publicly available. Thus, we investigate in how far the common security properties for authenticated key exchange and impersonation resistance, as well as privacy-related properties like untraceability and deniability, are met.

OPACITY is not a single protocol but, in fact, a suite consisting of two protocols, one called Zero-Key Management (ZKM) and the other one named Fully Secrecy (FS). Our results indicate that the ZKM version does not achieve even very basic security guarantees. The FS protocol, on the other hand, provides a decent level of security for key establishment. Yet, our results show that the persistent-binding steps, for re-establishing previous connections, conflict with fundamental privacy properties.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Özgür Dagdelen
    • 1
  • Marc Fischlin
    • 1
  • Tommaso Gagliardoni
    • 1
  • Giorgia Azzurra Marson
    • 1
  • Arno Mittelbach
    • 1
  • Cristina Onete
    • 1
  1. 1.Darmstadt University of TechnologyGermany

Personalised recommendations