Journal of Cryptology

, Volume 4, Issue 3, pp 175–183 | Cite as

Secure implementation of identification systems

  • Samy Bengio
  • Gilles Brassard
  • Yvo G. Desmedt
  • Claude Goutier
  • Jean-Jacques Quisquater
Article

Abstract

In this paper we demonstrate that widely known identification systems, such as the public-file-based Feige-Fiat-Shamir scheme, can be insecure if proper care is not taken with their implementation. We suggest possible solutions. On the other hand, identity-based versions of the Feige-Fiat-Shamir scheme are conceptually more complicated than necessary.

Key words

Authentication Digital signature EFT Fake equipment Faraday cage Fraud Identification Identity card Zero-knowledge 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    S. Bengio, G. Brassard, Y. G. Desmedt, C. Goutier, and J.-J. Quisquater, “Aspects and Importance of Secure Implementations of Identification Systems,” Manuscript M209, Philips Research Laboratory, Brussels, May 1987; revision available from the authors.Google Scholar
  2. [2]
    T. Beth and Y. Desmedt, “Identification tokensor: Solving the chess grandmaster problem,” Proceedings of Crypto '90, Santa Barbara, California, August 1990, Lecture Notes in Computer Science, Springer-Verlag, Berlin, to appear.Google Scholar
  3. [3]
    G. Brassard, “How to improve signature schemes,” Proceedings of Eurocrypt '89, Houthalen, Belgium, April 1989, Lecture Notes in Computer Science, Vol. 434, Springer-Verlag, Berlin, pp. 16–22.Google Scholar
  4. [4]
    M. V. D. Burmester and Y. G. Desmedt, “Remarks on the soundness of proofs,” Electronics Letters, 25(22) (1989), 1509–1511.Google Scholar
  5. [5]
    J. H. Conway, On Numbers and Games, Academic Press, London, 1976.Google Scholar
  6. [6]
    Y. Desmedt, “Major security problems with the ‘unforgeable’ (Feige-)Fiat-Shamir proofs of identity and how to overcome them,” Proceedings of Securicom 88, Paris, March 1988, pp. 147–159.Google Scholar
  7. [7]
    Y. Desmedt, C. Goutier, and S. Bengio, “Special uses and abuses of the Fiat-Shamir passport protocol,” Proceedings of Crypto '87, Santa Barbara, California, August 1987, Lecture Notes in Computer Science, Vol. 293, Springer-Verlag, Berlin, pp. 21–39.Google Scholar
  8. [8]
    Y. Desmedt and J.-J. Quisquater, “Public-key systems based on the difficulty of tampering (Is there a difference between DES and RSA?),” Proceedings of Crypto '86, Santa Barbara, California, August 1986, Lecture Notes in Computer Science, Vol. 263, Springer-Verlag, Berlin, pp. 111–117.Google Scholar
  9. [9]
    U. Feige, A. Fiat, and A. Shamir, “Zero knowledge proofs of identity,” Proceedings of 19th ACM Symposium on Theory of Computing, New York, May 1987, pp. 210–217.Google Scholar
  10. [10]
    U. Feige, A. Fiat, and A. Shamir, “Zero-knowledge proofs of identity,” Journal of Cryptology, 1(2) (1988), 77–94.Google Scholar
  11. [11]
    A. Fiat and A. Shamir, “How to prove yourself: Practical solutions to identification and signature problems,” Proceedings of Crypto '86, Santa Barbara, California, August 1986, Lecture Notes in Computer Science, Vol. 263, Springer-Verlag, Berlin, pp. 186–194.Google Scholar
  12. [12]
    A. Fiat and A. Shamir, “Unforgeable proofs of identity,” Proceedings of Securicom 87, Paris, March 1987, pp. 147–153.Google Scholar
  13. [13]
    J. Gleick, “A new approach to protecting secrets is discovered,” New York Times, pp. C1 and C3, February 18, 1987.Google Scholar
  14. [14]
    S. Goldwasser, S. Micali, and C. Rackoff, “The knowledge complexily of interactive proof systems,” SIAM Journal on Computing, 18 (1989), 186–208.Google Scholar
  15. [15]
    S. Goldwasser, S. Micali, and R. Rivest, “A digital signature scheme secure against adaptive chosen-message attacks,” SIAM Journal on Computing, 17(2) (1988), 77–94.Google Scholar
  16. [16]
    B. W. Lampson, “A note on the confinement problem,” Communications of the ACM, 16(10) (1973), 613–615.Google Scholar
  17. [17]
    P. D. Merillat, “Secure stand-along positive personnel identity verification system (SSA-PPIV),” Technical Report SAND79-0070, Sandia National Laboratories, March 1979.Google Scholar
  18. [18]
    M. O. Rabin, “Digital signatures and public-key functions as intractable as factorization,” Technical Report MIT/LCS/TR-212, Massachusetts Institute of Technology, 1979.Google Scholar
  19. [19]
    J. Saltzer, “On digital signalures,” ACM Operating Systems Review, 12(2) (1978), 12–14.Google Scholar
  20. [20]
    A. Shamir, “Interactive identification”, Presented at the Workshop on Algorithms, Randomness and Complexity, Centre International de Rencontres Mathématiques (CIRM), Luminy, Marseille, March 1986.Google Scholar
  21. [21]
    A. Shamir, “The search for provably secure identification schemes,” Proceedings of the International Congress of Mathematicians, ICM 86, Berkeley, California, August 1986, pp. 1488–1495.Google Scholar
  22. [22]
    G. J. Simmons, “The prisoners' problem and the subliminal channel,” Proceedings of Crypto '83, Santa Barbara, California, August 1983, Plenum, New York, pp. 51–67.Google Scholar
  23. [23]
    G. J. Simmons, “A system for verifying user identity and authorization at the point-of-sale or access,” Cryptologia, 8(1) (1984), 1–21.Google Scholar
  24. [24]
    Webster's Third New International Dictionary of the English Language (Unabridged), Merriam, Springfield, Massachusetts, 1971.Google Scholar
  25. [25]
    R. Zelazny, Unicorn Variations, The Amber Corporation, 1982, reprinted by Avon Books, New York, 1987.Google Scholar

Copyright information

© Springer-Verlag New York Inc. 1991

Authors and Affiliations

  • Samy Bengio
    • 1
  • Gilles Brassard
    • 1
  • Yvo G. Desmedt
    • 2
  • Claude Goutier
    • 3
  • Jean-Jacques Quisquater
    • 4
  1. 1.Département IROUniversité de MontréalMontréalCanada
  2. 2.Department of EE & CSUniversity of Wisconsin-MilwaukeeMilwaukeeUSA
  3. 3.Centre de calcul, Université de MontréalMontréalCanada
  4. 4.Département de Génie électrique (FAI)Université de LouvainLouvain-la-NeuveBelgium

Personalised recommendations