Advertisement

International Journal of Information Security

, Volume 15, Issue 6, pp 637–657 | Cite as

Unpicking PLAID: a cryptographic analysis of an ISO-standards-track authentication protocol

  • Jean Paul Degabriele
  • Victoria Fehr
  • Marc Fischlin
  • Tommaso Gagliardoni
  • Felix Günther
  • Giorgia Azzurra Marson
  • Arno Mittelbach
  • Kenneth G. Paterson
Special Issue Paper
  • 214 Downloads

Abstract

The Protocol for Lightweight Authentication of Identity (PLAID) aims at secure and private authentication between a smart card and a terminal. Originally developed by a unit of the Australian Department of Human Services for physical and logical access control, PLAID has now been standardized as an Australian standard AS-5185-2010 and is currently in the fast-track standardization process for ISO/IEC 25185-1. We present a cryptographic evaluation of PLAID. As well as reporting a number of undesirable cryptographic features of the protocol, we show that the privacy properties of PLAID are significantly weaker than claimed: using a variety of techniques, we can fingerprint and then later identify cards. These techniques involve a novel application of standard statistical and data analysis techniques in cryptography. We discuss potential countermeasures to our attacks and comment on our experiences with the standardization process of PLAID.

Keywords

Protocol analysis ISO standard PLAID Authentication protocol Privacy 

Notes

Acknowledgments

We thank Pooya Farshim for his contributions during the early stages of this paper, Andrew Waterhouse for providing insights on the ISO standardization process, and the anonymous reviewers for valuable comments. Marc Fischlin is supported by the Heisenberg grants Fi 940/3-1 and Fi 940/3-2 of the German Research Foundation (DFG). Tommaso Gagliardoni and Felix Günther are supported by the German Federal Ministry of Education and Research (BMBF) within EC SPRIDE. Felix Günther and Giorgia Azzurra Marson are supported by the DFG as part of the CRC 1119 CROSSING. Giorgia Azzurra Marson and Arno Mittelbach are supported by the Hessian LOEWE excellence initiative within CASED. Kenneth G. Paterson and Jean Paul Degabriele are supported by the Engineering and Physical Sciences Research Council (EPSRC) Leadership Fellowship EP/H005455/1.

References

  1. 1.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: CRYPTO 1993, pp. 232–249. Springer Berlin, Hidelberg (1994)Google Scholar
  2. 2.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Eurocrypt 2000, pp. 139–155. Springer Berlin, Hidelberg (2000)Google Scholar
  3. 3.
    Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-privacy in public-key encryption. In: ASIACRYPT 2001, pp. 566–582. Springer Berlin, Hidelberg (2001)Google Scholar
  4. 4.
    Bhargavan, K., Fournet, C., Kohlweiss, M., Pironti, A., Strub, P.Y., Zanella Béguelin, S.: Proving the TLS handshake secure (as it is). 235–255 (2014). doi: 10.1007/978-3-662-44381-1_14
  5. 5.
    Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. 1–12 (1998)Google Scholar
  6. 6.
    Brzuska, C., Fischlin, M., Smart, N.P., Warinschi, B., Williams, S.C.: Less is more: relaxed yet composable security notions for key exchange. Int. J. Inf. Secur. 12(4), 267–297 (2013)CrossRefGoogle Scholar
  7. 7.
    Centrelink: Protocol for Lightweight Authentication of Identity (PLAID)—Logical Smartcard Implementation Specification PLAID Version 8.0—Final. http://www.humanservices.gov.au/corporate/publications-and-resources/plaid/technical-specification (2009)
  8. 8.
    Coisel, I., Martin, T.: Untangling RFID privacy models. J. Comput. Netw. Commun. doi: 10.1155/2013/710275
  9. 9.
    Dagdelen, Ö., Fischlin, M., Gagliardoni, T., Marson, G.A., Mittelbach, A., Onete, C.: A cryptographic analysis of OPACITY—(extended abstract). pp. 345–362 (2013). doi: 10.1007/978-3-642-40203-6_20
  10. 10.
    Degabriele, J.P., Fehr, V., Fischlin, M., Gagliardoni, T., Günther, F., Marson, G.A., Mittelbach, A., Paterson, K.G.: Response to “Nit-Picking PLAID AS & ISO Project Editors Report into ‘Unpicking Plaid’ ”. Cryptology ePrint Archive Forum, http://www.cryptoplexity.informatik.tu-darmstadt.de/media/crypt/pdf/plaid-editorreport-response.pdf (2014)
  11. 11.
    Degabriele, J.P., Fehr, V., Fischlin, M., Gagliardoni, T., Günther, F., Marson, G.A., Mittelbach, A., Paterson, K.G.: Unpicking PLAID—a cryptographic analysis of an ISO-standards-track authentication protocol. In: 1st International Conference on Research in Security Standardisation (SSR 2014). Springer, Lecture Notes in Computer Science, vol. 8893, pp. 1–25 (2014)Google Scholar
  12. 12.
    Degabriele, J.P., Fehr, V., Fischlin, M., Gagliardoni, T., Günther, F., Marson, G.A., Mittelbach, A., Paterson, K.G.: Unpicking PLAID—a cryptographic analysis of an ISO-standards-track authentication protocol. Cryptology ePrint Archive, Report 2014/728. http://eprint.iacr.org/ (2014)
  13. 13.
    Department of Human Services: Protocol for Lightweight Authentication of Identity (PLAID). (2014). http://www.humanservices.gov.au/corporate/publications-and-resources/plaid/
  14. 14.
    Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard). http://www.ietf.org/rfc/rfc5246.txt, updated by RFCs 5746, 5878, 6176 (2008)
  15. 15.
    Freedman, G.: Nit-Picking PLAID: AS & ISO Project Editors Report into “Unpicking Plaid”. Cryptology ePrint Archive Forum. https://dl.dropboxusercontent.com/u/41736374/UnpickingReport%20V1.pdf (2014)
  16. 16.
    Freedman, G.: Personal communication by e-mail (2014)Google Scholar
  17. 17.
    Giesen, F., Kohlar, F., Stebila, D.: On the security of TLS renegotiation. In: ACM Conference on Computer and Communications Security, pp. 387–398. ACM, New York (2013)Google Scholar
  18. 18.
    ISO: DRAFT INTERNATIONAL STANDARD ISO/IEC DIS 25185–1 Identification cards—Integrated circuit card authentication protocols—Part 1: Protocol for Lightweight Authentication of Identity. International Organization for Standardization, Geneva (2012)Google Scholar
  19. 19.
    ISO: DRAFT INTERNATIONAL STANDARD ISO/IEC DIS 25185-1.2 Identification cards—Integrated circuit card authentication protocols—Part 1: Protocol for Lightweight Authentication of Identity. International Organization for Standardization, Geneva (2014)Google Scholar
  20. 20.
    ISO: Benefits of international standards. (2015). http://www.iso.org/iso/home/standards/benefitsofstandards.htm
  21. 21.
    ISO 25185–1 Editor (2013) Disposition of comments on ISO/IEC 25185–1 Protocol for a lightweight authentication of devicesGoogle Scholar
  22. 22.
    Jager, T., Kohlar, F., Schäge, S., Schwenk, J.: On the security of TLS-DHE in the standard model. 273–293 (2012)Google Scholar
  23. 23.
    Jager, T., Schinzel, S., Somorovsky, J.: Bleichenbacher’s attack strikes again: breaking PKCS#1 v1.5 in XML encryption. 752–769 (2012)Google Scholar
  24. 24.
    Johnson, R.: Estimating the size of a population. Teach. Stat. 16(2), 50–52 (1994). http://www.mcs.sdsmt.edu/rwjohnso/html/tank.pdf
  25. 25.
    Juels, A.: RFID security and privacy: a research survey. IEEE J. Selected Areas Commun. 24(2), 381–394 (2006)MathSciNetCrossRefGoogle Scholar
  26. 26.
    Kaliski, B.: PKCS#1: RSA Encryption Version 1.5. RFC 2313 (1998)Google Scholar
  27. 27.
    Kelsey, J.: Dual EC DRBG and NIST crypto process review. In: Invited talk at the Real World Cryptography Workshop 2015, January 7–9, London (2015)Google Scholar
  28. 28.
    Kiat, K.H., Run, L.Y.: An analysis of OPACITY and PLAID protocols for contactless smart cards. Master’s thesis, Naval Postgraduate School, Monterey (2012)Google Scholar
  29. 29.
    Kline, R.: Improving contactless security is goal of emerging PLAID project. http://secureidnews.com/news-item/improving-contactless-security-is-goal-of-emerging-plaid-project/, secureIDNews (2010)
  30. 30.
    Krawczyk, H., Paterson, K.G., Wee, H.: On the security of the TLS protocol: a systematic analysis. (2013). doi: 10.1007/978-3-642-40041-4_24
  31. 31.
    Meyer, C., Somorovsky, J., Weiss, E., Schwenk, J.: Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks. In: 23rd USENIX Security Symposium (USENIX Security 14), USENIX Association, San Diego (2014). https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/meyer
  32. 32.
    National Institute of Standards and Technology: Protocol for Lightweight Authentication of Identity (PLAID) Workshop (2009). http://csrc.nist.gov/news_events/plaid-workshop/
  33. 33.
    National Institute of Standards and Technology: Cryptographic Standards and Guidelines Development Process (Second Draft). National Institute of Standards and Technology Interagency Report 7977. http://csrc.nist.gov/publications/drafts/nistir-7977/nistir_7977_second_draft.pdf (2015)
  34. 34.
    Rifà-Pous, H., Herrera-Joancomartí, J.: Computational and energy costs of cryptographic algorithms on handheld devices. Future Internet 3(1), 31–48 (2011)CrossRefGoogle Scholar
  35. 35.
    Riskybiz: Risky Business 106—Centrelink’s new PLAID auth protocol. http://risky.biz/netcasts/risky-business/risky-business-106-centrelinks-new-plaid-auth-protocol (2009)
  36. 36.
    Sakurada, H.: Security evaluation of the PLAID protocol using the ProVerif tool. http://crypto-protocol.nict.go.jp/data/eng/ISOIEC_Protocols/25185-1/25185-1_ProVerif.pdf (2013)
  37. 37.
    Sanders, T.: The Aims and Principles of Standardization. International Organization for Standardization—ISO (1972)Google Scholar
  38. 38.
    Standards Australia: AS 5185-2010 Protocol for Lightweight Authentication of IDentity (PLAID). Standards Australia (2010)Google Scholar
  39. 39.
    Taylor, J.: Centrelink ID protocol still in trial phase. http://www.zdnet.com/centrelink-id-protocol-still-in-trial-phase-1339336953/, zDNet (2012)
  40. 40.
    Vaudenay, S.: Security flaws induced by CBC padding - applications to SSL, IPSEC, WTLS. pp. 534–546 (2002)Google Scholar
  41. 41.

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  • Jean Paul Degabriele
    • 1
  • Victoria Fehr
    • 2
  • Marc Fischlin
    • 2
  • Tommaso Gagliardoni
    • 2
  • Felix Günther
    • 2
  • Giorgia Azzurra Marson
    • 2
  • Arno Mittelbach
    • 2
  • Kenneth G. Paterson
    • 1
  1. 1.Information Security Group, Royal HollowayUniversity of LondonLondonUK
  2. 2.CryptoplexityTechnische Universität DarmstadtDarmstadtGermany

Personalised recommendations