Unpicking PLAID

A Cryptographic Analysis of an ISO-Standards-Track Authentication Protocol
  • Jean Paul Degabriele
  • Victoria Fehr
  • Marc Fischlin
  • Tommaso Gagliardoni
  • Felix Günther
  • Giorgia Azzurra Marson
  • Arno Mittelbach
  • Kenneth G. Paterson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8893)

Abstract

The Protocol for Lightweight Authentication of Identity (PLAID) aims at secure and private authentication between a smart card and a terminal. Originally developed by a unit of the Australian Department of Human Services for physical and logical access control, PLAID has now been standardized as an Australian standard AS-5185-2010 and is currently in the fast track standardization process for ISO/IEC 25185-1.2. We present a cryptographic evaluation of PLAID. As well as reporting a number of undesirable cryptographic features of the protocol, we show that the privacy properties of PLAID are significantly weaker than claimed: using a variety of techniques we can fingerprint and then later identify cards. These techniques involve a novel application of standard statistical and data analysis techniques in cryptography. We also discuss countermeasures to our attacks.

Keywords

Protocol analysis ISO standard PLAID authentication protocol privacy 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Standards Australia: AS 5185-2010 Protocol for Lightweight Authentication of IDentity (PLAID). Standards Australia (2010)Google Scholar
  2. 2.
    Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-privacy in public-key encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 566–582. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  5. 5.
    Bhargavan, K., Fournet, C., Kohlweiss, M., Pironti, A., Strub, P.-Y., Zanella-Béguelin, S.: Proving the TLS Handshake Secure (as it is). In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 235–255. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  6. 6.
    Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  7. 7.
    Brzuska, C., Fischlin, M., Smart, N.P., Warinschi, B., Williams, S.C.: Less is more: relaxed yet composable security notions for key exchange. Int. J. Inf. Sec. 12(4), 267–297 (2013)CrossRefGoogle Scholar
  8. 8.
    Centrelink: Protocol for Lightweight Authentication of Identity (PLAID) — Logical Smartcard Implementation Specification PLAID Version 8.0 - Final (December 2009), http://www.humanservices.gov.au/corporate/publications-and-resources/plaid/technical-specification
  9. 9.
    Dagdelen, Ö., Fischlin, M., Gagliardoni, T., Marson, G.A., Mittelbach, A., Onete, C.: A cryptographic analysis of OPACITY (extended abstract). In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 345–362. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  10. 10.
    Department of Human Services: Protocol for Lightweight Authentication of Identity, PLAID (2014), http://www.humanservices.gov.au/corporate/publications-and-resources/plaid/
  11. 11.
    Freedman, G.: Personal communication by e-mail (July 2014)Google Scholar
  12. 12.
    Giesen, F., Kohlar, F., Stebila, D.: On the security of TLS renegotiation. In: Sadeghi, A.R., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 387–398. ACM Press (November 2013)Google Scholar
  13. 13.
    ISO: Draft International Standard ISO/IEC DIS 25185-1 Identification cards — Integrated circuit card authentication protocols — Part 1: Protocol for Lightweight Authentication of Identity. International Organization for Standardization, Geneva, Switzerland (2013)Google Scholar
  14. 14.
    ISO: Draft International Standard ISO/IEC DIS 25185-1.2 Identification cards — Integrated circuit card authentication protocols — Part 1: Protocol for Lightweight Authentication of Identity. International Organization for Standardization, Geneva, Switzerland (2014)Google Scholar
  15. 15.
    Jager, T., Kohlar, F., Schäge, S., Schwenk, J.: On the security of TLS-DHE in the standard model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 273–293. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  16. 16.
    Jager, T., Schinzel, S., Somorovsky, J.: Bleichenbacher’s attack strikes again: Breaking PKCS#1 v1.5 in XML encryption. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 752–769. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  17. 17.
    Johnson, R.: Estimating the size of a population. Teaching Statistics 16(2), 50–52 (1994), http://www.mcs.sdsmt.edu/rwjohnso/html/tank.pdf CrossRefGoogle Scholar
  18. 18.
    Kiat, K.H., Run, L.Y.: An Analysis of OPACITY and PLAID Protocols for Contactless Smart Cards. Master’s thesis, Naval Postgraduate School, Monterey, CA, USA (September 2012)Google Scholar
  19. 19.
    Kline, R.: Improving contactless security is goal of emerging PLAID project, secureIDNews (January 2010), http://secureidnews.com/news-item/improving-contactless-security-is-goal-of-emerging-plaid-project/
  20. 20.
    Krawczyk, H., Paterson, K.G., Wee, H.: On the security of the TLS protocol: A systematic analysis. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 429–448. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  21. 21.
    Meyer, C., Somorovsky, J., Weiss, E., Schwenk, J.: Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks. In: 23rd USENIX Security Symposium (USENIX Security 2014). USENIX Association, San Diego (2014), https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/meyer
  22. 22.
    National Institute of Standards and Technology: Protocol for Lightweight Authentication of Identity (PLAID) Workshop (July 2009), http://csrc.nist.gov/news_events/plaid-workshop/
  23. 23.
    Rifà-Pous, H., Herrera-Joancomartí, J.: Computational and energy costs of cryptographic algorithms on handheld devices. Future Internet 3(1), 31–48 (2011)CrossRefGoogle Scholar
  24. 24.
    Risky.biz: Risky Business 106 — Centrelink’s new PLAID auth protocol (May 2009), http://risky.biz/netcasts/risky-business/risky-business-106-centrelinks-new-plaid-auth-protocol
  25. 25.
    Sakurada, H.: Security evaluation of the PLAID protocol using the ProVerif tool (September 2013), http://crypto-protocol.nict.go.jp/data/eng/ISOIEC_Protocols/25185-1/25185-1_ProVerif.pdf
  26. 26.
    Taylor, J.: Centrelink ID protocol still in trial phase, zDNet (May 2012), http://www.zdnet.com/centrelink-id-protocol-still-in-trial-phase-1339336953/
  27. 27.
    Vaudenay, S.: Security flaws induced by CBC padding - applications to SSL, IPSEC, WTLS ... In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534–546. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  28. 28.
    Watanabe, D.: Security analysis of PLAID (September 2013), http://crypto-protocol.nict.go.jp/data/eng/ISOIEC_Protocols/25185-1/25185-1_Scyther.pdf

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Jean Paul Degabriele
    • 1
  • Victoria Fehr
    • 2
  • Marc Fischlin
    • 2
  • Tommaso Gagliardoni
    • 2
  • Felix Günther
    • 2
  • Giorgia Azzurra Marson
    • 2
  • Arno Mittelbach
    • 2
  • Kenneth G. Paterson
    • 1
  1. 1.Information Security GroupRoyal Holloway, University of LondonU.K.
  2. 2.CryptoplexityTechnische Universität DarmstadtGermany

Personalised recommendations