Cryptology ePrint Archive: Report 2014/728

Unpicking PLAID - A Cryptographic Analysis of an ISO-standards-track Authentication Protocol

Jean Paul Degabriele and Victoria Fehr and Marc Fischlin and Tommaso Gagliardoni and Felix GŁnther and Giorgia Azzurra Marson and Arno Mittelbach and Kenneth G. Paterson

Abstract: The Protocol for Lightweight Authentication of Identity (PLAID) aims at secure and private authentication between a smart card and a terminal. Originally developed by a unit of the Australian Department of Human Services for physical and logical access control, PLAID has now been standardized as an Australian standard AS-5185-2010 and is currently in the fast-track standardization process for ISO/IEC 25185-1. We present a cryptographic evaluation of PLAID. As well as reporting a number of undesirable cryptographic features of the protocol, we show that the privacy properties of PLAID are significantly weaker than claimed: using a variety of techniques we can fingerprint and then later identify cards. These techniques involve a novel application of standard statistical and data analysis techniques in cryptography. We discuss potential countermeasures to our attacks and comment on our experiences with the standardization process of PLAID.

Category / Keywords: cryptographic protocols / protocol analysis, ISO standard, PLAID, authentication protocol, privacy

Original Publication (with major differences): 1st International Conference on Research in Security Standardisation (SSR 2014)
DOI:
10.1007/978-3-319-14054-4_1

Date: received 18 Sep 2014, last revised 27 Oct 2015

Contact author: guenther at cs tu-darmstadt de

Available format(s): PDF | BibTeX Citation

Version: 20151027:091735 (All versions of this report)

Short URL: ia.cr/2014/728

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]