**Êtes-vous un étudiant de l'EPFL à la recherche d'un projet de semestre?**

Travaillez avec nous sur des projets en science des données et en visualisation, et déployez votre projet sous forme d'application sur GraphSearch.

Personne# Khaled Ouafi

Cette page est générée automatiquement et peut contenir des informations qui ne sont pas correctes, complètes, à jour ou pertinentes par rapport à votre recherche. Il en va de même pour toutes les autres pages de ce site. Veillez à vérifier les informations auprès des sources officielles de l'EPFL.

Unités associées

Chargement

Cours enseignés par cette personne

Chargement

Domaines de recherche associés

Chargement

Publications associées

Chargement

Personnes menant des recherches similaires

Chargement

Cours enseignés par cette personne

Aucun résultat

Personnes menant des recherches similaires (72)

Publications associées (12)

Chargement

Chargement

Chargement

Unités associées (3)

Domaines de recherche associés (6)

Authentication protocol

An authentication protocol is a type of computer communications protocol or cryptographic protocol specifically designed for transfer of authentication data between two entities. It allows the receiv

Sûreté

En politique, la sûreté est la protection contre le pouvoir ou la violence, le danger ou les menaces. Plus particulièrement, dans la déclaration des Droits de l'homme et du citoyen de 1789, la sûreté

Mutual authentication

Mutual authentication or two-way authentication (not to be confused with two-factor authentication) refers to two parties authenticating each other at the same time in an authentication protocol. It i

This PhD thesis is concerned with authentication protocols using portable lightweight devices such as RFID tags. these devices have lately gained a significant attention for the diversity of the applications that could benefit form their features, ranging from inventory systems and building access control, to medical devices. However, the emergence of this technology has raised concerns about the possible loss of privacy carrying such tags induce in allowing tracing persons or unveiling the contents of a hidden package. this fear led to the appearance of several organizations which goal is to stop the spread of RFID tags. We take a cryptographic viewpoint on the issue and study the extent of security and privacy that RFID-based solutions can offer. In the first part of this thesis, we concentrate on analyzing two original primitives that were proposed to ensure security for RFID tags. the first one, HB#, is a dedicated authentication protocol that exclusively uses very simple arithmetic operations: bitwise AND and XOR. HB# was proven to be secure against a certain class of man-in-the-middle attacks and conjectured secure against more general ones. We show that the latter conjecture does not hold by describing a practical attack that allows an attacker to recover the tag's secret key. Moreover, we show that to be immune against our attack, HB#'s secret key size has to be increased to be more than 15 000 bits. this is an unpractical value for the considered applications. We then turn to SQUASH, a message authentication code built around a public-key encryption scheme, namely Rabin's scheme. By mounting a practical key recovery attack on the earlier version of SQUASH, we show that the security of all versions of SQUASH is unrelated to the security of Rabin encryption function. The second part of the thesis is dedicated to the privacy aspects related to the RFID technology. We first emphasize the importance of establishing a framework that correctly captures the intuition that a privacy-preserving protocol does not leak any information about its participants. For that, we show how several protocols that were supported by simple arguments, in contrast to a formal analysis, fail to ensure privacy. Namely, we target ProbIP, MARP, Auth2, YA-TRAP, YA-TRAP+, O-TRAP, RIPP-FS, and the Lim-Kwon protocol. We also illustrate the shortcomings of other privacy models such as the LBdM model. The rest of the dissertation is then dedicated to our privacy model. Contrarily to most RFID privacy models that limit privacy protection to the inability of linking the identity of two participants in two different protocol instances, we introduce a privacy model for RFID tags that proves to be the exact formalization of the intuition that a private protocol should not leak any information to the adversary. the model we introduce is a refinement of Vaudenay's one that invalidates a number of its limitations. Within these settings, we are able to show that the strongest notion of privacy, namely privacy against adversaries that have a prior knowledge of all the tags' secrets, is realizable. To instantiate an authentication protocol that achieves this level of privacy, we use plaintext-aware encryption schemes. We then extend our model to the case of mutual authentication where, in addition to a tag authenticating to the reader, the reverse operation is also required.

We introduce the notion of forgery-resilience for digital signature schemes, a new paradigm for digital signature schemes exhibiting desirable legislative properties. It evolves around the idea that, for any message, there can only be a unique valid signature, and exponentially many acceptable signatures, all but one of them being spurious. This primitive enables a judge to verify whether an alleged forged signature is indeed a forgery. In particular, the scheme considers an adversary who has access to a signing oracle and an oracle that solves a “hard” problem, and who tries to produce a signature that appears to be acceptable from a verifier’s point of view. However, a judge can tell apart such a spurious signature from a signature that is produced by an honest signer. This property is referred to as validatibility. Moreover, the scheme provides undeniability against malicious signers who try to fabricate spurious signatures and deny them later by showing that they are not valid. Last but not least, trustability refers to the inability of a malicious judge trying to forge a valid signature. This notion for signature schemes improves upon the notion of fail-stop signatures in different ways. For example, it is possible to sign more than one messages with forgery-resilient signatures and once a forgery is found, the credibility of a previously signed signature is not under question. A concrete instance of a forgery-resilient signature scheme is constructed based on the hardness of extracting roots of higher residues, which we show to be equivalent to the factoring assumption. In particular, using collision-free accumulators, we present a tight reduction from malicious signers to adversaries against the factoring problem. Meanwhile, a secure pseudorandom function ensures that no polynomially-bounded cheating verifier, who can still solve hard problems, is able to forge valid signatures. Security against malicious judges is based on the RSA assumption.

2012