Cognaux, Nicolas
[UCL]
Standaert, François-Xavier
[UCL]
Koeune, François
[UCL]
Macé, François
[NCS Scaline]
This thesis focusses on privacy considerations for access authentication systems. Today, access authentication systems are used in every situations and nearly everywhere. Those authentication systems create metadata 1 , such as access logs and punctual identifications. By aggregating those metadata which have no value alone, we can guess habits and comportments of users. Current authentication systems can leak those metadata and so compromise privacy. Solutions have to be implemented in order to reduce the amount of those leaks and their relevancy. This thesis covers different systems that can reduce those attacks on privacy. First chapter of this Thesis exposes current systems and practices in access tokens and access authentication systems. It explains how access tokens work, especially for Radio Frequency IDentification (RFID) tokens. Those are also categorized and compared technically. This chapter also covers some implementation standards for access authentication systems. This thesis also introduces some security risks related to current systems. Second chapter focusses on a particular system that uses MIFARE DESFire EV1 tokens for access authentication. The privacy aspect and protection systems implemented in this token are evoked and discussed. This particular authentication system implements some protections for privacy but those solutions can still be improved. Those weaknesses are discussed and in term of security but also for the privacy of the user. Those systems are often used for cases where privacy is critical although those are not adapted. A possible improvement, which is the switch to transparent mode for the communication with the readers, is exposed in Third chapter of this document. Transparent mode applied to the MIFARE DESFire EV1 authentication system is an improvement for security and privacy. This chapter covers the improvements but also an implementation of such protocol on an existing authentication system. However, such systems cannot be used in every situations. For example, some companies use those systems for public transportation whereas the user’s privacy is not perfect. Such cases have to use more adapted systems. Group signature is a scheme that can help to improve privacy. This topic is covered in Fourth chapter of this thesis where theoretical information are given. This chapter presents cryptographic schemes that can be used for group signature and authentication. Those schemes are compared theoretically and discussed against practical considerations. Finally, last chapter presents an implementation of group signature scheme for smartphones. This system is confronted to the use case of a music concerts subscription and is benchmarked for this use case. A proof of concept is also developed and presented in this chapter. It uses Android smartphones as Prover and is aimed to prove the usability and the feasibility of such system with today’s technologies.
Bibliographic reference |
Cognaux, Nicolas. Implementation trade-offs for access tokens. Ecole polytechnique de Louvain, Université catholique de Louvain, 2016. Prom. : Standaert, François-Xavier ; Koeune, François ; Macé, François. |
Permanent URL |
http://hdl.handle.net/2078.1/thesis:4605 |