Unpicking PLAID

AuthorDegabriele, Jean Paul; Fehr, Victoria; Fischlin, Marc; Gagliardoni, Tommaso; Günther, Felix; Marson, Giorgia Azzurra; Mittelbach, Arno; Paterson, Kenneth G.
TypeConference Proceedings
AbstractThe Protocol for Lightweight Authentication of Identity (PLAID) aims at secure and private authentication between a smart card and a terminal. Originally developed by a unit of the Australian Department of Human Services for physical and logical access control, PLAID has now been standardized as an Australian standard AS-5185-2010 and is currently in the fast track standardization process for ISO/IEC 25185-1.2. We present a cryptographic evaluation of PLAID. As well as reporting a number of undesirable cryptographic features of the protocol, we show that the privacy properties of PLAID are significantly weaker than claimed: using a variety of techniques we can fingerprint and then later identify cards. These techniques involve a novel application of standard statistical and data analysis techniques in cryptography. We also discuss countermeasures to our attacks.
Conference1st International Conference on Research in Security Standardisation
SerieLecture Notes in Computer Science
InSecurity Standardisation Research, p.1-25