Authentication under constraints
E. Pagnin
Thesis for the Degree of Licentiate of Engineering
Full Text
Abstract
Authentication has become a critical step to gain access to services such as on-line
banking, e-commerce, transport systems and cars (contact-less keys). In several cases,
however, the authentication process has to be performed under challenging condi-
tions. This thesis is essentially a compendium of five papers which are the result
of a two-year study on authentication in constrained settings. The two major constraints
considered in this work are: (1) the noise and (2) the computational power.
For what concerns authentication under noisy conditions,
Paper A and Paper B address the case in which the noise is in the authentication credentials. More precisely,
the aforementioned papers present attacks against biometric authentication systems,
that exploit the inherent variant nature of biometric traits to gain information that should not be leaked by the system.
Paper C and Paper D study proximity-based authentication,
i.e., distance-bounding protocols. In this case, both of the constraints are present: the possible presence of noise in the channel
(which affects communication and thus the authentication process), as well as resource constraints
on the computational power and the storage space of the authenticating party (called the prover, e.g., an RFID tag).
Finally, Paper E investigates how to achieve reliable verification of the authenticity of a digital signature, when the verifying party has
limited computational power, and thus off-loads part of the computations to an untrusted server.
Throughout the presented research work, a special emphasis is given
to privacy concerns risen by the constrained conditions.
Keywords: Authentication, Digital Signatures, Privacy, Anonymity, Biometrics, Distance-Bounding, Security.