Alberto Peinado

Bio: Alberto Peinado is an academic researcher from University of Málaga. The author has contributed to research in topics: Pseudorandom number generator & Cryptanalysis. The author has an hindex of 13, co-authored 51 publications receiving 672 citations.

Distance bounding protocols for RFID enhanced by using void-challenges and analysis in noisy channels

Abstract: RFID systems are vulnerable to different attacks related to the location; distance fraud attack, relay attack and terrorist attack. The main countermeasure against these attacks is the use of protocols capable of measuring the round trip time of single challenge-response bit. In this paper, we consider a modification of these protocols applying a new feature; the ‘void challenges’. This way, the success probability for an adversary to access to the system decreases. We use as reference-point the most popular of this kind of protocols, the Hancke and Kuhn's protocol, to show the improvements achieved when different cases are analysed. Copyright © 2008 John Wiley & Sons, Ltd.

Security of Distance-Bounding: A Survey

Abstract: Distance-bounding protocols allow a verifier to both authenticate a prover and evaluate whether the latter is located in his vicinity. These protocols are of particular interest in contactless systems, e.g., electronic payment or access control systems, which are vulnerable to distance-based frauds. This survey analyzes and compares in a unified manner many existing distance-bounding protocols with respect to several key security and complexity features.

Secure EPC Gen2 Compliant Radio Frequency Identification

Abstract: The increased functionality of EPC Class1 Gen2 (EPCGen2) is making this standard a de facto specification for inexpensive tags in the RFID industry. Recently three EPCGen2 compliant protocols that address security issues were proposed in the literature. In this paper we analyze these protocols and show that they are not secure and subject to replay/impersonation and statistical analysis attacks. We then propose an EPCGen2 compliant RFID protocol that uses the numbers drawn from synchronized pseudorandom number generators (RNG) to provide secure tag identification and session unlinkability. This protocol is optimistic and its security reduces to the (cryptographic) pseudorandomness of the RNGs supported by EPCGen2.

SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity

Abstract: As low-cost RFIDs become more and more popular, it is imperative to design ultralightweight RFID authentication protocols to resist all possible attacks and threats. However, all of the previous ultralightweight authentication schemes are vulnerable to various attacks. In this paper, we propose a new ultralightweight RFID authentication protocol that provides strong authentication and strong integrity protection of its transmission and of updated data. The protocol requires only simple bit-wise operations on the tag and can resist all the possible attacks. These features make it very attractive to low-cost RFIDs and very low-cost RFIDs.

A Survey of Man In The Middle Attacks

Abstract: The Man-In-The-Middle (MITM) attack is one of the most well known attacks in computer security, representing one of the biggest concerns for security professionals. MITM targets the actual data that flows between endpoints, and the confidentiality and integrity of the data itself. In this paper, we extensively review the literature on MITM to analyse and categorize the scope of MITM attacks, considering both a reference model, such as the open systems interconnection (OSI) model, as well as two specific widely used network technologies, i.e., GSM and UMTS. In particular, we classify MITM attacks based on several parameters, like location of an attacker in the network, nature of a communication channel, and impersonation techniques. Based on an impersonation techniques classification, we then provide execution steps for each MITM class. We survey existing countermeasures and discuss the comparison among them. Finally, based on our analysis, we propose a categorisation of MITM prevention mechanisms, and we identify some possible directions for future research.

On numbers and games

Abstract: Some readers know to play the game of nim well, fewer play a perfect annihilation game, and nobody knows whether there exists an opening move in chess that will guarantee a win for white. These games and many more, belong to the family of combinatorial games, by which we mean the set of all two-player perfect-information games without chance moves and with outcomes lose or win (and sometimes: dynamic tie). The motivation for ONAG may have been, and perhaps was-and I would like to think that it was-the attempt to bridge the theory gap between nim-like and chess-like games. Why is there a gap? Every combinatorial game can be described as a directed graph called game-graph, whose vertices are the game positions, and (u, v) is a directed edge if and only if there is a move from position u to position v. Denote by N the set of all positions from which the Next (first) player can force a win; by P the set of all positions from which the Previous (second) player can force a win; and by T the set of all (dynamic) Tie positions, which are positions from which no player can force a win and therefore both can avoid losing. In an acyclic game-graph there cannot be any tie positions. The N, P, T classification of any game graph R = (V, E) can be determined in 0(\V\ + \E\) steps [8]. For both nim and chess, a finite game-graph can be constructed and the N, P, T classification can be determined. So both games are solvable in principle. If we play nim with n piles, each pile containing at most k tokens, then the game-graph contains (k + \) vertices. Suppose that in (generalized) chess played on an « X « board there are k different pieces. If k is about n/2, then the game-graph of chess contains O (2") vertices. So both game-graphs have exponentially many vertices, and thus both games appear intractable in the usual sense of computational complexity [1, Chapter 10], [14, Chapter 9], namely a computation appears to be required which is asymptotically exponential. From a computational efficiency standpoint, the essential difference between nim and chess is that nim can be viewed as a disjunctive compound (sum) of independent games, namely the individual piles. A disjunctive