Abstract
Card-based physical access control systems are used by most people on a daily basis, for example, at work, in public transportation, or at hotels. Yet these systems have often very poor cryptographic protection. User identifiers and keys can be easily eavesdropped on and counterfeited. The privacy-preserving features are almost missing in these systems. To improve this state, we propose a novel cryptographic scheme based on efficient zero-knowledge proofs and Boneh-Boyen signatures. The proposed scheme is provably secure and provides the full set of privacy-enhancing features, that is, the anonymity, untraceability, and unlinkability of users. Furthermore, our scheme supports distributed multidevice authentication with multiple RFID (Radio-Frequency IDentification) user devices. This feature is particularly important in applications for controlling access to dangerous sites where the presence of protective equipment is checked during each access control session. Besides the full cryptographic specification, we also show the results of our implementation on devices commonly used in access control applications, particularly the smart cards and embedded verification terminals. By avoiding costly operations on user devices, such as bilinear pairings, we were able to achieve times comparable to existing systems (around 500 ms), while providing significantly higher security, privacy protection, and features for RFID multidevice authentication.
Highlights
Privacy-enhancing technologies constitute a significant part of contemporary cryptography
We propose and experimentally evaluate a novel cryptographic scheme that addresses two phenomenons of contemporary cyberspace: lack of user privacy and ubiquitous presence of many personal devices that can be leveraged for stronger authentication and more reliable access control
We propose a novel cryptographic scheme for multidevice authentication that is tailored for physical access control systems where the user must prove his own identifier, and many other auxiliary identifiers stored on separate devices
Summary
Privacy-enhancing technologies constitute a significant part of contemporary cryptography. With the increasing computational power of the programmable smart cards, massive expansion of various personal electronic devices, and the capabilities in RFID communication of our smart phones, we can expect penetration of privacy-enhancing technologies to the area of physical access control. We propose and experimentally evaluate a novel cryptographic scheme that addresses two phenomenons of contemporary cyberspace: lack of user privacy and ubiquitous presence of many personal devices (phones, smart cards, RFID tags, bluetooth dongles, smart watch, etc.) that can be leveraged for stronger authentication and more reliable access control. We provide all the required features that are often contradictory and completely unavailable in existing schemes (in particular, the presence of many identifiers versus anonymity; the untraceability and strong cryptographic security versus efficiency on RFID tags and stickers). The access control process may (the extent of privacy-enhancing features can be initially set by the administrator; if required, identification or user tracing may be enforced by the access control system) proceed in a fully private manner, without disclosing user identity or being traceable in the system
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
