Cryptographic Techniques for Physical Security (seminar Notes) Cryptographic Techniques for Physical Security (seminar Notes)

Preface The goal of this course is to familiarize participating students with the most important cryptographic techniques and design principles in the context of RFID (Radio Frequency IDentification) security. Unlike most courses and texts on cryptography, our primary focus is not the most traditional application of cryptography — enciphering of (possibly very large) textual messages. Instead, we will study in detail several aspects of authentication, identification and authorization. In such applications, we will be typically dealing with short messages in low quantities. Instead of the usual long-distance point-to-point communication channel model, we will often assume short-distance broadcasts. Another important distinguishing feature of the security systems we will be studying is the fact that the computational resources of certain elements are severely constrained. Nevertheless, most principles and techniques studied in this course have applications far beyond RFID and are generally applicable in security system design. The language of course notes is English, as most of the literature on cryptography and information security is available in this language and it is important that students of this subject become familiar with English terminology. 2 1 Introduction to Security " Many counting rods is victorious over few counting rods, How much more so over no counting rods. " — Sun Tzu: Ping Fa (" The Art of War " , Denma Translation) 1.1 What is Security Engineering? Security considerations always arise in the context of conflicting interests. Specifically, when there is a possibility (or threat) of such an action (called attack) that is beneficial for the initiating party, the attacker, but harmful to some other party, the victim. While reasoning about security, we often assume the point of view of the potential victim, referring to potential attackers as adversaries. Yet, it is very important to keep in mind that the interests of providers and consumers of security are not perfectly aligned either. We are primarily concerned with rational adversaries (in the economic sense), who attack if they prefer the gains from the attack to the cost of performing the attack. While these are often difficult to quantify, using the usual micro-economic axioms about preferences, it is always possible to assign a scalar utility function to these gains and costs (see Debreu's Lemma in the supplement). In practice, we usually express them in terms of monetary value. The matter is further complicated by the fact that we can only guess the preferences of the adversaries …