Logo des Repositoriums

Auflistung nach Autor:in "Peeters, Roel"

1 - 5 von 5
  • Konferenzbeitrag
    Cross-Context Delegation through Identity Federation
    (BIOSIG 2008: Biometrics and Electronic Signatures, 2008) Peeters, Roel; Simoens, Koen; Cock, Danny de; Preneel, Bart
    We present in this paper a basic scheme for delegation in a federated setting and two more advanced schemes, transferable and corporated delegation. By transfer- able delegation delegatees are able to delegate the received privileged actions further to someone else. Corporate delegation is delegation within a business context. Our schemes are generic and user-centric. We elaborate on the different procedures to is- sue, accept and revoke mandates in these schemes. Different variations are discussed and their impact on the corresponding procedures is evaluated. For the basic scheme of delegation mandates are used, for more advanced schemes, as the complexity in- creases, use of delegation assertions is proposed.
  • Konferenzbeitrag
    Security considerations on extending PACE to a biometric-based connection establishment
    (BIOSIG 2013, 2013) Buchmann, Nicolas; Peeters, Roel; Baier, Harald; Pashalidis, Andreas
    The regulations of the European Union (EU) Council in 2004 are the basis of the deployment of electronic passports within the EU. Since then EU member states adopt the format and the access protocols to further electronic machine readable travel documents (eMRTD) like national electronic ID cards and electronic residence permits, respectively. The security protocols to communicate with an eMRTD are based on the paradigm of strong cohesion and loose coupling, i.e., each step is designed to ensure only a particular security goal like authorisation to access a certain data group, authenticity and integrity of the data, originality of the chip, or the linkage between the eMRTD and its holder. However, recently a discussion evolved to integrate the linkage security goal within the connection establishment, which currently only aims at limiting basic access of authorised terminals to the eMRTD. For instance, the BioPACE protocol proposes to replace the knowledge-based shared 'secret' of PACE by a biometric-based one. The goal of the paper at hand is twofold: First, we evaluate the BioPACE protocol and propose improvements to enhance its features. Second, we analyse the expediency of integrating our BioPACE version 2 into the eMRTD domain. Our initial evaluation shows that our BioPACE version 2 is expedient if the EAC protocols and the corresponding PKI are abandoned.
  • Konferenzbeitrag
    Shattering the glass maze
    (BIOSIG 2014, 2014) Hermans, Jens; Peeters, Roel; Mennink, Bart
    Template protection plays a crucial role in protecting the privacy of biometric data, by providing irreversibility and unlinkability. The Glass Maze, as presented by Trugenberger at BIOSIG 2011, is a fingerprint key binding mechanism that is claimed to provide template protection. With the correct fingerprint, the key that is entangled with the fingerprint data can be retrieved. The template protection of the Glass Maze is based on the convergence properties of a Hopfield model, a neural network. We however show how to revert the Glass Maze to recover the key, without requiring a correct fingerprint. This completely breaks the irreversibility property, and hence also unlinkability.
  • Konferenzbeitrag
    Speedup for European epassport authentication
    (BIOSIG 2014, 2014) Peeters, Roel; Hermans, Jens; Mennink, Bart
    The overall ePassport authentication procedure should be fast to have a sufficient throughput of people at border crossings such as airports. At the same time, the ePassport and its holder should be checked as thoroughly as possible. By speeding up the ePassport authentication procedure, more time can be spend on verification of biometrics. We demonstrate that our proposed solution allows to replace the current combination of PACE and EAC with a more efficient authentication procedure that provides even better security and privacy guarantees. When abstracting away from the time needed for the ePassport to verify the terminal's certificate, a speed-up of at least 40\% in comparison with the current ePassport authentication procedure is to be expected.
  • Konferenzbeitrag
    When a bloom filter is a doom filter: security assessment of a novel iris biometric template protection system
    (BIOSIG 2014, 2014) Hermans, Jens; Mennink, Bart; Peeters, Roel
    Biometric template protection systems are expected to meet two major security requirements: irreversibility and unlinkability. We analyze the Bloom filter based iris biometric template protection system recently introduced by Rathgeb et al. at ICB 2013 and IET Biometrics 2014. We demonstrate that the scheme does not achieve unlinkability, presenting a simple attack that in the worst case succeeds with probability at least 96\%. We also present a security analysis on generating false positives or recovering the key, both leading to undesirably low attack complexities: 225 for generating false positives for the smaller versions of the scheme, and a complexity between 22 and 28 for recovering the secret key.