Project
# | Title | Team Members | TA | Documents | Sponsor |
---|---|---|---|---|---|
33 | zkTAP: A Zero-Knowledge Trustless Authentication Protocol Honorable Mention |
Joseph Kuo Lilan Yang Majdi Hassan |
Evan Widloski | design_document2.pdf design_document3.pdf design_document4.pdf design_document1.pdf final_paper1.pdf other1.pdf photo1.pdf photo2.jpg photo3.JPG presentation1.pdf proposal1.pdf |
|
# Problem: Over the past twenty years, RFID has exploded in popularity. Current uses include passports, payment systems and electronic toll road passes. The security on these devices are inappropriate for their use cases and offer very few privacy and security guarantees. Here is an example one attack. [https://en.wikipedia.org/wiki/RFID_skimming](https://en.wikipedia.org/wiki/RFID_skimming) # Solution Overview: Several solutions have been proposed such as these ‘RFID blocking wallets’ ([http://amzn.com/B07C53XTBZ](http://amzn.com/B07C53XTBZ)). However this doesn’t address the fundamental issue that data is being transmitted an insecure vector. Instead we propose a protocol, in which _proofs of knowledge_ are to be constructed instead. At an extremely high level, how these work is that instead of transmitting the secret key, the card reader will send the tag challenges (that are easy to verify but hard to guess) and the tag must prove that it is the owner of the secret key. We have created some demonstrations on how these proofs work, along with the protocol that we plan on using. In addition, we have provided a basic overview on the theory behind Zero Knowledge proofs and Elliptic Curve Cryptography in our demonstration. [[https://github.com/PershingSquare/ZKtap/blob/master/ZKtap.ipynb](https://github.com/PershingSquare/ZKtap/blob/master/ZKtap.ipynb)] Many of these concepts are abstract and so in addition to this, we will be providing a visual primer on Elliptic Curve Cryptography, Discrete Log Problem and Zero Knowledge proofs so that a person with a basic background in electrical engineering will be able to understand at a high level that these proofs are valid method of authentication. # Solution Components: ## Subsystem 1: RFID Tag This will include an RFID transmitter (CTRA1816F), a microcontroller (ATMega328P-PU) and a hardware random number generator. To create our hardware random number generator, we plan on using avalanche noise from a reverse biased zener diode (1N759). Once we have our avalanche noise, we will then amplify this noise using an op-amp (LM358) and then discretize this using an analog to digital converter. ## Subsystem 2: RFID Reader This will consist of a (RC522) RFID reader connected to a Raspberry Pi. # Criteria for Success Correctness - Only the owner of the tag must be the only person who can authenticated. In addition, the owner of the tag cannot be rejected. Privacy - Our system must not leak any secrets. In addition, an adversary must not be able to compute our secret key. We will construct a proof in our report to show this. Hardware Number Generator - Often times it is hard to verify randomness. In order for our hardware random number generator to be successful, we will need to pass either the ‘Diehard Test Suite’ or the NIST Test Suite. We will need to show that our random number generator is not affected by temperature (if anyone is worried about these, lots of people have created zener diode random number generators and have passed those test suites). Here is a link to the zener diode random number generator. [http://csc.ucdavis.edu/~cmg/papers/torng.pdf](http://csc.ucdavis.edu/~cmg/papers/torng.pdf) # Competitors The most cryptographical complex tag that we could find is the Mifare from NXP Semiconductors. It uses a 3-DES encryption scheme. Due to the Sweet32 vulnerability, 3-DES will be disallowed by all US Federal Institutions by 2023. [https://www.usenix.org/legacy/events/sec08/tech/full_papers/nohl/nohl.pdf](https://www.usenix.org/legacy/events/sec08/tech/full_papers/nohl/nohl.pdf) On the other hand, Elliptic Curve Cryptography is currently approved for encrypting classified documents (including ‘Top Secret’). [https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf) We don’t consider tags that transmit data through plaintext to be competition. |