Weaknesses in the PLAID Protocol

In 2009, the Australian government released the Protocol for Lightweight Authentication of Identity (PLAID) protocol. It was recently analyzed (original paper is from 2014, but was just updated), and it's a security disaster. Matt Green wrote a good blog post back in 2014 that explains the problems.

Slashdot thread. Reddit thread.

Posted on October 30, 2015 at 6:40 AM • 13 Comments

Comments

Clive RobinsonOctober 30, 2015 8:53 AM

Skim reading the report sections 5.7 and 5.8 really are unforgivable problems that should have been designed out of PLAID before it even got to day 1 of the project.

The conclusion (6) would be hysterically funny if it were not so serious. The standards editor should seriously consider his position. Likewise the standard should be dropped entirely, because it's not secure and can not be made so, in fact it begs the question as to if incompetence or malicious intent were involved.

keinerOctober 30, 2015 10:14 AM

"incompetence or malicious intent"

Really? Beg your pardon, establishing a trash protocol and then pressure it through fast-track as an internal standard is not the standard NSA behaviour seen for decades?

WOW!

LOctober 30, 2015 10:41 AM

Italy is doing the same, the protocol is done on top of SAML, and the last time I checked
there were lots of leaks, although the spec was high level and not finished.

name: SPID:
http://www.agid.gov.it/agenda-digitale/infrastrutture-architetture/spid

Unfortunately, it's all in italian. #whatcouldpossiblygowrong
And xml. I hate xml...


Although it has to be used by law now, the documents in that page do not seem to provide
enough information to actually write a complete implementation...


Somebody please hack it before we have to begin using it, please :(

Who?October 30, 2015 12:35 PM

Another security protocol from the five eyes... these five countries should be banned from working on cryptography, security or anything sensible with relation to computers.

Octagonal LadybugOctober 30, 2015 2:31 PM

"Somebody please hack it before we have to begin using it, please"

William Gibson just perked his cyber-ears. ;)

Tony H.October 30, 2015 2:42 PM

The author(s) of the Nitpicking PLAID report (the one that attempts to rebut the Unpicking PLAID academic paper) seem not to realize that "mute" (silent) and "moot" (merely academic, having no practical relevance, debatable) are two different words.

While "mute" is used once or perhaps twice correctly, the other occurrences would appear to be intended to mean "moot".

Well this is a common mistake, but surely someone who quotes Chaucer in Middle English at the start should take care about this kind of thing. Or at least have someone proofread the report.

Who?October 30, 2015 3:11 PM

@Tony H.

Not all scientific writers were born in London, nor spent years on Shakespeare plays at a Broadway theatre. Does it make their research worse?

Mike ChannelOctober 31, 2015 4:50 AM

@Who 3.11pm: yes it does matter. If the researchers write up their work using words which they don't understand or use inconsistently, then their research is not well-described and may be incorrectly described and they are not transferring high-quality information to you. If they're using words to make themselves look more clever than they are, then they're proving themselves foolish.
Solution: keep it simple.

Mike ChannelOctober 31, 2015 5:12 AM

My best-attempt at translating the Chaucer quote "no wele is worth, that may no sorwe Dryen" was this: "we're sick of you for spotting any flaws, so instead of being grateful we're going to make you look small by quoting Chaucer at you"

Spaceman SpiffOctober 31, 2015 9:27 PM

This is why government agencies should have NOTHING to do with public encryption and security standards! It is not in their interest for them to BE secure. Rather the opposite...

helloASIONovember 2, 2015 3:54 AM

The Australian security landscape is terrible. It's why I won't work in the appalling mess any more as there are no standards and employers have no idea about government or industry advice or protocol to follow, let alone consider employing anyone who will take things seriously. The first thing you are asked for as an admin in charge of any server containing sensitive customer information is the PASSWORD. The boss wants the PASSWORD to hand out to all PET employees so they can create their own internet connections and bypass and pesky security software. Passwords should be 4 letters, contain no numbers or symbols and be easy as hell to remember or guess.

The major banks at least fly people in from over seas to manage their security.

On top of this appalling mess they have decided to collect all Metadata, phone calls and text for two years.
The so called security experts from Telstra, the once national telephone operator now privatised, get their arses handed to them regularly by crackers. Entire towns have had their telephone exchanges shut down when businesses have not paid up for encrypted information ransom exploits. Businesses quickly pay when they learn the so called Australian experts in security from Telstra have only cost them more money and also still want to be paid for their piss more job. It's now happening every day that customer details are being stolen from businesses who wouldn't even know what "Back-up" or "security policy" means, and apparently only 10% are reporting any breach anyway as there are fines starting at $20,000 for allowing unauthorised access to customer records.

gregNovember 3, 2015 9:03 AM

We all know you shouldn't roll your own crypto. However when you are faced with a problem where there are no current standards or available solutions, waiting 10 years for the crypto community to come up with something is plain impractical.

And can we get smart cards that are a faster already. They have the same awful specs they did 10 years ago. Trying to do crypto right with your arm tied behind your back is an exercise in futility.

Cus if we are serious about a post DH/ECC/RSA public key systems, then we should be moving to McEliece anyway. (or Lamport sigs or something)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.