Bart Preneel

University of Leuven, Louvain, Flanders, Belgium

Are you Bart Preneel?

Claim your profile

Publications (642)136.95 Total impact

  • Source
    Christina-Angeliki Toli · Bart Preneel

    Full-text · Dataset · Dec 2015
  • Source
    Christina-Angeliki Toli · Bart Preneel

    Full-text · Article · Nov 2015
  • Source

    Full-text · Dataset · Nov 2015
  • Source

    Full-text · Dataset · Oct 2015
  • Source
    Christina-Angeliki Toli · Bart Preneel
    [Show abstract] [Hide abstract]
    ABSTRACT: This research is focused on giving a comprehensive overview of the secure biometric systems field, analysing it from privacy enhancing technology (PET) perspective. The widespread use of biometric systems, the nature of the shared data, the kinds of use cases and the applications introduce privacy risks. Along these line, we are trying to respond to the matters of: " Can really biometrics be characterized as PETs ? " and " In which extent can biometrics be considered as private friendly? " The paper covers different opinions on the major question: " Are biometrics a protection mechanism of individual privacy? " The available related literature is discussed, while very recent advances , a number of approaches for biometrics as PETs are presented and the privacy interactive needs of the users with other units are evaluated. As an illustration, a situation based on on-line biometric access control is figured, where the attitude of the implicated parties is examined. The aim of this multidisciplinary work is to clarify the studies on how to develop and ensure the privacy in crypto-biometric techniques and contribute to efforts for addressing societal impacts of modern technological issues.
    Full-text · Conference Paper · Oct 2015
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Anonymous E-Cash was first introduced in 1982 as a digital, privacy-preserving alternative to physical cash. A lot of research has since then been devoted to extend and improve its properties, leading to the appearance of multiple schemes. Despite this progress, the practical feasibility of E-Cash systems is still today an open question. Payment tokens are typically portable hardware devices in smart card form, resource constrained due to their size, and therefore not suited to support largely complex protocols such as E-Cash. Migrating to more powerful mobile platforms, for instance, smartphones, seems a natural alternative. However, this impliesmoving computations from trusted and dedicated execution environments to generic multiapplication platforms, which may result in security vulnerabilities. In this work, we propose a new anonymous E-Cash system to overcome this limitation. Motivated by existing payment schemes based on MTM (Mobile Trusted Module) architectures, we consider at design time a model in which user payment tokens are composed of two modules: an untrusted but powerful execution platform (e.g., smartphone) and a trusted but constrained platform (e.g., secure element). We show how the protocol's computational complexity can be relaxed by a secure split of computations: nonsensitive operations are delegated to the powerful platform, while sensitive computations are kept in a secure environment. We provide a full construction of our proposed Anonymous Split E-Cash scheme and show that it fully complies with the main properties of an ideal E-Cash system. Finally, we test its performance by implementing it on an Android smartphone equipped with a Java-Cardcompatible secure element.
    Full-text · Article · Sep 2015 · ACM Transactions on Embedded Computing Systems
  • Source

    Preview · Article · Sep 2015
  • Filipe Beato · Stijn Meul · Bart Preneel
    [Show abstract] [Hide abstract]
    ABSTRACT: Online Social Networks (OSNs) constitute vital communication and information sharing channels. Unfortunately, existing coarse-grained privacy preferences insufficiently protect the shared information. Although cryptographic techniques provide interesting mechanisms to protect privacy, several issues remain problematic, such as, OSN provider acceptance, user adoption, key management and usability. To mitigate these problems, we propose a practical solution that uses Identity-Based Encryption to simplify key management and enforce data confidentiality. Moreover, we devise an Identity-Based outsider anonymous private sharing scheme to disseminate information among multiple users. Furthermore, we demonstrate the viability and tolerable overhead of our solution via an open-source prototype.
    No preview · Article · Jul 2015 · Computer Communications
  • Elena Andreeva · Bart Mennink · Bart Preneel
    [Show abstract] [Hide abstract]
    ABSTRACT: A cryptographic hash function compresses arbitrarily long messages to digests of a short and fixed length. Most of existing hash functions are designed to evaluate a compression function with a finite domain in a mode of operation, and the compression function itself is often designed from block ciphers or permutations. This modular design approach allows for a rigorous security analysis via means of both cryptanalysis and provable security. We present a survey on the state of the art in hash function security and modular design analysis. We focus on existing security models and definitions, as well as on the security aspects of designing secure compression functions (indirectly) from either block ciphers or permutations. In all of these directions, we identify open problems that, once solved, would allow for an increased confidence in the use of cryptographic hash functions.
    No preview · Article · May 2015 · Designs Codes and Cryptography
  • Bart Mennink · Bart Preneel
    [Show abstract] [Hide abstract]
    ABSTRACT: A well-established method of constructing hash functions is to base them on non-compressing primitives, such as one-way functions or permutations. In this work, we present \(S^r\) , an \(rn\) -to- \(n\) -bit compression function (for \(r\ge 1\) ) making \(2r-1\) calls to \(n\) -to- \(n\) -bit primitives (random functions or permutations). \(S^r\) compresses its inputs at a rate (the amount of message blocks per primitive call) up to almost 1/2, and it outperforms all existing schemes with respect to rate and/or the size of underlying primitives. For instance, instantiated with the \(1600\) -bit permutation of NIST’s SHA-3 hash function standard, it offers about \(800\) -bit security at a rate of almost 1/2, while SHA-3-512 itself achieves only \(512\) -bit security at a rate of about \(1/3\) . We prove that \(S^r\) achieves asymptotically optimal collision security against semi-adaptive adversaries up to almost \(2^{n/2}\) queries and that it can be made preimage secure up to \(2^n\) queries using a simple tweak.
    No preview · Article · Apr 2015 · International Journal of Information Security
  • Atul Luykx · Bart Mennink · Bart Preneel · Laura Winnen
    [Show abstract] [Hide abstract]
    ABSTRACT: We consider the generic design of compression functions based on two n-bit permutations and XOR-based mixing functions. It is known that any such function mapping n+α to α bits, with 1≤α≤n, can achieve at most min{2α/2 ,2n/2-α/4} collision security. Using techniques similar to Mennink and Preneel [CRYPTO 2012, Lecture Notes in Comput. Sci. 7417, Springer, Heidelberg (2012), 330-347], we show that there is only one equivalence class of these functions achieving optimal collision security, and additionally min{2α,2n/2} preimage security. The equivalence class compares well with existing functions based on two or three permutations, and is well-suited for wide-pipe hashing.
    No preview · Article · Jan 2015 · Journal of Mathematical Cryptology
  • F. Beato · M. Conti · B. Preneel · D. Vettore
    [Show abstract] [Hide abstract]
    ABSTRACT: The tremendous popularity of Online Social Networks (OSNs), such as Facebook and Google+, has accustomed people to an easy and reliable process of social interactions. Inherently, the huge amount of information disseminated and the sensitive information possessed by OSNs prompted several privacy concerns. In order to increase the privacy of OSNs users, several solutions proposed the use of encryption and masking techniques to conceal profile information or the content of exchanged messages. Unfortunately, even when such countermeasures are in place, the OSNs can still infer sensitive information based on the social network structure and the behavior of users. In this paper, we present VirtualFriendShip, a novel solution that allows users to hide their real social network structure, and to browse the OSNs while keeping their actions anonymous. To do so, we introduce the concept of routing friends, which are build upon the social trust and relay other users traffic throughout a decentralized channel. We demonstrate the feasibility of our solution via a prototype implementation of VirtualFriendShip for Facebook. Alongside with a set of experiments we show that the additional costs are tolerable to end users.
    No preview · Article · Dec 2014
  • Jens Hermans · Roel Peeters · Bart Preneel
    [Show abstract] [Hide abstract]
    ABSTRACT: We approach RFID privacy both from modelling and protocol point of view. Our privacy model avoids the drawbacks of several proposed RFID privacy models that either suffer from insufficient generality or put forward unrealistic assumptions regarding the adversary's ability to corrupt tags. Furthermore, our model can handle multiple readers and introduces two new privacy notions to capture the recently discovered insider attackers. We analyse multiple existing RFID protocols, demonstrating the easy applicability of our model, and propose a new wide-forward-insider private RFID authentication protocol. This protocol provides sufficient privacy guarantees for most practical applications and is the most efficient of its kind, it only requires two scalar-EC point multiplications.
    No preview · Article · Dec 2014 · IEEE Transactions on Mobile Computing
  • Bart Preneel

    No preview · Article · Sep 2014 · Communications of the ACM
  • Source
    Christina-Angeliki Toli · Bart Preneel
    [Show abstract] [Hide abstract]
    ABSTRACT: In order to guarantee better user-friendliness and higher accuracy , beyond the existing traditional single-factor biometric systems, the multimodal ones appear to be more promising. Two or more bio-metric measurements for the same identity are extracted, stored and compared during the enrollment, authentication and identification processes. Deployed multimodal biometric systems also referred to as multi-biometrics or even as multimodalities are commonly found and used in electronic chips, embedded in travel documents. The widespread use of such systems, the nature of the shared data and the importance of applications introduce privacy risks. A significant number of approaches and very recent advances to the relevant protection technologies have been published. This paper illustrates a comprehensive overview of research in multibiometrics, the protection of their templates and the privacy issues that arise. Up-to-date review of the existing literature revealing the current state-of-art suggestions is provided, based on the different levels of fusion and the employed protection algorithms, while an outlook to future prospects is also discussed.
    Full-text · Conference Paper · Sep 2014
  • [Show abstract] [Hide abstract]
    ABSTRACT: The vast majority of Internet users are relying on centralized search engine providers to conduct their web searches. However, search results can be censored and search queries can be recorded by these providers without the user's knowledge. Distributed web search engines based on peer-to-peer networks have been proposed to mitigate these threats. In this paper we analyze the three most popular real-world distributed web search engines: Faroo, Seeks and Yacy, with respect to their censorship resistance and privacy protection. We show that none of them provides an adequate level of protection against an adversary with modest resources. Recognizing these flaws, we identify security properties a censorship-resistant and privacy-preserving distributed web search engine should provide. We propose two novel defense mechanisms called node density protocol and webpage verification protocol to achieve censorship resistance and show their effectiveness and feasibility with simulations. Finally, we elaborate on how state-of-the-art defense mechanisms achieve privacy protection in distributed web search engines.
    No preview · Conference Paper · Sep 2014
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Location-sharing-based services (LSBSs) allow users to share their location with their friends in a sporadic manner. In currently deployed LSBSs users must disclose their location to the service provider in order to share it with their friends. This default disclosure of location data introduces privacy risks. We define the security properties that a privacy-preserving LSBS should fulfill and propose two construc-tions. First, a construction based on identity based broad-cast encryption (IBBE) in which the service provider does not learn the user's location, but learns which other users are allowed to receive a location update. Second, a construc-tion based on anonymous IBBE in which the service provider does not learn the latter either. As advantages with respect to previous work, in our schemes the LSBS provider does not need to perform any operations to compute the reply to a location data request, but only needs to forward IBBE ciphertexts to the receivers. We implement both construc-tions and present a performance analysis that shows their practicality. Furthermore, we extend our schemes such that the service provider, performing some verification work, is able to collect privacy-preserving aggregate statistics on the locations users share with each other.
    Full-text · Conference Paper · Jul 2014
  • [Show abstract] [Hide abstract]
    ABSTRACT: Public key Kerberos (PKINIT) is a standard authentication and key establishment protocol. Unfortunately, it suffers from a security flaw when combined with smart cards. In particular, temporary access to a user’s card enables an adversary to impersonate that user for an indefinite period of time, even after the adversary’s access to the card is revoked. In this paper, we extend Shoup’s key exchange security model to the smart card setting and examine PKINIT in this model. Using this formalization, we show that PKINIT is indeed flawed, propose a fix, and provide a proof that this fix leads to a secure protocol.
    No preview · Article · Jun 2014 · International Journal of Information Security
  • Kota Ideguchi · Elmar Tischhauser · Bart Preneel
    [Show abstract] [Hide abstract]
    ABSTRACT: We analyze the Grøstl-0 hash function, that is the version of Grøstl submitted to the SHA-3 competition. This paper extends Peyrin’s internal differential strategy, that uses differential paths between the permutations P and Q of Grøstl-0 to construct distinguishers of the compression function. This results in collision attacks and semi-free-start collision attacks on the Grøstl-0 hash function and compression function with reduced rounds. Specifically, we show collision attacks on the Grøstl-0-256 hash function reduced to 5 and 6 out of 10 rounds with time complexities 248 and 2112 and on the Grøstl-0-512 hash function reduced to 6 out of 14 rounds with time complexity 2183. Furthermore, we demonstrate semi-free-start collision attacks on the Grøstl-0-256 compression function reduced to 8 rounds and the Grøstl-0-512 compression function reduced to 9 rounds. Finally, we show improved distinguishers for the Grøstl-0-256 permutations with reduced rounds.
    No preview · Article · Mar 2014 · Designs Codes and Cryptography
  • Hongjun Wu · Bart Preneel
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper introduces a dedicated authenticated encryption algorithm AEGIS; AEGIS allows for the protection of associated data which makes it very suitable for protecting network packets. AEGIS-128 uses five AES round functions to process a 16-byte message block (one step); AES-256 uses six AES round functions. The security analysis shows that both algorithms offer a high level of security. On the Intel Sandy Bridge Core i5 processor, the speed of AEGIS is around 0.7 clock cycles/byte (cpb) for 4096-byte messages. This is comparable in speed to the CTR mode (that offers only encryption) and substantially faster than the CCM, GCM and OCB modes.
    No preview · Chapter · Jan 2014

Publication Stats

9k Citations
136.95 Total Impact Points


  • 1993-2015
    • University of Leuven
      • • Department of Computer Science
      • • Department of Electrical Engineering (ESAT)
      Louvain, Flanders, Belgium
  • 2008
    • Katholieke Hogeschool Limburg
      Limburg, Walloon Region, Belgium
  • 2007
    • Ecole Supérieure d'Aéronautique et des technologies
      L’Ariana, Ariana, Tunisia
  • 2005
    • Universitair Psychiatrisch Centrum KU Leuven
      Cortenberg, Flanders, Belgium
  • 2003
    • Bulgarian Academy of Sciences
      • Institute of Mathematics and Informatics
      Ulpia Serdica, Sofia-Capital, Bulgaria
    • Graz University of Technology
      Gratz, Styria, Austria
  • 1999
    • University of Bergen
      • Department of Informatics
      Bergen, Hordaland, Norway
  • 1997
    • University of London
      Londinium, England, United Kingdom
  • 1992
    • Leuven University College
      Louvain, Flemish, Belgium