October 29, 2020
Abstract: Legal metrology is concerned with ensuring trustworthy measurement results that affect commercial transactions, public safety, health, and the environment. Conversely, cybercriminals sometimes replace the software of measuring instruments (such as fuel dispensers), tampering with commercial transactions and inflicting a financial loss to customers and companies. In this poster, we showcase an application of cryptography to mitigate the problem. We propose a device attestation whereby the measuring instrument produces a verifiably fresh and authenticated proof that the device contains the original software. As enhanced properties, the legal metrology application protects the confidentiality of the software (not even auditors learn the software) and the timeliness of the audits. The freshness feature is leveraged by using a public randomness beacon; the confidentiality is leveraged by a cryptographic zero-knowledge proof.
NIST-ITL Virtual Science Day 2020 (October 29) -- Poster presentation over video-conference.
Joint work with Luís Brandão and René Peralta