Top

Published in:

2015 | OriginalPaper | Chapter

Practical and Provably Secure Distance-Bounding

Authors : Ioana Boureanu, Aikaterini Mitrokotsa, Serge Vaudenay

Published in: Information Security

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

From contactless payments to remote car unlocking, many applications are vulnerable to relay attacks. Distance bounding protocols are the main practical countermeasure against these attacks. At FSE 2013, we presented SKI as the first family of provably secure distance bounding protocols. At LIGHTSEC 2013, we presented the best attacks against SKI. In this paper, we present the security proofs. More precisely, we explicate a general formalism for distance-bounding protocols. Then, we prove that SKI and its variants is provably secure, even under the real-life setting of noisy communications, against the main types of relay attacks: distance-fraud and generalised versions of mafia- and terrorist-fraud. For this, we reinforce the idea of using secret sharing, combined with the new notion of a leakage scheme. In view of resistance to mafia-frauds and terrorist-frauds, we present the notion of circular-keying for pseudorandom functions (PRFs); this notion models the employment of a PRF, with possible linear reuse of the key. We also use PRF masking to fix common mistakes in existing security proofs/claims.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Self-blindable Credential: Towards Anonymous Entity Authentication Upon Resource Constrained Devices

next chapter On the Viability of CAPTCHAs for use in Telephony Systems: A Usability Field Study

Due to space constraints, we refer to these papers for an overview of DB protocols.

As far as we know, there exists only one other protocol with full provable security. It was presented at ACNS 2013 [12] and compared with SKI at PROVSEC 2013 [17]. All other protocols fail against at least one threat model. (See [7, Section 2].).

In this paper, there is just one common input, i.e., we assume \(x=y\).

This is to capture distance hijacking [10]. (See [8].).

Here, we deviate from Definition 4 a bit by introducing \(P^*(x)\) in the MiM attack.

Secret sharing is used to defeat an attack from [16] which is further discussed in [3].

Avoine, G., Bingöl, M., Kardas, S., Lauradoux, C., Martin, B.: A framework for analyzing RFID distance bounding protocols. J. Comput. Secur. 19(2), 289–317 (2011)

Avoine, G., Lauradoux, C., Martin, B.: How secret-sharing can defeat terrorist fraud. In: ACM Conference on Wireless Network Security, WISEC 2011, Hamburg, Germany, pp. 145–156. ACM (2011)

Bay, A., Boureanu, I., Mitrokotsa, A., Spulber, I., Vaudenay, S.: The bussard-bagga and other distance-bounding protocols under attacks. In: Kutylowski, M., Yung, M. (eds.) Inscrypt 2012. LNCS, vol. 7763, pp. 371–391. Springer, Heidelberg (2013) CrossRef

Boureanu, I., Mitrokotsa, A., Vaudenay, S.: On the pseudorandom function assumption in (secure) distance-bounding protocols. In: Hevia, A., Neven, G. (eds.) LatinCrypt 2012. LNCS, vol. 7533, pp. 100–120. Springer, Heidelberg (2012) CrossRef

Boureanu, I., Mitrokotsa, A., Vaudenay,S.: On the need for secure distance-bounding. In: Early Symmetric Crypto, ESC 2013, Mondorf-les-Bains, Luxembourg, pp. 52–60. University of Luxembourg (2013)

Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Towards secure distance bounding. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 55–68. Springer, Heidelberg (2014). http://eprint.iacr.org/2015/208.pdf

Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Secure and lightweight distance-bounding. In: Avoine, G., Kara, O. (eds.) LightSec 2013. LNCS, vol. 8162, pp. 97–113. Springer, Heidelberg (2013) CrossRef

Boureanu, I., Mitrokotsa, K., Vaudenay, S.: Practical and provably secure distance-bounding. To appear in the Journal of Computer Security (JCS). IOS Press, Eprint 2013/465. http://eprint.iacr.org/2013/465.pdf

Chernoff, H.: A measure of asymptotic efficiency for tests of a hypothesis based on the sum of observations. Ann. Math. Stat. 23(4), 493–507 (1952)MATHMathSciNetCrossRef

10.

Cremers, C.J.F., Rasmussen, K.B., Schmidt, B., Capkun, S.: Distance hijacking attacks on distance bounding protocols. In: IEEE Symposium on Security and Privacy, S&P 2012, San Francisco, California, USA, pp. 113-127. IEEE Computer Society (2012)

11.

Dürholz, U., Fischlin, M., Kasper, M., Onete, C.: A formal approach to distance-bounding RFID protocols. In: Zhou, J., Li, H., Lai, X. (eds.) ISC 2011. LNCS, vol. 7001, pp. 47–62. Springer, Heidelberg (2011) CrossRef

12.

Fischlin, M., Onete, C.: Terrorism in distance bounding: modeling terrorist-fraud resistance. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 414–431. Springer, Heidelberg (2013) CrossRef

13.

Hancke, G.P: Distance bounding for RFID: effectiveness of terrorist fraud. In: Conference on RFID-Technologies and Applications, RFID-TA 2012, Nice, France, pp. 91–96. IEEE (2012)

14.

Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: Conference on Security and Privacy for Emerging Areas in Communications Networks, SecureComm 2005, Athens, Greece, pp. 67-73. IEEE (2005)

15.

Hoeffding, W.: Probability inequalities for sums of bounded random variables. J. Am. Stat. Assoc. 58, 13–30 (1963)MATHMathSciNetCrossRef

16.

Kim, C.H., Avoine, G., Koeune, F., Standaert, F.-X., Pereira, O.: The swiss-knife RFID distance bounding protocol. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 98–115. Springer, Heidelberg (2009) CrossRef

17.

Vaudenay, S.: On modeling terrorist frauds. In: Susilo, W., Reyhanitabar, R. (eds.) ProvSec 2013. LNCS, vol. 8209, pp. 1–20. Springer, Heidelberg (2013) CrossRef

Title: Practical and Provably Secure Distance-Bounding
Authors: Ioana Boureanu
Aikaterini Mitrokotsa
Serge Vaudenay
Publisher: Springer International Publishing
Book: Information Security
Print ISBN: 978-3-319-27658-8

Electronic ISBN: 978-3-319-27659-5

Copyright Year: 2015
DOI: https://doi.org/10.1007/978-3-319-27659-5_18

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner