Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden.
powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden.
powered by
Abstract
Provably secure distance-bounding is a rising subject, yet an unsettled one; indeed, very few distance-bounding protocols, with formal security proofs, have been proposed. In fact, so far only two protocols, namely SKI (by Boureanu et al.) and FO (by Fischlin and Onete), offer all-encompassing security guaranties, i.e., resistance to distance-fraud, mafia-fraud, and terrorist-fraud. Matters like security, alongside with soundness, or added tolerance to noise do not always coexist in the (new) distance-bounding designs. Moreover, as we will show in this paper, efficiency and simultaneous protection against all frauds seem to be rather conflicting matters, leading to proposed solutions which were/are sub-optimal. In fact, in this recent quest for provable security, efficiency has been left in the shadow. Notably, the tradeoffs between the security and efficiency have not been studied. In this paper, we will address these limitations, setting the “security vs. efficiency” record straight.
Concretely, by combining ideas from SKI and FO, we propose symmetric protocols that are efficient, noise-tolerant and—at the same time—provably secure against all known frauds. Indeed, our new distance-bounding solutions outperform the two aforementioned provably secure distance-bounding protocols. For instance, with a noise level of \(5\,\%\), we obtain the same level of security as those of the pre-existent protocols, but we reduce the number of rounds needed from 181 to 54.
Anzeige
Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.
In [33], a protocol with two bits of challenges and one bit of response achieving \(\alpha =\mathsf {Tail}(n,\tau ,\frac{1}{3})\) is proposed. But it actually works with \(\mathsf {num}_r=3\) as it allows response 0, response 1, and no response.
We take the FO protocol as described in [30] since the original one from [18] introduces two counters and has an incorrect parameter \(p_e\). The one from [30] has been shown to provide an optimal expression for \(p_e\).