Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Rate-One AE with Security Under RUP Kapitel lesen Erstes Kapitel lesen

2017 | OriginalPaper | Buchkapitel

Contactless Access Control Based on Distance Bounding

verfasst von : Handan Kılınç, Serge Vaudenay

Erschienen in: Information Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Contactless access control systems are critical for security but often vulnerable to relay attacks. In this paper, we define an integrated security and privacy model for access control using distance bounding (DB) which is the most robust solution to prevent relay attacks. We show how a secure DB protocol can be converted to a secure contactless access control protocol. Regarding privacy (i.e., keeping anonymity in strong sense to an active adversary), we show that the conversion does not always preserve privacy but it is possible to study it on a case by case basis. Finally, we provide two example protocols and prove their security and privacy according to our new models.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Watermarking Public-Key Cryptographic Functionalities and Implementations
Nächstes Kapitel Improving Gait Cryptosystem Security Using Gray Code Quantization and Linear Discriminant Analysis
Fußnoten
1
A malicious user can behave maliciously in an AC protocol and retrieve some information which may help him to attack the DB protocol which is composed with this AC protocol.
 
2
Door is a representation of the system or service that a user desires to access.
 
3
This can also correspond to a user who is the owner of T to input whatever requests he wants into his tag.
 
4
For simplicity, we assume that the instance C of the controller is at the same location as \( R_k \) but the time of communication between \( R_k \) and C should have no influence on the result. The difference between C and \( R_k \) only makes sense for practical reasons.
 
5
OPACITY is basically a key agreement protocol where the authentication of a tag is done with this key.
 
Literatur
1.
Alliance, S.C.: Using smart cards for secure physical access. Smart Card Alliance Report, 54 (2003)
2.
Alliance, S.C.: Industry technical contributions: OPACITY (2013)
3.
Avoine, G., Dysli, E., Oechslin, P.: Reducing time complexity in RFID systems. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 291–306. Springer, Heidelberg (2006). doi:10.​1007/​11693383_​20 CrossRef
4.
5.
Boureanu, I., Vaudenay, S.: Optimal proximity proofs. In: Lin, D., Yung, M., Zhou, J. (eds.) Inscrypt 2014. LNCS, vol. 8957, pp. 170–190. Springer, Cham (2015). doi:10.​1007/​978-3-319-16745-9_​10
6.
7.
Dagdelen, Ö., Fischlin, M., Gagliardoni, T., Marson, G.A., Mittelbach, A., Onete, C.: A cryptographic analysis of OPACITY. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 345–362. Springer, Heidelberg (2013). doi:10.​1007/​978-3-642-40203-6_​20 CrossRef
8.
Degabriele, J.P., Fehr, V., Fischlin, M., Gagliardoni, T., Günther, F., Marson, G.A., Mittelbach, A., Paterson, K.G.: Unpicking PLAID. In: Chen, L., Mitchell, C. (eds.) SSR 2014. LNCS, vol. 8893, pp. 1–25. Springer, Cham (2014). doi:10.​1007/​978-3-319-14054-4_​1
9.
Desmedt, Y.: Major security problems with the “unforgeable” (Feige-) Fiat-Shamir proofs of identity and how to overcome them. In: Congress on Computer and Communication Security and Protection Securicom, pp. 147–159. SEDEP, Paris (1988)
10.
Dürholz, U., Fischlin, M., Kasper, M., Onete, C.: A formal approach to distance-bounding RFID protocols. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 47–62. Springer, Heidelberg (2011). doi:10.​1007/​978-3-642-24861-0_​4 CrossRef
11.
Fischlin, M., Onete, C.: Terrorism in distance bounding: modeling terrorist-fraud resistance. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 414–431. Springer, Heidelberg (2013). doi:10.​1007/​978-3-642-38980-1_​26 CrossRef
12.
Francillon, A., Danev, B., Capkun, S.: Relay attacks on passive keyless entry and start systems in modern cars. In: NDSS (2011)
13.
Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Practical NFC peer-to-peer relay attack using mobile phones. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 35–49. Springer, Heidelberg (2010). doi:10.​1007/​978-3-642-16822-2_​4 CrossRef
14.
C.A. Government’s Department of Human Services (DHS). Protocol for lightweight authentication of identity (PLAID) (2010)
15.
Ha, J.H., Moon, S.J., Zhou, J., Ha, J.C.: A new formal proof model for RFID location privacy. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 267–281. Springer, Heidelberg (2008). doi:10.​1007/​978-3-540-88313-5_​18 CrossRef
16.
Hancke, G.P.: A practical relay attack on ISO 14443 proximity cards. Technical report, University of Cambridge Computer Laboratory, vol. 59, pp. 382–385 (2005)
17.
Hancke, G.P.: Practical attacks on proximity identification systems. In: 2006 IEEE Symposium on Security and Privacy, pp. 328–333. IEEE (2006)
18.
19.
Hermans, J., Peeters, R., Onete, C.: Efficient, secure, private distance bounding without key updates. In: WiSec, Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 207–218 (2013)
20.
Juels, A., Weis, S.A.: Defining strong privacy for RFID. ACM Trans. Inf. Syst. Secur. (TISSEC) 13(1), 7 (2009)CrossRef
21.
22.
Kim, C.H., Avoine, G., Koeune, F., Standaert, F.-X., Pereira, O.: The swiss-knife RFID distance bounding protocol. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 98–115. Springer, Heidelberg (2009). doi:10.​1007/​978-3-642-00730-9_​7 CrossRef
23.
Li, Y., Deng, R.H., Lai, J., Ma, C.: On two RFID privacy notions and their relations. ACM Trans. Inf. Syst. Secur. (TISSEC) 14(4), 30 (2011)CrossRef
24.
Markantonakis, K.: Practical relay attack on contactless transactions by using NFC mobile phones. Radio Freq. Identif. Syst. Secur. RFIDsec 12, 21 (2012)
25.
Mitrokotsa, A., Onete, C., Vaudenay, S.: Location leakage in distance bounding: why location privacy does not work. Comput. Secur. 45, 199–209 (2014)CrossRef
26.
27.
Okamoto, T., Pointcheval, D.: The gap-problems: a new class of problems for the security of cryptographic schemes. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 104–118. Springer, Heidelberg (2001). doi:10.​1007/​3-540-44586-2_​8 CrossRef
28.
Roland, M., Langer, J., Scharinger, J.: Applying relay attacks to Google Wallet. In: 2013 5th International Workshop on Near Field Communication (NFC), pp. 1–6. IEEE (2013)
29.
30.
31.
32.
33.
Wognsen, E.R., Karlsen, H.S., Calverley, M., Follin, M.N., Thomsen, B., Huttel, H.: A secure relay protocol for door access control. In: Proceedings of the Xii Brazilian Symposium on Information and Computer System Security. SBC-Sociedade Brasileira de Computação (2012)
34.
Yang, A., Zhuang, Y., Wong, D.S., Yang, G.: A new unpredictability-based RFID privacy model. In: Lopez, J., Huang, X., Sandhu, R. (eds.) NSS 2013. LNCS, vol. 7873, pp. 479–492. Springer, Heidelberg (2013). doi:10.​1007/​978-3-642-38631-2_​35 CrossRef
Metadaten
Titel
Contactless Access Control Based on Distance Bounding
verfasst von
Handan Kılınç
Serge Vaudenay
Copyright-Jahr
2017
Buch
Information Security

Print ISBN: 978-3-319-69658-4

Electronic ISBN: 978-3-319-69659-1

Copyright-Jahr: 2017

DOI
https://doi.org/10.1007/978-3-319-69659-1_11

Premium Partner

    Bildnachweise