Gildas Avoine
ABSTRACT
Distance-bounding protocols have been introduced to thwart relay attacks against contactless authentication protocols. In this context, verifiers have to authenticate the credentials of untrusted provers. Unfortunately, these protocols are themselves subject to complex threats such as terrorist-fraud attacks, in which a malicious prover helps an accomplice to authenticate. Provably guaranteeing the resistance of distance-bounding protocols to these attacks is complex. The classical solutions assume that rational provers want to protect their long-term authentication credentials, even with respect to their accomplices. Thus, terrorist-fraud resistant protocols generally rely on artificial extraction mechanisms, ensuring that an accomplice can retrieve the credential of his partnering prover, if he is able to authenticate. We propose a novel approach to obtain provable terrorist-fraud resistant protocols that does not rely on an accomplice being able to extract any long-term key. Instead, we simply assume that he can replay the information received from the prover. Thus, rational provers should refuse to cooperate with third parties if they can impersonate them freely afterwards. We introduce a generic construction for provably secure distance-bounding protocols, and give three instances of this construction: (1) an efficient symmetric-key protocol, (2) a public-key protocol protecting the identities of provers against external eavesdroppers, and finally (3) a fully anonymous protocol protecting the identities of provers even against malicious verifiers that try to profile them.
- Ahmadi, A., and Safavi-Naini, R. Privacy-preserving distance-bounding proof-of-knowledge. In Proc. of the 16th Int. Conf. on Information and Communications Security - Revised Selected Papers, LNCS. Springer, 2014, pp. 74--88. Google Scholar
Digital Library
- Avoine, G., Bingöl, M. A., Kardaş, S., Lauradoux, C., and Martin, B. A formal framework for analyzing RFID distance bounding protocols. Journal of Computer Security - Special Issue on RFID System Security 19, 2 (2010), 289--317. Google ScholarDigital Library
- Avoine, G., Lauradoux, C., and Martin, B. How secret-sharing can defeat terrorist fraud. In Proc. of WiSec (2011), ACM, pp. 145--156. Google ScholarDigital Library
- Bengio, S., Brassard, G., Desmedt, Y. G., Goutier, C., and Quisquater, J.-J. Secure implementation of identification systems. Journal of Cryptology 4, 3 (1991), 175--183. Google ScholarDigital Library
- Boureanu, I., Mitrokotsa, A., and S.Vaudenay. Secure and lightweight distance-bounding. In Proc. of LightSec (2013), LNCS, Springer, pp. 97--113.Google Scholar
- Boureanu, I., Mitrokotsa, A., and Vaudenay, S. On the pseudorandom function assumption in (secure) distance-bounding protocols: PRF-ness alone does not stop the frauds! In Proc. of the 2nd Int. Conf. on Cryptology and Information Security in Latin America (2012), LNCS, Springer, pp. 100--120. Google ScholarDigital Library
- Boureanu, I., Mitrokotsa, A., and Vaudenay, S. Practical & provably secure distance-bounding. Cryptology ePrint Archive, Report 2013/465, 2013.Google Scholar
- Boureanu, I., Mitrokotsa, A., and Vaudenay, S. Towards secure distance bounding. In Proc. of Fast Software Encryption, LNCS. Springer, 2014, pp. 55--67.Google Scholar
- Boureanu, I., and Vaudenay, S. Optimal proximity proofs. In Proc. 10th Int. Conf. Inscrypt 2014 (2014), LNCS, Springer, pp. 170--190.Google Scholar
- Brands, S., and Chaum, D. Distance-bounding protocols. In Proc. of Advances in Cryptology -- EUROCRYPT (1993), LNCS, Springer, pp. 344--359. Google ScholarDigital Library
- Brelurut, A., Gérault, D., and Lafourcade, P. Survey of distance bounding protocols and threats. In Proc. of 8th Int. Symp. on Foundations and Practice of Security (2015), LNCS, Springer, pp. 29--49.Google Scholar
- Bultel, X., Gambs, S., Gérault, D., Lafourcade, P., Onete, C., and Robert, J.-M. A prover-anonymous and terrorist-fraud resistant distance-bounding protocol. In Proc. of WiSec (2016), ACM. Google ScholarDigital Library
- Bussard, L., and Bagga, W. Distance-bounding proof of knowledge to avoid real-time attacks. In Proc. of Security and Privacy in the Age of Ubiquitous Computing (2005), IFIP International Federation for Information Processing, Springer, pp. 222--238.Google Scholar
- Cremers, C., Rasmussen, K. B., Schmidt, B., and Capkun, S. Distance hijacking attacks on distance bounding protocols. In Proc. of IEEE Symp. on Security and Privacy (2012), IEEE, pp. 113--127. Google ScholarDigital Library
- Dürholz, U., Fischlin, M., Kasper, M., and Onete, C. A formal approach to distance bounding RFID protocols. In Proc. of ISC (2011), vol. 7001 of LNCS, Springer, pp. 47--62. Google ScholarDigital Library
- Dürholz, U., Fischlin, M., Kasper, M., and Onete, C. A formal approach to distance-bounding RFID protocols. In Proc. of Int. Conf. on Information Security, LNCS. Springer, 2011, pp. 47--62. Google ScholarDigital Library
- Fischlin, M., and Onete, C. Terrorism in distance bounding: Modeling terrorist fraud resistance. In Proc. of ACNS (2013), LNCS, Springer, pp. 414--431. Google ScholarDigital Library
- Gambs, S., Killijian, M., and del Prado Cortez, M. N. Show me how you move and I will tell you who you are. Trans. Data Privacy 4, 2 (2011), 103--126. Google ScholarDigital Library
- Gambs, S., Onete, C., and Robert, J.-M. Prover anonymous and deniable distance-bounding authentication. In Proc. of AsiaCCS (2014), ACM, pp. 501--506. Google ScholarDigital Library
- Hermans, J., Peeters, R., and Onete, C. Efficient, secure, private distance bounding without key updates. In Proc. of WiSec (2013), ACM, pp. 207--218. Google ScholarDigital Library
- Kim, C. H., Avoine, G., Koeune, F., Standaert, F., and Pereira, O. The Swiss-Knife RFID distance bounding protocol. In Proc. of Information Security and Cryptology (2008), LNCS, Springer, pp. 98--115.Google Scholar
- Nakanishi, T., Fujii, H., Hira, Y., and Funabiki, N. Revocable group signature schemes with constant costs for signing and verifying. In Proc. of Public Key Cryptography, LNCS. Springer, 2009, pp. 463--480. Google ScholarDigital Library
- Shoup, V. Sequences of games: a tool for taming complexity in security proofs, 2004. URL: http://eprint.iacr.org/2004/332.Google Scholar
- Vaudenay, S. On privacy models for RFID. In Proc. of Advances in Cryptology -- Asiacrypt (2007), LNCS, Springer, pp. 68--87. Google ScholarDigital Library
- Vaudenay, S. Private and secure public-key distance bounding: Application to NFC payment. In Proc. of Financial Cryptography (2015), LNCS, Springer, pp. 207--216.Google Scholar
- Vaudenay, S. Sound proof of proximity of knowledge. In Proc. of 9th Int. Conf. ProvSec (2015), LNCS, Springer, pp. 105--126. Google ScholarDigital Library
Index Terms
- A Terrorist-fraud Resistant and Extractor-free Anonymous Distance-bounding Protocol
Recommendations
Prover anonymous and deniable distance-bounding authentication
ASIA CCS '14: Proceedings of the 9th ACM symposium on Information, computer and communications securityIn distance-bounding authentication protocols, a verifier assesses that a prover is (1) legitimate and (2) in the verifier's proximity. Proximity checking is done by running time-critical exchanges between both parties. This enables the verifier to ...
A Prover-Anonymous and Terrorist-Fraud Resistant Distance-Bounding Protocol
WiSec '16: Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile NetworksContactless communications have become omnipresent in our daily lives, from simple access cards to electronic passports. Such systems are particularly vulnerable to relay attacks, in which an adversary relays the messages from a prover to a verifier. ...
An Ultra-Lightweight Mutual Authentication Protocol Based on LPN Problem with Distance Fraud Resistant
AbstractRFID tags are one of the main enablers of the internet of things. All objects have to be equipped with an electronic product code such as RFID tags. Because of minimizing the price, RFID environments are resource-scarce, then designing ultra-...
Comments