EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Authenticating public terminals
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
Special Uses and Sbuses of the Fiat-Shamir Passport Protocol
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
Identification Tokens - or: Solving the Chess Grandmaster Problem
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
An RFID Distance Bounding Protocol
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
An asymmetric security mechanism for navigation signals
IH'04 Proceedings of the 6th international conference on Information Hiding
So near and yet so far: distance-bounding attacks in wireless networks
ESAS'06 Proceedings of the Third European conference on Security and Privacy in Ad-Hoc and Sensor Networks
Wormhole attacks in wireless networks
IEEE Journal on Selected Areas in Communications
Attacks on time-of-flight distance bounding channels
WiSec '08 Proceedings of the first ACM conference on Wireless network security
A Demonstrative Ad Hoc Attestation System
ISC '08 Proceedings of the 11th international conference on Information Security
Location privacy of distance bounding protocols
Proceedings of the 15th ACM conference on Computer and communications security
Proceedings of the 15th ACM conference on Computer and communications security
Attacking the BitLocker Boot Process
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
Attacking smart card systems: Theory and practice
Information Security Tech. Report
ID-based secure distance bounding and localization
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Influence of user perception, security needs, and social factors on device pairing method choices
Proceedings of the Sixth Symposium on Usable Privacy and Security
Realization of RF distance bounding
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Design of a secure distance-bounding channel for RFID
Journal of Network and Computer Applications
Non-uniform stepping approach to RFID distance bounding problem
DPM'10/SETOP'10 Proceedings of the 5th international Workshop on data privacy management, and 3rd international conference on Autonomous spontaneous security
A framework for analyzing RFID distance bounding protocols
Journal of Computer Security - 2010 Workshop on RFID Security (RFIDSec'10 Asia)
How secret-sharing can defeat terrorist fraud
Proceedings of the fourth ACM conference on Wireless network security
Formal Reasoning about Physical Properties of Security Protocols
ACM Transactions on Information and System Security (TISSEC)
Group distance bounding protocols
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
A formal approach to distance-bounding RFID protocols
ISC'11 Proceedings of the 14th international conference on Information security
A secure distance-based RFID identification protocol with an off-line back-end database
Personal and Ubiquitous Computing
Multichannel protocols to prevent relay attacks
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
SP'11 Proceedings of the 19th international conference on Security Protocols
Make noise and whisper: a solution to relay attacks
SP'11 Proceedings of the 19th international conference on Security Protocols
Location-aware and safer cards: enhancing RFID security and privacy via location sensing
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
LATINCRYPT'12 Proceedings of the 2nd international conference on Cryptology and Information Security in Latin America
Threshold-Based Location-Aware Access Control
International Journal of Handheld Computing Research
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Terrorism in distance bounding: modeling terrorist-fraud resistance
ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
Elliptic curve-based RFID/NFC authentication with temperature sensor input for relay attacks
Decision Support Systems
Hi-index | 0.00 |
Modern smartcards, capable of sophisticated cryptography, provide a high assurance of tamper resistance and are thus commonly used in payment applications. Although extracting secrets out of smartcards requires resources beyond the means of many would-be thieves, the manner in which they are used can be exploited for fraud. Cardholders authorize financial transactions by presenting the card and disclosing a PIN to a terminal without any assurance as to the amount being charged or who is to be paid, and have no means of discerning whether the terminal is authentic or not. Even the most advanced smartcards cannot protect customers from being defrauded by the simple relaying of data from one location to another. We describe the development of such an attack, and show results from live experiments on the UK's EMV implementation, Chip & PIN. We discuss previously proposed defences, and show that these cannot provide the required security assurances. A new defence based on a distance bounding protocol is described and implemented, which requires only modest alterations to current hardware and software. As far as we are aware, this is the first complete design and implementation of a secure distance bounding protocol. Future smartcard generations could use this design to provide cost-effective resistance to relay attacks, which are a genuine threat to deployed applications. We also discuss the security-economics impact to customers of enhanced authentication mechanisms.