EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
A Threshold Pseudorandom Function Construction and Its Applications
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
An RFID Distance Bounding Protocol
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Detecting relay attacks with timing-based protocols
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Keep your enemies close: distance bounding against smartcard relay attacks
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Distance Bounding Protocol for Multiple RFID Tag Authentication
EUC '08 Proceedings of the 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing - Volume 02
The Swiss-Knife RFID Distance Bounding Protocol
Information Security and Cryptology --- ICISC 2008
ISC '09 Proceedings of the 12th International Conference on Information Security
RFID Distance Bounding Protocol with Mixed Challenges to Prevent Relay Attacks
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
How secret-sharing can defeat terrorist fraud
Proceedings of the fourth ACM conference on Wireless network security
A formal approach to distance-bounding RFID protocols
ISC'11 Proceedings of the 14th international conference on Information security
Efficient, secure, private distance bounding without key updates
Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
Elliptic curve-based RFID/NFC authentication with temperature sensor input for relay attacks
Decision Support Systems
Hi-index | 0.00 |
In this paper, we show that many formal and informal security results on distance-bounding (DB) protocols are incorrect/ incomplete. We identify that this inadequacy stems from the fact that the pseudorandom function (PRF) assumption alone, invoked in many security claims, is insufficient. To this end, we identify two distinct shortcomings of invoking the PRF assumption alone: one leads to distance-fraud attacks, whilst the other opens for man-in-the-middle (MiM) attacks. First, we describe ---in a more unitary, formal fashion--- why assuming that a family of functions classically used inside DB protocols is solely a PRF is unsatisfactory and what generic security flaws this leads to. Then, we present concrete constructions that disprove the PRF-based claimed security of several DB protocols in the literature; this is achieved by using some PRF programming techniques. Whilst our examples may be considered contrived, the overall message is clear: the PRF assumption should be strengthened in order to attain security against distance-fraud and MiM attacks in distance-bounding protocols!