EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
An RFID Distance Bounding Protocol
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Detecting relay attacks with timing-based protocols
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Networked RFID Systems and Lightweight Cryptography: Raising Barriers to Product Counterfeiting
Networked RFID Systems and Lightweight Cryptography: Raising Barriers to Product Counterfeiting
The Swiss-Knife RFID Distance Bounding Protocol
Information Security and Cryptology --- ICISC 2008
Security in RFID and Sensor Networks
Security in RFID and Sensor Networks
ISC '09 Proceedings of the 12th International Conference on Information Security
RFID Distance Bounding Protocol with Mixed Challenges to Prevent Relay Attacks
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
How secret-sharing can defeat terrorist fraud
Proceedings of the fourth ACM conference on Wireless network security
A formal approach to distance-bounding RFID protocols
ISC'11 Proceedings of the 14th international conference on Information security
Security analysis of two distance-bounding protocols
RFIDSec'11 Proceedings of the 7th international conference on RFID Security and Privacy
Distance Hijacking Attacks on Distance Bounding Protocols
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
Efficient, secure, private distance bounding without key updates
Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
Terrorism in distance bounding: modeling terrorist-fraud resistance
ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
| Hi-index | 0.00 |
Distance-bounding protocols prevent man-in-the-middle attacks by measuring response times. The four attacks such protocols typically address, recently formalized in [10], are: (1) mafia fraud, where the adversary must impersonate to a verifier in the presence of an honest prover; (2) terrorist fraud, where the adversary gets some offline prover support to impersonate; (3) distance fraud, where provers claim to be closer to verifiers than they really are; and (4) impersonations, where adversaries impersonate provers during lazy phases. Durholz et al. [10] also formally analyzed the security of (an enhancement of) the Kim-Avoine protocol [14]. In this paper we quantify the security of the following well-known distance-bounding protocols: Hancke and Kuhn [13], Reid et al. [16], the Swiss-Knife protocol [15], and the very recent proposal of Yang et al. [17]. Concretely, our main results show that (1) the usual terrorist-fraud countermeasure of relating responses to a long-term secret key may enable socalled key-learning mafia fraud attacks, where the adversary flips a single time-critical response to learn a key bit-by-bit; (2) though relating responses may allow mafia fraud, it sometimes enforces distance-fraud resistance by thwarting the attack of Boureanu et al. [5]; (3) none of the three allegedly terrorist-fraud resistant protocols, i.e. [15, 16, 17], is in fact terrorist fraud resistant; for the former two schemes this is a matter of syntax, attacks exploiting the strong formalization of [10]; the attack against the latter protocol of [17], however, is almost trivial; (4) unless key-update is done regardless of protocol completion, the protocol of Yang et al. is vulnerable to Denial-of-Service attacks. In light of our results, we also review definitions of terrorist fraud, arguing that, while the strong model in [10] may be at the moment more appropriate than mere intuition, it could be too strong to capture terrorist attacks.