Abstract
In distance-bounding protocols, verifiers use a clock to measure the time elapsed in challenge-response rounds, thus upper-bounding their distance to the prover. This should prevent man-in-the-middle (MITM) relay attacks. Distance-bounding protocols may aim to prevent several attacks, amongst which terrorist fraud, where a dishonest prover helps the adversary to authenticate, but without passing data that allows the adversary to later authenticate on its own. Two definitions of terrorist-fraud resistance exist: a very strong notion due to Dürholz et al. [6] (which we call SimTF security), and a weaker, fuzzier notion due to Avoine et al. [1]. Recent work [7] indicates that the classical countermeasures to terrorist fraud, though intuitively sound, do not grant SimTF security. Two questions are posed in [7]: (1) Is SimTF security achievable? and (2) Can we find a definition of terrorist-fraud resistance which both captures the intuition behind it and enables efficient constructions?
We answer both questions affirmatively. For (1) we show the first provably SimTF secure distance-bounding scheme in the literature, though superior terrorist-fraud resistance comes here at the cost of security. For (2) we provide a game-based definition for terrorist-fraud resistance (called GameTF security) that captures the intuition suggested in [1], is formalized in the style of [6], and is strong enough for practical applications. We also prove that the SimTF-insecure [7] Swiss-Knife protocol is GameTF-secure. We argue that high-risk scenarios require a stronger security level, closer to SimTF security. Our SimTF secure scheme is also strSimTF secure.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Avoine, G., Bingol, M.A., Karda, S., Lauradoux, C., Martin, B.: A formal framework for analyzing RFID distance bounding protocols. Journal of Computer Security - Special Issue on RFID System Security (2010)
Avoine, G., Lauradoux, C., Martin, B.: How secret-sharing can defeat terrorist fraud. In: Proceedings of the Fourth ACM Conference on Wireless Network Security, WISEC 2011, pp. 145–156. ACM Press (2011)
Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)
Desmedt, Y.: Major security problems with the ‘unforgeable’ (feige)-fiat-shamir proofs of identity and how to overcome them. In: SecuriCom, pp. 15–17. SEDEP Paris, France (1988)
Drimer, S., Murdoch, S.J.: Keep your enemies close: distance bounding against smartcard relay attacks. In: Proc. of the 16th USENIX Security Symposium on USENIX Security Symposium, article no. 7. ACM Press (2007)
Dürholz, U., Fischlin, M., Kasper, M., Onete, C.: A formal approach to distance-bounding RFID protocols. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 47–62. Springer, Heidelberg (2011)
Fischlin, M., Onete, C.: Provably secure distance-bounding: an analysis of prominent protocols. Accepted at the 6th Conference on Security and Privacy in Wireless and Mobile Networks ACM WISec 2013, Proceedings will follow (2013), http://eprint.iacr.org/2012/128.pdf
Francillon, A., Danev, B., Čapkun, S.: Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars (2010), http://eprint.iacr.org/2010/332
Haataja, K., Toivanen, P.: Two practical man-in-the-middle attacks on bluetooth secure simple pairing and countermeasures. Transactions on Wireless Communications 9(1), 384–392 (2010)
Hancke, G.P.: A practical relay attack on ISO 14443 proximity cards (2005), http://www.cl.cam.ac.uk/gh275/relay.pdf
Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: SECURECOMM, pp. 67–73. ACM Press (2005)
Hlaváč, M., Tomáč, R.: A Note on the Relay Attacks on e-Passports (2007), http://eprint.iacr.org/2007/244.pdf
Kfir, Z., Wool, A.: Picking virtual pockets using relay attacks on contactless smartcard systems. In: Conference on Security and Privacy for Emergency Areas in Communication Networks – SecureComm 2005, pp. 47–58. IEEE (2005)
Kim, C.H., Avoine, G., Koeune, F., Standaert, F.-X., Pereira, O.: The Swiss-Knife RFID distance bounding protocol. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 98–115. Springer, Heidelberg (2009)
Levi, A., Çetintaş, E., Aydos, M., Koç, Ç.K., Çağlayan, M.U.: Relay attacks on bluetooth authentication and solutions. In: Aykanat, C., Dayar, T., Körpeoğlu, İ. (eds.) ISCIS 2004. LNCS, vol. 3280, pp. 278–288. Springer, Heidelberg (2004)
Oren, Y., Wool, A.: Relay attacks on RFID-based electronic voting systems. Cryptology ePrint Archive, Report 2009/442 (2009), http://eprint.iacr.org/2009/422.pdf
Ranganathan, A., Tippenhauer, N.O., Škorić, B., Singelée, D., Čapkun, S.: Design and Implementation of a Terrorist Fraud Resilient Distance Bounding System. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 415–432. Springer, Heidelberg (2012)
Reid, J., Nieto, J.M.G., Tang, T., Senadji, B.: Detecting relay attacks with timing-based protocols. In: ASIACCS, pp. 204–213. ACM Press (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fischlin, M., Onete, C. (2013). Terrorism in Distance Bounding: Modeling Terrorist-Fraud Resistance. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds) Applied Cryptography and Network Security. ACNS 2013. Lecture Notes in Computer Science, vol 7954. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38980-1_26
Download citation
DOI: https://doi.org/10.1007/978-3-642-38980-1_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38979-5
Online ISBN: 978-3-642-38980-1
eBook Packages: Computer ScienceComputer Science (R0)