Optimality Results on the Security of Lookup-Based Protocols
Distance-bounding protocols use the round-trip time of a challenge-response cycle to provide an upper-bound on the distance between prover and verifier. In order to obtain an accurate upper-bound, the computation time at the prover’s side should be as short as possible, which can be achieved by precomputing the responses and storing them in a lookup table. However, such lookup-based distance bounding protocols suffer from a trade-off between the achieved security level and the size of the lookup table. In this paper, we study this security-memory trade-off problem for a large class of lookup-based distance bounding protocols; called layered protocols. Relying on an automata-based security model, we provide mathematical definitions for different design decisions used in previous lookup-based protocols, and perform general security analyses for each of them. We also formalize an interpretation of optimal trade-off and find a non-trivial protocol transformation approach towards optimality. That is to say, our transformation applied to any layered protocol results in either an improved or an equal protocol with respect to the optimality criterion. This transformation allows us to provide a subclass of lookup-based protocol that cannot be improved further, which means that it contains an optimal layered protocol.
KeywordsDistance bounding RFID Security Mafia-fraud Relay attack
- 2.Avoine, G., Tchamkerten, A.: An efficient distance bounding rfid authentication protocol: balancing false-acceptance rate and memory requirement. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 250–261. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-04474-8_21 CrossRefGoogle Scholar
- 7.Özhan Gürel, A., Arslan, A., Akgün, M.: Non-uniform stepping approach to rfid distance bounding problem. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cavalli, A., Leneutre, J. (eds.) DPM/SETOP -2010. LNCS, vol. 6514, pp. 64–78. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19348-4_6 CrossRefGoogle Scholar
- 8.Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm-2005), Athens, Greece, 5–9 September 2005, pp. 67–73. IEEE Computer Society, Washington, DC (2005)Google Scholar
- 12.Mauw, S., Toro-Pozo, J., Trujillo-Rasua, R.: A Class of precomputation-based distance-bounding protocols. In: Proceedings of the 1st IEEE European Symposium on Security and Privacy - EuroS&P’16. Saarbrücken, Germany (2016)Google Scholar