Advertisement

A Note on a Privacy-Preserving Distance-Bounding Protocol

  • Jean-Philippe Aumasson
  • Aikaterini Mitrokotsa
  • Pedro Peris-Lopez
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7043)

Abstract

Distance bounding protocols enable a device to establish an upper bound on the physical distance to a communication partner so as to prevent location spoofing, as exploited by relay attacks. Recently, Rasmussen and Čapkun (ACM-CCS’08) observed that these protocols leak information on the location of the parties to external observers, which is undesirable in a number of applications—for example if the leaked information leads to the identification of the parties among a group of devices. To remedy this problem, these authors proposed a “privacy-preserving” distance bounding protocol, i.e. that leaks no information on the location of the parties. The present paper reports results from an in-depth security analysis of that new protocol, with as main result an attack that recovers the ephemeral secrets as well as the location information of the two parties for particular choices of parameters. Overall, our results do not contradict the preliminary security analysis by the designers, but rather extends it to other parts of the attack surface.

Keywords

wireless communication distance bounding privacy 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Papadimitratos, P., Poturalski, M., Schaller, P., Lafourcade, P., Basin, D., Čapkun, S., Hubaux, J.P.: Secure neighborhood discovery: a fundamental element for mobile ad hoc networking. IEEE Communications Magazine 46(2), 132–139 (2008)CrossRefGoogle Scholar
  2. 2.
    Sastry, N., Shankar, U., Wagner, D.: Secure verification of location claims. In: Proceedings of the 2nd ACM Workshop on Wireless Security (WiSe 2003), pp. 1–10 (2003)Google Scholar
  3. 3.
    BroadcastEngineering: TV GLOBO TVDR, Article available online at http://broadcastengineering.com/excellence-awards/tv-globo-tdvr/ (accessed January 11, 2011)
  4. 4.
    Francillion, A., Danev, B., Čapkun, S.: Relay attacks on passive keyless entry and start systems in modern cars. In: Cryptology ePrint Archive: Report 2010/332 (2010) (to appear in proceedings of NDSS 2011)Google Scholar
  5. 5.
    Brands, S., Chaum, D.: Distance Bounding Protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  6. 6.
    Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communication Networks (SECURECOMM 2005), pp. 67–73 (2005)Google Scholar
  7. 7.
    Tu, Y.J., Piramuthu, S.: RFID Distance Bounding Protocols. In: Proceedings of the First International EURASIP Workshop on RFID Technology (2007)Google Scholar
  8. 8.
    Munilla, J., Peinado, A.: Distance bounding protocols for RFID enhanced by using void-challenges and analysis in noisy channels. Wireless Communications and Mobile Computing 8(9), 1227–1232 (2008)CrossRefGoogle Scholar
  9. 9.
    Kim, C.H., Avoine, G., Koeune, F., Standaert, F.X., Pereira, O.: The Swiss-Knife RFID Distance Bounding Protocol. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 98–115. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Lee, J.Y., Scholtz, R.A.: Ranging in a dense multipath environment using an UWB radio link. IEEE Journal on Selected Areas in Communications 20(9) (2002)Google Scholar
  11. 11.
    Gezici, S., Tian, Z., Biannakis, G.B., Kobayashi, H., Molisch, A.F., Poor, V., Sahinoglu, Z.: Localization via ultra-wideband radius: a look at positioning aspects for future sensor networks. IEEE Signal Processing Magazine 22(4), 70–84 (2005)CrossRefGoogle Scholar
  12. 12.
    Kuhn, M., Luecken, H., Tippenhauer, N.O.: UWB impulse radio based distance bounding. In: Proceedings of the 7th Workshop on Positioning, Navigation and Communication 2010, WPNC 2010 (2010)Google Scholar
  13. 13.
    Čapkun, S., Buttyán, L., Hubaux, J.P.: SECTOR: secure tracking of node encounters in multi-hop wireless networks. In: Proceedings of the 2003 ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN 2003), pp. 21–32 (2003)Google Scholar
  14. 14.
    Singelee, D., Preneel, B.: Location verification using secure distance bounding protocols. In: Proceedings of the IEEE International Conference on Mobile Adhoc and Sensor Systems (MASS 2005), pp. 834–840 (2005)Google Scholar
  15. 15.
    Clulow, J., Hancke, G.P., Kuhn, M.G., Moore, T.: So near and yet so far: Distance-bounding attacks in wireless networks. In: Proceedings of the Third European Workshop on Security and Privacy in Ad hoc and Sensor Networks, pp. 83–97 (2006)Google Scholar
  16. 16.
    Meadows, C., Syverson, P., Chang, L.: Towards more efficient distance bounding protocols for use in sensor networks. In: Proceedings of the International Conference on Security and Privacy in Communication Networks (SECURECOMM 2006), pp. 1–5 (2006)Google Scholar
  17. 17.
    Čapkun, S., Hubaux, J.P.: Secure positioning of wireless devices with application to sensor networks. In: Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 2005), Miami, FL, USA, pp. 1917–1928 (2005)Google Scholar
  18. 18.
    Hu, Y.C., Perrig, A., Johnson, D.B.: Packet leashes: A defense against wormhole attacks in wireless networks. In: Proceedings of the 22nd Annual Joint Conference of the IEEE Computer and Communications (INFOCOM 2003), San Francisco, CA, USA, vol. 3, pp. 1976–1986 (2003)Google Scholar
  19. 19.
    Rasmussen, K.B., Čapkun, S.: Location privacy of distance bounding protocols. In: Proceedings of the 15th ACM Conference on Computer and Communications Security (ACM CCS 2008), pp. 149–160 (2008)Google Scholar
  20. 20.
    Zenner, E.: Nonce Generators and the Nonce Reset Problem. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 411–426. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  21. 21.
    Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd edn. Wiley (2008)Google Scholar
  22. 22.
    Boyer, R.S., Moore, J.S.: A fast string searching algorithm. Communications of the ACM 20(10), 762–772 (1977)CrossRefMATHGoogle Scholar
  23. 23.
    Bernstein, D.J.: Better price-performance rations for generalized birthday attacks. In: Proceedings of the International Conference on Special-purpose Hardware for Attacking Cryptographic Systems, SHARCS 2007 (2007)Google Scholar
  24. 24.
    Schimmler, M.: Fast sorting on the instruction systolic array. Technical Report 8709, Christian-Albrechts Universität Kiel (1987)Google Scholar
  25. 25.
    Schnorr, C.P., Shamir, A.: An optimal sorting algorithm for mesh connected computers. In: Proceedings of the 18th Annual ACM Symposium on Theory of Computing (STOC 1986), pp. 255–263 (1986)Google Scholar
  26. 26.
    Percival, C.: Encrypt-then-MAC. Blog entry on Daemonic Dispatches, http://www.daemonology.net/blog/2009-06-24-encrypt-then-mac.html (accessed January 11, 2011)
  27. 27.
    Munilla, J., Peinado, A.: Distance bounding protocols for RFID enhanced by using void-challenges and analysis in noisy channels. Wireless Communications and Mobile Computing 8(9), 1227–1232 (2008)CrossRefGoogle Scholar
  28. 28.
    Bussard, L., Bagga, W.: Distance-bounding proof of knowledge to avoid real-time attacks. In: Security and Privacy in the Age of Ubiquitous Computing. IFIP AICT, pp. 223–238 (2005)Google Scholar
  29. 29.
    Reid, J., Gonzalez Nieto, J.M., Tang, T., Senadji, B.: Detecting relay attacks with timing-based protocols. In: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security (ASIACCS 2007), pp. 204–213. ACM, Singapore (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Jean-Philippe Aumasson
    • 1
  • Aikaterini Mitrokotsa
    • 2
  • Pedro Peris-Lopez
    • 3
  1. 1.NagravisionSwitzerland
  2. 2.EPFLSwitzerland
  3. 3.TU DelftNetherlands

Personalised recommendations