Terrorism in Distance Bounding: Modeling Terrorist-Fraud Resistance
In distance-bounding protocols, verifiers use a clock to measure the time elapsed in challenge-response rounds, thus upper-bounding their distance to the prover. This should prevent man-in-the-middle (MITM) relay attacks. Distance-bounding protocols may aim to prevent several attacks, amongst which terrorist fraud, where a dishonest prover helps the adversary to authenticate, but without passing data that allows the adversary to later authenticate on its own. Two definitions of terrorist-fraud resistance exist: a very strong notion due to Dürholz et al.  (which we call SimTF security), and a weaker, fuzzier notion due to Avoine et al. . Recent work  indicates that the classical countermeasures to terrorist fraud, though intuitively sound, do not grant SimTF security. Two questions are posed in : (1) Is SimTF security achievable? and (2) Can we find a definition of terrorist-fraud resistance which both captures the intuition behind it and enables efficient constructions?
We answer both questions affirmatively. For (1) we show the first provably SimTF secure distance-bounding scheme in the literature, though superior terrorist-fraud resistance comes here at the cost of security. For (2) we provide a game-based definition for terrorist-fraud resistance (called GameTF security) that captures the intuition suggested in , is formalized in the style of , and is strong enough for practical applications. We also prove that the SimTF-insecure  Swiss-Knife protocol isGameTF-secure. We argue that high-risk scenarios require a stronger security level, closer to SimTF security. Our SimTF secure scheme is also strSimTF secure.
Unable to display preview. Download preview PDF.
- 1.Avoine, G., Bingol, M.A., Karda, S., Lauradoux, C., Martin, B.: A formal framework for analyzing RFID distance bounding protocols. Journal of Computer Security - Special Issue on RFID System Security (2010)Google Scholar
- 2.Avoine, G., Lauradoux, C., Martin, B.: How secret-sharing can defeat terrorist fraud. In: Proceedings of the Fourth ACM Conference on Wireless Network Security, WISEC 2011, pp. 145–156. ACM Press (2011)Google Scholar
- 4.Desmedt, Y.: Major security problems with the ‘unforgeable’ (feige)-fiat-shamir proofs of identity and how to overcome them. In: SecuriCom, pp. 15–17. SEDEP Paris, France (1988)Google Scholar
- 5.Drimer, S., Murdoch, S.J.: Keep your enemies close: distance bounding against smartcard relay attacks. In: Proc. of the 16th USENIX Security Symposium on USENIX Security Symposium, article no. 7. ACM Press (2007)Google Scholar
- 7.Fischlin, M., Onete, C.: Provably secure distance-bounding: an analysis of prominent protocols. Accepted at the 6th Conference on Security and Privacy in Wireless and Mobile Networks ACM WISec 2013, Proceedings will follow (2013), http://eprint.iacr.org/2012/128.pdf
- 8.Francillon, A., Danev, B., Čapkun, S.: Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars (2010), http://eprint.iacr.org/2010/332
- 10.Hancke, G.P.: A practical relay attack on ISO 14443 proximity cards (2005), http://www.cl.cam.ac.uk/gh275/relay.pdf
- 11.Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: SECURECOMM, pp. 67–73. ACM Press (2005)Google Scholar
- 12.Hlaváč, M., Tomáč, R.: A Note on the Relay Attacks on e-Passports (2007), http://eprint.iacr.org/2007/244.pdf
- 13.Kfir, Z., Wool, A.: Picking virtual pockets using relay attacks on contactless smartcard systems. In: Conference on Security and Privacy for Emergency Areas in Communication Networks – SecureComm 2005, pp. 47–58. IEEE (2005)Google Scholar
- 16.Oren, Y., Wool, A.: Relay attacks on RFID-based electronic voting systems. Cryptology ePrint Archive, Report 2009/442 (2009), http://eprint.iacr.org/2009/422.pdf
- 18.Reid, J., Nieto, J.M.G., Tang, T., Senadji, B.: Detecting relay attacks with timing-based protocols. In: ASIACCS, pp. 204–213. ACM Press (2007)Google Scholar