Secure and Lightweight Distance-Bounding

  • Ioana Boureanu
  • Aikaterini Mitrokotsa
  • Serge Vaudenay
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8162)

Abstract

Distance-bounding is a practical solution aiming to prevent relay attacks. The main challenge when designing such protocols is maintaining their inexpensive cryptographic nature, whilst being able to protect against as many, if not all, of the classical threats posed in their context. Moreover, in distance-bounding, some subtle security shortcomings related to the PRF (pseudorandom function) assumption and ingenious attack techniques based on observing verifiers’ outputs have recently been put forward. Also, the recent terrorist-fraud by Hancke somehow recalls once more the need to account for noisy communications in the security analysis of distance-bounding. In this paper, we attempt to incorporate the lessons taught by these new developments in our distance-bounding protocol design. The result is a new class of protocols, with increasing levels of security, accommodating the latest advances; at the same time, we preserve the lightweight nature of the design throughout the whole class.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Aumasson, J.-P., Mitrokotsa, A., Peris-Lopez, P.: A Note on a Privacy-Preserving Distance-Bounding Protocol. In: Qing, S., Susilo, W., Wang, G., Liu, D. (eds.) ICICS 2011. LNCS, vol. 7043, pp. 78–92. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  2. 2.
    Avoine, G., Bingöl, M., Kardas, S., Lauradoux, C., Martin, B.: A Framework for Analyzing RFID Distance Bounding Protocols. Journal of Computer Security 19(2), 289–317 (2011)Google Scholar
  3. 3.
    Avoine, G., Lauradoux, C., Martin, B.: How Secret-sharing can Defeat Terrorist Fraud. In: Proceedings of the 4th ACM Conference on Wireless Network Security – WiSec 2011, Hamburg, Germany. ACM Press (June 2011)Google Scholar
  4. 4.
    Bay, A., Boureanu, I., Mitrokotsa, A., Spulber, I., Vaudenay, S.: The Bussard-Bagga and Other Distance-Bounding Protocols under Attacks. In: Kutyłowski, M., Yung, M. (eds.) Inscrypt 2012. LNCS, vol. 7763, pp. 371–391. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  5. 5.
    Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Provably Secure Authenticated Distance-Bounding (submitted)Google Scholar
  6. 6.
    Boureanu, I., Mitrokotsa, A., Vaudenay, S.: On the Pseudorandom Function Assumption in (Secure) Distance-Bounding Protocols. In: Hevia, A., Neven, G. (eds.) LatinCrypt 2012. LNCS, vol. 7533, pp. 100–120. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  7. 7.
    Boureanu, I., Mitrokotsa, A., Vaudenay, S.: On secure distance bounding (extended abstract). In: The Early Symmetric Crypto Seminar, ESC 2013, pp. 52–60 (2013) ISBN 978-99959-814-0-2 Google Scholar
  8. 8.
    Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Towards secure distance bounding. In: The 20th Anniversary Annual Fast Software Encryption, FSE 2013 (to appear, 2013)Google Scholar
  9. 9.
    Brands, S., Chaum, D.: Distance-Bounding Protocols (Extended Abstract). In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  10. 10.
    Bussard, L., Bagga, W.: Distance-Bounding Proof of Knowledge Protocols to Avoid Terrorist Fraud Attacks. Technical Report RR-04-109, EURECOM (May 2004)Google Scholar
  11. 11.
    Bussard, L., Bagga, W.: Distance-bounding proof of knowledge to avoid real-time attacks. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds.) Security and Privacy in the Age of Ubiquitous Computing. IFIP AICT, vol. 181, pp. 223–238. Springer, Boston (2005)CrossRefGoogle Scholar
  12. 12.
    Čapkun, S., Buttyán, L., Hubaux, J.-P.: SECTOR: Secure Tracking of Node Encounters in Multi-hop Wireless Networks. In: ACM Workshop on Security of Ad Hoc and Sensor Networks - SASN, pp. 21–32. ACM (2003)Google Scholar
  13. 13.
    Cremers, C., Rasmussen, K.B., Čapkun, S.: Distance hijacking attacks on distance bounding protocols. In: IEEE Symposium on Security and Privacy, pp. 113–127 (2012)Google Scholar
  14. 14.
    Dimitrakakis, C., Mitrokotsa, A., Vaudenay, S.: Expected Loss Bounds for Authentication in Constrained Channels. In: Proceedings of INFOCOM 2012, Orlando, FL, USA, March 2012, pp. 478–85. IEEE press (March 2012)Google Scholar
  15. 15.
    Drimer, S., Murdoch, S.J.: Keep your enemies close: distance bounding against smartcard relay attacks. In: Proceedings of 16th USENIX Security Symposium, Berkeley, CA, USA, pp. 7:1–7:16. USENIX Association (2007)Google Scholar
  16. 16.
    Dürholz, U., Fischlin, M., Kasper, M., Onete, C.: A Formal Approach to Distance-Bounding RFID Protocols. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 47–62. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  17. 17.
    Fischlin, M., Onete, C.: Subtle kinks in distance-bounding: an analysis of prominent protocols. In: WISEC, pp. 195–206 (2013)Google Scholar
  18. 18.
    Goldreich, O.: Foundations of Cryptography, vol. 1. Cambridge University Press, New York (2006)Google Scholar
  19. 19.
    Özhan Gürel, A., Arslan, A., Akgün, M.: Non-uniform Stepping Approach to RFID Distance Bounding Problem. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cavalli, A., Leneutre, J. (eds.) DPM 2010 and SETOP 2010. LNCS, vol. 6514, pp. 64–78. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  20. 20.
    Hancke, G.P.: Distance-bounding for RFID: Effectiveness of ‘terrorist fraud’ in the presence of bit errors. In: RFID-TA, pp. 91–96 (2012)Google Scholar
  21. 21.
    Hancke, G.P., Kuhn, M.G.: An RFID Distance Bounding Protocol. In: SECURECOMM, pp. 67–73. ACM (2005)Google Scholar
  22. 22.
    Hoeffding, W.: Probability inequalities for sums of bounded random variables. Journal of the American Statistical Association 58(301), 13–30 (1963)MathSciNetMATHCrossRefGoogle Scholar
  23. 23.
    Kapoor, G., Zhou, W., Piramuthu, S.: Distance Bounding Protocol for Multiple RFID Tag Authentication. In: Xu, C.-Z., Guo, M. (eds.) Proceedings of the 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, EUC 2008, Shanghai, China, vol. 02, pp. 115–120. IEEE Computer Society (December 2008)Google Scholar
  24. 24.
    Kim, C.H., Avoine, G.: RFID Distance Bounding Protocol with Mixed Challenges to Prevent Relay Attacks. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 119–133. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  25. 25.
    Kim, C.H., Avoine, G., Koeune, F., Standaert, F.-X., Pereira, O.: The Swiss-Knife RFID Distance Bounding Protocol. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 98–115. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  26. 26.
    Mitrokotsa, A., Dimitrakakis, C., Peris-Lopez, P., Hernandez-Castro, J.C.: Reid et al.’s Distance Bounding Protocol and Mafia Fraud Attacks over Noisy Channels. IEEE Communications Letters 14(2), 121–123 (2010)CrossRefGoogle Scholar
  27. 27.
    Mitrokotsa, A., Onete, C., Vaudenay, S.: Mafia Fraud Attack against the RČ Distance-Bounding Protocol. In: Proceedings of the 2012 IEEE RFID Technology and Applications (IEEE RFID T-A), Nice, France, pp. 74–79. IEEE Press (November 2012)Google Scholar
  28. 28.
    Mitrokotsa, A., Peris-Lopez, P., Dimitrakakis, C., Vaudenay, S.: On selecting the nonce length in distance-bounding protocols. The Computer Journal (2013)Google Scholar
  29. 29.
    Munilla, J., Peinado, A.: Distance Bounding Protocols for RFID Enhanced by Using Void-challenges and Analysis in Noisy Channels. Wireless Communications and Mobile Computing 8, 1227–1232 (2008)CrossRefGoogle Scholar
  30. 30.
    Munilla, J., Peinado, A.: Security Analysis of Tu and Piramuthu’s Protocol. In: New Technologies, Mobility and Security – NTMS 2008, Tangier, Morocco, pp. 1–5. IEEE Computer Society (November 2008)Google Scholar
  31. 31.
    Munilla, J., Peinado, A.: Attacks on a Distance Bounding Protocol. Computer Communications 33, 884–889 (2010)CrossRefGoogle Scholar
  32. 32.
    Nikov, V., Vauclair, M.: Yet Another Secure Distance-Bounding Protocol. In: Proceedings of the Conference on Security and Cryptography (SECRYPT 2008), pp. 218–221 (July 2008)Google Scholar
  33. 33.
    Rasmussen, K.B., Čapkun, S.: Location Privacy of Distance Bounding. In: Proceedings of the Annual Conference on Computer and Communications Security (CCS), pp. 149–160. ACM (2008)Google Scholar
  34. 34.
    Reid, J., Nieto, J.M.G., Tang, T., Senadji, B.: Detecting Relay Attacks with Timing-based Protocols. In: ASIACCS 2007: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, pp. 204–213. ACM (2007)Google Scholar
  35. 35.
    Singelée, D., Preneel, B.: Distance Bounding in Noisy Environments. In: Stajano, F., Meadows, C., Capkun, S., Moore, T. (eds.) ESAS 2007. LNCS, vol. 4572, pp. 101–115. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  36. 36.
    Toiruul, B., Lee, K.O., Kim, J.M.: SLAP - A Secure but Light Authentication Protocol for RFID Based on Modular Exponentiation. In: International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies, pp. 29–34 (November 2007)Google Scholar
  37. 37.
    Tu, Y.-J., Piramuthu, S.: RFID Distance Bounding Protocols. In: Proceedings of the First International EURASIP Workshop on RFID Technology (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Ioana Boureanu
    • 1
  • Aikaterini Mitrokotsa
    • 2
  • Serge Vaudenay
    • 1
  1. 1.EPFLLausanneSwitzerland
  2. 2.University of Applied Sciences of Western Switzerland (HES-SO)GenevaSwitzerland

Personalised recommendations