Discrete vs. Dense Times in the Analysis of Cyber-Physical Security Protocols

  • Max KanovichEmail author
  • Tajana Ban Kirigin
  • Vivek Nigam
  • Andre Scedrov
  • Carolyn Talcott
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9036)


Many security protocols rely on the assumptions on the physical properties in which its protocol sessions will be carried out. For instance, Distance Bounding Protocols take into account the round trip time of messages and the transmission velocity to infer an upper bound of the distance between two agents. We classify such security protocols as Cyber-Physical. Time plays a key role in design and analysis of many of these protocols. This paper investigates the foundational differences and the impacts on the analysis when using models with discrete time and models with dense time. We show that there are attacks that can be found by models using dense time, but not when using discrete time. We illustrate this with a novel attack that can be carried out on most distance bounding protocols. In this attack, one exploits the execution delay of instructions during one clock cycle to convince a verifier that he is in a location different from his actual position. We propose a Multiset Rewriting model with dense time suitable for specifying cyber-physical security protocols. We introduce Circle-Configurations and show that they can be used to symbolically solve the reachability problem for our model. Finally, we show that for the important class of balanced theories the reachability problem is PSPACE-complete.


Unit Circle Round Trip Time Security Protocol Dense Time Reachability Problem 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Alur, R., Madhusudan, P.: Decision problems for timed automata: A survey. In: Bernardo, M., Corradini, F. (eds.) SFM-RT 2004. LNCS, vol. 3185, pp. 1–24. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    Basin, D.A., Capkun, S., Schaller, P., Schmidt, B.: Formal reasoning about physical properties of security protocols. ACM Trans. Inf. Syst. Secur. 14(2), 16 (2011)CrossRefGoogle Scholar
  3. 3.
    Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Practical & provably secure distance-bounding. IACR Cryptology ePrint Archive, 2013:465 (2013)Google Scholar
  4. 4.
    Brands, S., Chaum, D.: Distance-bounding protocols (extended abstract). In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  5. 5.
    Capkun, S., Hubaux, J.-P.: Secure positioning in wireless networks. IEEE Journal on Selected Areas in Communications 24(2), 221–232 (2006)CrossRefGoogle Scholar
  6. 6.
    Cervesato, I., Durgin, N.A., Lincoln, P., Mitchell, J.C., Scedrov, A.: A meta-notation for protocol analysis. In: CSFW, pp. 55–69 (1999)Google Scholar
  7. 7.
    Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C.: All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350. Springer, Heidelberg (2007)zbMATHGoogle Scholar
  8. 8.
    Corin, R., Etalle, S., Hartel, P.H., Mader, A.: Timed analysis of security protocols. J. Comput. Secur. 15(6), 619–645 (2007)Google Scholar
  9. 9.
    Cremers, C.J.F., Rasmussen, K.B., Schmidt, B., Capkun, S.: Distance hijacking attacks on distance bounding protocols. In: SP (2012)Google Scholar
  10. 10.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)CrossRefzbMATHMathSciNetGoogle Scholar
  11. 11.
    Durgin, N.A., Lincoln, P., Mitchell, J.C., Scedrov, A.: Multiset rewriting and the complexity of bounded security protocols. Journal of Computer Security 12(2), 247–311 (2004)Google Scholar
  12. 12.
    Enderton, H.B.: A mathematical introduction to logic. Academic Press (1972)Google Scholar
  13. 13.
    Escobar, S., Meadows, C., Meseguer Maude-NPA, J.: Cryptographic Protocol Analysis Modulo Equational Properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009)Google Scholar
  14. 14.
    Ganeriwal, S., Pöpper, C., Capkun, S., Srivastava, M.B.: Secure time synchronization in sensor networks. ACM Trans. Inf. Syst. Secur., 11(4) (2008)Google Scholar
  15. 15.
    Kanovich, M., Kirigin, T.B., Nigam, V., Scedrov, A.: Bounded memory Dolev-Yao adversaries in collaborative systems. Inf. Comput. (2014)Google Scholar
  16. 16.
    Kanovich, M., Ban Kirigin, T., Nigam, V., Scedrov, A.: Bounded memory protocols and progressing collaborative systems. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 309–326. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  17. 17.
    Kanovich, M.I., Kirigin, T.B., Nigam, V., Scedrov, A., Talcott, C.L.: Towards timed models for cyber-physical security protocols. Available on Nigam’s homepage (2014)Google Scholar
  18. 18.
    Kanovich, M.I., Kirigin, T.B., Nigam, V., Scedrov, A., Talcott, C.L., Perovic, R.: A rewriting framework for activities subject to regulations. In: RTA, pp. 305–322 (2012)Google Scholar
  19. 19.
    Kanovich, M.I., Kirigin, T.B., Nigam, V., Scedrov, A., Talcott, C.L., Perovic, R.: A rewriting framework and logic for activities subject to regulations (2014), submitted, available on Nigam’s homepageGoogle Scholar
  20. 20.
    Kanovich, M.I., Rowe, P., Scedrov, A.: Collaborative planning with confidentiality. J. Autom. Reasoning 46(3-4), 389–421 (2011)CrossRefzbMATHMathSciNetGoogle Scholar
  21. 21.
    Lanotte, R., Maggiolo-Schettini, A., Troina, A.: Reachability results for timed automata with unbounded data structures. Acta Inf. 47(5-6), 279–311 (2010)CrossRefzbMATHMathSciNetGoogle Scholar
  22. 22.
    Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  23. 23.
    Malladi, S., Bruhadeshwar, B., Kothapalli, K.: Automatic analysis of distance bounding protocols, CoRR, abs/1003.5383 (2010)Google Scholar
  24. 24.
    Meadows, C., Poovendran, R., Pavlovic, D., Chang, L., Syverson, P.F.: Distance bounding protocols: Authentication logic analysis and collusion attacks. In: Secure Localization and Time Synchronization for Wireless Sensor and Ad Hoc Networks, pp. 279–298 (2007)Google Scholar
  25. 25.
    Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978)CrossRefzbMATHGoogle Scholar
  26. 26.
    Pavlovic, D., Meadows, C.: Deriving ephemeral authentication using channel axioms. In: Christianson, B., Malcolm, J.A., Matyáš, V., Roe, M. (eds.) Security Protocols 2009. LNCS, vol. 7028, pp. 240–261. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  27. 27.
    Sarukkai, S., Suresh, S.P.: Tagging makes secrecy decidable with unbounded nonces as well. In: Pandya, P.K., Radhakrishnan, J. (eds.) FSTTCS 2003. LNCS, vol. 2914, pp. 363–374. Springer, Heidelberg (2003)Google Scholar
  28. 28.
    Ravi, K., Varun, G.H., Vamsi, P.T.: Rfid based security system. International Journal of Innovative Technology and Exploring Engineering 2 (2013)Google Scholar
  29. 29.
    Wang, M.-H.: Secure verification of location claims with simultaneous distance modification. In: Cervesato, I. (ed.) ASIAN 2007. LNCS, vol. 4846, pp. 181–195. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  30. 30.
    Sun, K., Ning, P., Wang, C.: Tinysersync: secure and resilient time synchronization in wireless sensor networks. In: CCS, pp. 264–277 (2006)Google Scholar
  31. 31.
    Tippenhauer, N.O., Čapkun, S.: ID-based secure distance bounding and localization. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 621–636. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  • Max Kanovich
    • 1
    • 5
    Email author
  • Tajana Ban Kirigin
    • 2
  • Vivek Nigam
    • 3
  • Andre Scedrov
    • 4
    • 5
  • Carolyn Talcott
    • 6
  1. 1.Queen Mary, University of London & University CollegeLondonUK
  2. 2.University of Rijeka,HRRijekaCroatia
  3. 3.Federal University of ParabaJoão PessoaBrazil
  4. 4.University of PennsylvaniaPhiladelphiaUSA
  5. 5.National Research University Higher School of EconomicsMoscowRussia
  6. 6.SRI InternationalMenlo ParkUSA

Personalised recommendations