Terrorism in Distance Bounding: Modeling Terrorist-Fraud Resistance
In distance-bounding protocols, verifiers use a clock to measure the time elapsed in challenge-response rounds, thus upper-bounding their distance to the prover. This should prevent man-in-the-middle (MITM) relay attacks. Distance-bounding protocols may aim to prevent several attacks, amongst which terrorist fraud, where a dishonest prover helps the adversary to authenticate, but without passing data that allows the adversary to later authenticate on its own. Two definitions of terrorist-fraud resistance exist: a very strong notion due to Dürholz et al.  (which we call SimTF security), and a weaker, fuzzier notion due to Avoine et al. . Recent work  indicates that the classical countermeasures to terrorist fraud, though intuitively sound, do not grant SimTF security. Two questions are posed in : (1) Is SimTF security achievable? and (2) Can we find a definition of terrorist-fraud resistance which both captures the intuition behind it and enables efficient constructions?
We answer both questions affirmatively. For (1) we show the first provably SimTF secure distance-bounding scheme in the literature, though superior terrorist-fraud resistance comes here at the cost of security. For (2) we provide a game-based definition for terrorist-fraud resistance (called GameTF security) that captures the intuition suggested in , is formalized in the style of , and is strong enough for practical applications. We also prove that the SimTF-insecure  Swiss-Knife protocol is GameTF-secure. We argue that high-risk scenarios require a stronger security level, closer to SimTF security. Our SimTF secure scheme is also strSimTF secure.
KeywordsSuccess Probability Authentication Scheme Distance Bounding Honest Party MITM Attack
Unable to display preview. Download preview PDF.
- 1.Avoine, G., Bingol, M.A., Karda, S., Lauradoux, C., Martin, B.: A formal framework for analyzing RFID distance bounding protocols. Journal of Computer Security - Special Issue on RFID System Security (2010)Google Scholar
- 2.Avoine, G., Lauradoux, C., Martin, B.: How secret-sharing can defeat terrorist fraud. In: Proceedings of the Fourth ACM Conference on Wireless Network Security, WISEC 2011, pp. 145–156. ACM Press (2011)Google Scholar
- 4.Desmedt, Y.: Major security problems with the ‘unforgeable’ (feige)-fiat-shamir proofs of identity and how to overcome them. In: SecuriCom, pp. 15–17. SEDEP Paris, France (1988)Google Scholar
- 5.Drimer, S., Murdoch, S.J.: Keep your enemies close: distance bounding against smartcard relay attacks. In: Proc. of the 16th USENIX Security Symposium on USENIX Security Symposium, article no. 7. ACM Press (2007)Google Scholar
- 7.Fischlin, M., Onete, C.: Provably secure distance-bounding: an analysis of prominent protocols. Accepted at the 6th Conference on Security and Privacy in Wireless and Mobile Networks ACM WISec 2013, Proceedings will follow (2013), http://eprint.iacr.org/2012/128.pdf
- 8.Francillon, A., Danev, B., Čapkun, S.: Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars (2010), http://eprint.iacr.org/2010/332
- 10.Hancke, G.P.: A practical relay attack on ISO 14443 proximity cards (2005), http://www.cl.cam.ac.uk/gh275/relay.pdf
- 11.Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: SECURECOMM, pp. 67–73. ACM Press (2005)Google Scholar
- 12.Hlaváč, M., Tomáč, R.: A Note on the Relay Attacks on e-Passports (2007), http://eprint.iacr.org/2007/244.pdf
- 13.Kfir, Z., Wool, A.: Picking virtual pockets using relay attacks on contactless smartcard systems. In: Conference on Security and Privacy for Emergency Areas in Communication Networks – SecureComm 2005, pp. 47–58. IEEE (2005)Google Scholar
- 16.Oren, Y., Wool, A.: Relay attacks on RFID-based electronic voting systems. Cryptology ePrint Archive, Report 2009/442 (2009), http://eprint.iacr.org/2009/422.pdf
- 18.Reid, J., Nieto, J.M.G., Tang, T., Senadji, B.: Detecting relay attacks with timing-based protocols. In: ASIACCS, pp. 204–213. ACM Press (2007)Google Scholar