Skip to main content
SpringerLink
Log in

Contactless Access Control Based on Distance Bounding

  • Conference paper
  • First Online:
Information Security (ISC 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10599))

Included in the following conference series:

Abstract

Contactless access control systems are critical for security but often vulnerable to relay attacks. In this paper, we define an integrated security and privacy model for access control using distance bounding (DB) which is the most robust solution to prevent relay attacks. We show how a secure DB protocol can be converted to a secure contactless access control protocol. Regarding privacy (i.e., keeping anonymity in strong sense to an active adversary), we show that the conversion does not always preserve privacy but it is possible to study it on a case by case basis. Finally, we provide two example protocols and prove their security and privacy according to our new models.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    A malicious user can behave maliciously in an AC protocol and retrieve some information which may help him to attack the DB protocol which is composed with this AC protocol.

  2. 2.

    Door is a representation of the system or service that a user desires to access.

  3. 3.

    This can also correspond to a user who is the owner of T to input whatever requests he wants into his tag.

  4. 4.

    For simplicity, we assume that the instance C of the controller is at the same location as \( R_k \) but the time of communication between \( R_k \) and C should have no influence on the result. The difference between C and \( R_k \) only makes sense for practical reasons.

  5. 5.

    OPACITY is basically a key agreement protocol where the authentication of a tag is done with this key.

References

  1. Alliance, S.C.: Using smart cards for secure physical access. Smart Card Alliance Report, 54 (2003)

    Google Scholar 

  2. Alliance, S.C.: Industry technical contributions: OPACITY (2013)

    Google Scholar 

  3. Avoine, G., Dysli, E., Oechslin, P.: Reducing time complexity in RFID systems. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 291–306. Springer, Heidelberg (2006). doi:10.1007/11693383_20

    Chapter  Google Scholar 

  4. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). doi:10.1007/3-540-48329-2_21

    Chapter  Google Scholar 

  5. Boureanu, I., Vaudenay, S.: Optimal proximity proofs. In: Lin, D., Yung, M., Zhou, J. (eds.) Inscrypt 2014. LNCS, vol. 8957, pp. 170–190. Springer, Cham (2015). doi:10.1007/978-3-319-16745-9_10

    Google Scholar 

  6. Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994). doi:10.1007/3-540-48285-7_30

    Chapter  Google Scholar 

  7. Dagdelen, Ö., Fischlin, M., Gagliardoni, T., Marson, G.A., Mittelbach, A., Onete, C.: A cryptographic analysis of OPACITY. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 345–362. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40203-6_20

    Chapter  Google Scholar 

  8. Degabriele, J.P., Fehr, V., Fischlin, M., Gagliardoni, T., Günther, F., Marson, G.A., Mittelbach, A., Paterson, K.G.: Unpicking PLAID. In: Chen, L., Mitchell, C. (eds.) SSR 2014. LNCS, vol. 8893, pp. 1–25. Springer, Cham (2014). doi:10.1007/978-3-319-14054-4_1

    Google Scholar 

  9. Desmedt, Y.: Major security problems with the “unforgeable” (Feige-) Fiat-Shamir proofs of identity and how to overcome them. In: Congress on Computer and Communication Security and Protection Securicom, pp. 147–159. SEDEP, Paris (1988)

    Google Scholar 

  10. Dürholz, U., Fischlin, M., Kasper, M., Onete, C.: A formal approach to distance-bounding RFID protocols. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 47–62. Springer, Heidelberg (2011). doi:10.1007/978-3-642-24861-0_4

    Chapter  Google Scholar 

  11. Fischlin, M., Onete, C.: Terrorism in distance bounding: modeling terrorist-fraud resistance. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 414–431. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38980-1_26

    Chapter  Google Scholar 

  12. Francillon, A., Danev, B., Capkun, S.: Relay attacks on passive keyless entry and start systems in modern cars. In: NDSS (2011)

    Google Scholar 

  13. Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Practical NFC peer-to-peer relay attack using mobile phones. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 35–49. Springer, Heidelberg (2010). doi:10.1007/978-3-642-16822-2_4

    Chapter  Google Scholar 

  14. C.A. Government’s Department of Human Services (DHS). Protocol for lightweight authentication of identity (PLAID) (2010)

    Google Scholar 

  15. Ha, J.H., Moon, S.J., Zhou, J., Ha, J.C.: A new formal proof model for RFID location privacy. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 267–281. Springer, Heidelberg (2008). doi:10.1007/978-3-540-88313-5_18

    Chapter  Google Scholar 

  16. Hancke, G.P.: A practical relay attack on ISO 14443 proximity cards. Technical report, University of Cambridge Computer Laboratory, vol. 59, pp. 382–385 (2005)

    Google Scholar 

  17. Hancke, G.P.: Practical attacks on proximity identification systems. In: 2006 IEEE Symposium on Security and Privacy, pp. 328–333. IEEE (2006)

    Google Scholar 

  18. Hermans, J., Pashalidis, A., Vercauteren, F., Preneel, B.: A new RFID privacy model. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 568–587. Springer, Heidelberg (2011). doi:10.1007/978-3-642-23822-2_31

    Chapter  Google Scholar 

  19. Hermans, J., Peeters, R., Onete, C.: Efficient, secure, private distance bounding without key updates. In: WiSec, Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 207–218 (2013)

    Google Scholar 

  20. Juels, A., Weis, S.A.: Defining strong privacy for RFID. ACM Trans. Inf. Syst. Secur. (TISSEC) 13(1), 7 (2009)

    Article  Google Scholar 

  21. Kılınç, H., Vaudenay, S.: Efficient public-key distance bounding protocol. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 873–901. Springer, Heidelberg (2016). doi:10.1007/978-3-662-53890-6_29

    Chapter  Google Scholar 

  22. Kim, C.H., Avoine, G., Koeune, F., Standaert, F.-X., Pereira, O.: The swiss-knife RFID distance bounding protocol. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 98–115. Springer, Heidelberg (2009). doi:10.1007/978-3-642-00730-9_7

    Chapter  Google Scholar 

  23. Li, Y., Deng, R.H., Lai, J., Ma, C.: On two RFID privacy notions and their relations. ACM Trans. Inf. Syst. Secur. (TISSEC) 14(4), 30 (2011)

    Article  Google Scholar 

  24. Markantonakis, K.: Practical relay attack on contactless transactions by using NFC mobile phones. Radio Freq. Identif. Syst. Secur. RFIDsec 12, 21 (2012)

    Google Scholar 

  25. Mitrokotsa, A., Onete, C., Vaudenay, S.: Location leakage in distance bounding: why location privacy does not work. Comput. Secur. 45, 199–209 (2014)

    Article  Google Scholar 

  26. Ng, C.Y., Susilo, W., Mu, Y., Safavi-Naini, R.: RFID privacy models revisited. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 251–266. Springer, Heidelberg (2008). doi:10.1007/978-3-540-88313-5_17

    Chapter  Google Scholar 

  27. Okamoto, T., Pointcheval, D.: The gap-problems: a new class of problems for the security of cryptographic schemes. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 104–118. Springer, Heidelberg (2001). doi:10.1007/3-540-44586-2_8

    Chapter  Google Scholar 

  28. Roland, M., Langer, J., Scharinger, J.: Applying relay attacks to Google Wallet. In: 2013 5th International Workshop on Near Field Communication (NFC), pp. 1–6. IEEE (2013)

    Google Scholar 

  29. Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007). doi:10.1007/978-3-540-76900-2_5

    Chapter  Google Scholar 

  30. Vaudenay, S.: On privacy for RFID. In: Au, M.-H., Miyaji, A. (eds.) ProvSec 2015. LNCS, vol. 9451, pp. 3–20. Springer, Cham (2015). doi:10.1007/978-3-319-26059-4_1

    Google Scholar 

  31. Vaudenay, S.: Private and secure public-key distance bounding. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 207–216. Springer, Heidelberg (2015). doi:10.1007/978-3-662-47854-7_12

    Chapter  Google Scholar 

  32. Vaudenay, S.: Sound proof of proximity of knowledge. In: Au, M.-H., Miyaji, A. (eds.) ProvSec 2015. LNCS, vol. 9451, pp. 105–126. Springer, Cham (2015). doi:10.1007/978-3-319-26059-4_6

    Google Scholar 

  33. Wognsen, E.R., Karlsen, H.S., Calverley, M., Follin, M.N., Thomsen, B., Huttel, H.: A secure relay protocol for door access control. In: Proceedings of the Xii Brazilian Symposium on Information and Computer System Security. SBC-Sociedade Brasileira de Computação (2012)

    Google Scholar 

  34. Yang, A., Zhuang, Y., Wong, D.S., Yang, G.: A new unpredictability-based RFID privacy model. In: Lopez, J., Huang, X., Sandhu, R. (eds.) NSS 2013. LNCS, vol. 7873, pp. 479–492. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38631-2_35

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. EPFL, Lausanne, Switzerland

    Handan Kılınç & Serge Vaudenay

Authors
  1. Handan Kılınç
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Serge Vaudenay
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Handan Kılınç .

Editor information

Editors and Affiliations

  1. Inria, Tokyo, Japan

    Phong Q. Nguyen

  2. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Kılınç, H., Vaudenay, S. (2017). Contactless Access Control Based on Distance Bounding. In: Nguyen, P., Zhou, J. (eds) Information Security. ISC 2017. Lecture Notes in Computer Science(), vol 10599. Springer, Cham. https://doi.org/10.1007/978-3-319-69659-1_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-69659-1_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-69658-4

  • Online ISBN: 978-3-319-69659-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation