Abstract
A number of security systems, from Chip-and-PIN payment cards to contactless subway and train tokens, as well as secure localization systems, are vulnerable to relay attacks.
Encrypting the communication between the honest endpoints does not protect against such attacks. The main solution that has been offered to date is distance bounding, in which a tightly timed exchange of challenges and responses persuades the verifier that the prover cannot be further away than a certain distance. This solution, however, still won’t say whether the specific endpoint the verifier is talking to is the intended one or not—it will only tell the verifier whether the real prover is “nearby”.
Are there any alternatives? We propose a more general paradigm based on multichannel protocols. Our class of protocols, of which distance bounding can be modelled as a special case, allows a precise answer to be given to the question of whether the unknown device in front of the potential victim is a relaying attacker or the device with which the victim intended to communicate.
We discuss several instantiations of our solution and point out the extent to which all these countermeasures rely, often implicitly, on the alertness of a honest human taking part in the protocol.
Revision 39 of 2010-02-27 22:23:18 +0100 (Sat, 27 Feb 2010).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bennett, C., Brassard, G.: Quantum cryptography: Public-key distribution and coin tossing. In: Proc. IEEE ICCSSP (1984)
Beth, T., Desmedt, Y.: Identification Tokens — or: Solving the Chess Grandmaster Problem. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 169–176. Springer, Heidelberg (1991)
Brands, S., Chaum, D.: Distance-Bounding Protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)
Christianson, B., Li, J.: Multi-channel Key Agreement using Encrypted Public Key Exchange. In: Proc. Security Protocols Workshop 2007. LNCS, vol. 5964. Springer, Heidelberg (2007)
Clulow, J., Hancke, G., Kuhn, M., Moore, T.: So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks. In: Buttyán, L., Gligor, V.D., Westhoff, D. (eds.) ESAS 2006. LNCS, vol. 4357, pp. 83–97. Springer, Heidelberg (2006)
Conway, J.: On numbers and games. Academic Press, London (1976)
Damgård, I., Nielsen, J.B., Wichs, D.: Isolated Proofs of Knowledge and Isolated Zero Knowledge. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 509–526. Springer, Heidelberg (2008)
Desmedt, Y., Goutier, C., Bengio, S.: Special Uses and Abuses of the Fiat-Shamir Passport Protocol. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 21–39. Springer, Heidelberg (1988)
Drimer, S., Murdoch, S.: Keep your enemies close: distance bounding against smartcard relay attacks. In: Proc. USENIX Security 2007 (2007)
Ekert, A.: Quantum cryptography based on Bell’s theorem. Physical Review Letters 67(6), 661 (1991)
Hancke, G.: Security of proximity identification systems. Tech. Rep. 752, University of Cambridge (2009)
Hancke, G., Kuhn, M.: An RFID Distance Bounding Protocol. In: Proc. IEEE Securecomm 2005 (2005)
Holmquist, L., Mattern, F., Schiele, B., Alahuhta, P., Beigl, M., Gellersen, H.: Smart-Its Friends: A Technique for Users to Easily Establish Connections between Smart Artefacts. In: Abowd, G.D., Brumitt, B., Shafer, S. (eds.) UbiComp 2001. LNCS, vol. 2201, p. 116. Springer, Heidelberg (2001)
Mayrhofer, R., Gellersen, H.: Shake well before use: Intuitive and Secure Pairing of Mobile Devices. IEEE Trans. Mobile Computing 8(6), 792–806 (2009)
McCune, J., Perrig, A., Reiter, M.: Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication. In: Proc. IEEE Security and Privacy 2005 (2005)
Nguyen, L., Roscoe, A.: Authentication protocols based on low-bandwidth unspoofable channels: a comparative survey (2009) (manuscript)
Pappu, R., Recht, B., Taylor, J., Gershenfeld, N.: Physical One-Way Functions. Science 297(5589), 2026–2030 (2002)
Pavlovic, D., Meadows, C.: Deriving Authentication for Pervasive Security. In: Proc. ACM ISTPS 2008 (2008)
Stajano, F., Wilson, P.: Understanding scam victims: seven principles for systems security. Tech. rep. 754, University of Cambridge (2009)
Wong, F., Stajano, F.: Multi-channel Protocols. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2005. LNCS, vol. 4631, pp. 112–127. Springer, Heidelberg (2007); See also the extended and revised version in IEEE Pervasive Computing 6(4), 31–39 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Stajano, F., Wong, FL., Christianson, B. (2010). Multichannel Protocols to Prevent Relay Attacks. In: Sion, R. (eds) Financial Cryptography and Data Security. FC 2010. Lecture Notes in Computer Science, vol 6052. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14577-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-14577-3_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14576-6
Online ISBN: 978-3-642-14577-3
eBook Packages: Computer ScienceComputer Science (R0)