Abstract
Quite recently, distance-bounding protocols received a lot of attention as they offer a good solution to thwart relay attacks. Their security models at still unstable, especially when considering terrorist fraud. This considers the case where a malicious prover would try to bypass the protocol by colluding with an adversary without leaking his credentials. Two formal models appeared recently: one due to Fischlin and Onete and another one by Boureanu, Mitrokotsa, and Vaudenay. Both were proposed with a provably secure distance-bounding protocols (FO and SKI, respectively) providing security against all state-of-the-art threat models. So far, these two protocols are the only such ones.
In this paper we compare both notions and protocols. We identify some errors in the Fischlin-Onete results. We also show that the design of the FO protocol lowers security against mafia frauds while the SKI protocol makes non-standard PRF assumptions and has lower security due to not using post-authentication. None of these protocols provide reasonable parameters to be used in practice with a good security. The next open challenge consists in providing a protocol combining both approaches and good practical parameters.
Finally, we provide a new security definition against terrorist frauds which naturally inspires from the soundness notion for proof-of-knowledge protocols.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Avoine, G., Bingöl, M., Kardas, S., Lauradoux, C., Martin, B.: A Framework for Analyzing RFID Distance Bounding Protocols. Journal of Computer Security 19(2), 289–317 (2011)
Boureanu, I., Mitrokotsa, A., Vaudenay, S.: On the Pseudorandom Function Assumption in (Secure) Distance-Bounding Protocols - PRF-ness alone Does Not Stop the Frauds! In: Hevia, A., Neven, G. (eds.) LatinCrypt 2012. LNCS, vol. 7533, pp. 100–120. Springer, Heidelberg (2012)
Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Secure & Lightweight Distance-Bounding. In: Avoine, G., Kara, O. (eds.) LightSec 2013. LNCS, vol. 8162, pp. 97–113. Springer, Heidelberg (2013)
Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Practical & Provably Secure Distance-Bounding. IACR Cryptology ePrint Archive 2013/465. IACR (2013), http://eprint.iacr.org/2013/465.pdf
Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Towards Secure Distance Bounding. In: The Proceedings of FSE 2013 (to appear, 2013)
Brands, S., Chaum, D.: Distance-Bounding Protocols (Extended Abstract). In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)
Bryc, W.: A Uniform Approximation to the Right Normal Tail Integral. Applied Mathematics and Computation 127, 365–374 (2002)
Cremers, C.J.F., Rasmussen, K.B., Schmidt, B., Čapkun, S.: Distance Hijacking Attacks on Distance Bounding Protocols. In: IEEE Symposium on Security and Privacy S&P 2012, San Francisco CA, USA, pp. 113–127. IEEE Computer Society (2012)
Desmedt, Y.: Major Security Problems with the “Unforgeable” (Feige-)Fiat-Shamir Proofs of Identity and How to Overcome Them. In: Congress on Computer and Communication Security and Protection Securicom 1988, pp. 147–159. SEDEP, Paris (1988)
Dürholz, U., Fischlin, M., Kasper, M., Onete, C.: A Formal Approach to Distance-Bounding RFID Protocols. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 47–62. Springer, Heidelberg (2011)
Fischlin, M., Onete, C.: Subtle Kinks in Distance-Bounding: an Analysis of Prominent Protocols. In: ACM Conference on Security and Privacy in Wireless and Mobile Networks WISEC 2013, Budapest, Hungary, pp. 195–206. ACM (2013)
Fischlin, M., Onete, C.: Terrorism in Distance Bounding: Modelling Terrorist-Fraud Resistance. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 414–431. Springer, Heidelberg (2013)
Hancke, G.P.: Distance Bounding for RFID: Effectiveness of Terrorist Fraud. In: Conference on RFID-Technologies and Applications RFID-TA 2012, Nice, France, pp. 91–96. IEEE (2012)
Hancke, G.P., Kuhn, M.G.: An RFID Distance Bounding Protocol. In: Conference on Security and Privacy for Emerging Areas in Communications Networks SecureComm 2005, Athens, Greece, pp. 67–73. IEEE (2005)
Kim, C.H., Avoine, G., Koeune, F., Standaert, F.-X., Pereira, O.: The Swiss-Knife RFID Distance Bounding Protocol. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 98–115. Springer, Heidelberg (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vaudenay, S. (2013). On Modeling Terrorist Frauds. In: Susilo, W., Reyhanitabar, R. (eds) Provable Security. ProvSec 2013. Lecture Notes in Computer Science, vol 8209. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41227-1_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-41227-1_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41226-4
Online ISBN: 978-3-642-41227-1
eBook Packages: Computer ScienceComputer Science (R0)