Location leakage in distance bounding: Why location privacy does not work

In many cases, we can only have access to a service by proving we are sufficiently close to a particular location (e.g. in automobile or building access control). In these cases, proximity can be guaranteed through signal attenuation. However, by using additional transmitters an attacker can relay signals between the prover and the verifier. Distance-bounding protocols are the main countermeasure against such attacks; however, such protocols may leak information regarding the location of the prover and/or the verifier who run the distance-bounding protocol. In this paper, we consider a formal model for location privacy in the context of distance-bounding. In particular, our contributions are threefold: we first define a security game for location privacy in distance bounding; secondly, we define an adversarial model for this game, with two adversary classes; finally, we assess the feasibility of attaining location privacy for distance-bounding protocols. Concretely, we prove that for protocols with a beginning or a termination, it is theoretically impossible to achieve location privacy for either of the two adversary classes, in the sense that there always exists a polynomially-bounded adversary winning the security game. However, for so-called limited adversaries, who cannot see the location of arbitrary provers, carefully chosen parameters do, in practice, enable computational location privacy.

[1]  Serge Vaudenay,et al.  The Bussard-Bagga and Other Distance-Bounding Protocols under Attacks , 2012, Inscrypt.

[2]  Serge Vaudenay,et al.  On the Need for Secure Distance-Bounding , 2013, CRYPTO 2013.

[3]  Serge Vaudenay,et al.  Towards Secure Distance Bounding , 2013, FSE.

[4]  Gildas Avoine,et al.  The Swiss-Knife RFID Distance Bounding Protocol , 2008, ICISC.

[5]  Andrea Bittau,et al.  BlueSniff: Eve Meets Alice and Bluetooth , 2007, WOOT.

[6]  Mike Burmester,et al.  Localization Privacy , 2012, Cryptography and Security.

[7]  Serge Vaudenay,et al.  Expected loss bounds for authentication in constrained channels , 2012, 2012 Proceedings IEEE INFOCOM.

[8]  S. Vaudenay,et al.  Secure & Lightweight Distance-Bounding , 2013 .

[9]  Gildas Avoine,et al.  Lightweight cryptography for security and privacy : second international workshop, LightSec 2013, Gebze, Turkey, May 6-7, 2013, revised selected papers , 2013 .

[10]  Marc Fischlin,et al.  Terrorism in Distance Bounding: Modeling Terrorist-Fraud Resistance , 2013, ACNS.

[11]  Steven J. Murdoch,et al.  Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks , 2007, USENIX Security Symposium.

[12]  Srdjan Capkun,et al.  Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars , 2010, NDSS.

[13]  Panagiotis Papadimitratos,et al.  Secure neighbor discovery in wireless networks: formal investigation of possibility , 2008, ASIACCS '08.

[14]  Serge Vaudenay,et al.  Secure and Lightweight Distance-Bounding , 2013, LightSec.

[15]  Srdjan Capkun,et al.  Realization of RF Distance Bounding , 2010, USENIX Security Symposium.

[16]  Serge Vaudenay,et al.  Practical and provably secure distance-bounding , 2013, J. Comput. Secur..

[17]  Rafail Ostrovsky,et al.  Position-Based Cryptography , 2014, SIAM J. Comput..

[18]  Mike Burmester His Late Master's Voice: Barking for Location Privacy , 2011, Security Protocols Workshop.

[19]  Marc Fischlin,et al.  A Formal Approach to Distance-Bounding RFID Protocols , 2011, ISC.

[20]  David Naccache,et al.  Cryptography and Security: From Theory to Applications , 2012, Lecture Notes in Computer Science.

[21]  Srikanth V. Krishnamurthy,et al.  On the Efficacy of Frequency Hopping in Coping with Jamming Attacks in 802.11 Networks , 2010, IEEE Transactions on Wireless Communications.

[22]  Gerhard P. Hancke,et al.  Confidence in smart token proximity: Relay attacks revisited , 2009, Comput. Secur..

[23]  Laurent Bussard Distance-bounding proof of knowledge protocols to avoid terrorist fraud attacks , 2004 .

[24]  Yih-Chun Hu,et al.  Wormhole attacks in wireless networks , 2006, IEEE Journal on Selected Areas in Communications.

[25]  Marc Fischlin,et al.  Subtle kinks in distance-bounding: an analysis of prominent protocols , 2013, WiSec '13.

[26]  Aikaterini Mitrokotsa,et al.  Mind your nonces : cryptanalysis of a privacy-preserving distance bounding protocol , 2011 .

[27]  Serge Vaudenay,et al.  Mafia fraud attack against the RČ Distance-Bounding Protocol , 2012, 2012 IEEE International Conference on RFID-Technologies and Applications (RFID-TA).

[28]  Juan Manuel González Nieto,et al.  Detecting relay attacks with timing-based protocols , 2007, ASIACCS '07.

[29]  David A. Wagner,et al.  Secure verification of location claims , 2003, WiSe '03.

[30]  Serge Vaudenay,et al.  On Selecting the Nonce Length in Distance-Bounding Protocols , 2013, Comput. J..

[31]  Serge Vaudenay,et al.  On the Pseudorandom Function Assumption in (Secure) Distance-Bounding Protocols - PRF-ness alone Does Not Stop the Frauds! , 2012, LATINCRYPT.

[32]  Bart Preneel,et al.  Location verification using secure distance bounding protocols , 2005, IEEE International Conference on Mobile Adhoc and Sensor Systems Conference, 2005..

[33]  Gerhard P. Hancke,et al.  Practical NFC Peer-to-Peer Relay Attack Using Mobile Phones , 2010, RFIDSec.

[34]  Srdjan Capkun,et al.  Location privacy of distance bounding protocols , 2008, CCS.

[35]  Noen Given The Bussard-Bagga and Other Distance Bounding Protocols under Man-inthe-Middle Attacks , 2012 .

[36]  David Chaum,et al.  Distance-Bounding Protocols (Extended Abstract) , 1994, EUROCRYPT.

[37]  Christos Dimitrakakis,et al.  Reid et al.'s distance bounding protocol and mafia fraud attacks over noisy channels , 2010, IEEE Communications Letters.