Distance Hijacking Attacks on Distance Bounding Protocols

After several years of theoretical research on distance bounding protocols, the first implementations of such protocols have recently started to appear. These protocols are typically analyzed with respect to three types of attacks, which are historically known as Distance Fraud, Mafia Fraud, and Terrorist Fraud. We define and analyze a fourth main type of attack on distance bounding protocols, called Distance Hijacking. This type of attack poses a serious threat in many practical scenarios. We show that many proposed distance bounding protocols are vulnerable to Distance Hijacking, and we propose solutions to make these protocols resilient to this type of attack. We show that verifying distance bounding protocols using existing informal and formal frameworks does not guarantee the absence of Distance Hijacking attacks. We extend a formal framework for reasoning about distance bounding protocols to include overshadowing attacks. We use the resulting framework to prove the absence of all of the found attacks for protocols to which our countermeasures have been applied.

[1]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[2]  Bruce Schneier,et al.  Protocol Interactions and the Chosen Protocol Attack , 1997, Security Protocols Workshop.

[3]  Joshua D. Guttman,et al.  Protocol independence through disjoint encryption , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[4]  Srdjan Capkun,et al.  SECTOR: secure tracking of node encounters in multi-hop wireless networks , 2003, SASN '03.

[5]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[6]  Laurent Bussard,et al.  Distance-Bounding Proof of Knowledge to Avoid Real-Time Attacks , 2005, SEC.

[7]  Cas J. F. Cremers Feasibility of multi-protocol attacks , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[8]  Steven J. Murdoch,et al.  Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks , 2007, USENIX Security Symposium.

[9]  Bart Preneel,et al.  Distance Bounding in Noisy Environments , 2007, ESAS.

[10]  Juan Manuel González Nieto,et al.  Detecting relay attacks with timing-based protocols , 2007, ASIACCS '07.

[11]  Radha Poovendran,et al.  Distance Bounding Protocols: Authentication Logic Analysis and Collusion Attacks , 2007, Secure Localization and Time Synchronization for Wireless Sensor and Ad Hoc Networks.

[12]  Gildas Avoine,et al.  The Swiss-Knife RFID Distance Bounding Protocol , 2008, ICISC.

[13]  Jorge Munilla,et al.  Distance bounding protocols for RFID enhanced by using void-challenges and analysis in noisy channels , 2008, Wirel. Commun. Mob. Comput..

[14]  Srdjan Capkun,et al.  Let's Get Physical: Models and Methods for Real-World Security Protocols , 2009, TPHOLs.

[15]  Juan E. Tapiador,et al.  Shedding Some Light on RFID Distance Bounding Protocols and Terrorist Attacks , 2009, ArXiv.

[16]  Gildas Avoine,et al.  RFID Distance Bounding Protocol with Mixed Challenges to Prevent Relay Attacks , 2009, CANS.

[17]  Gildas Avoine,et al.  An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and Memory Requirement , 2009, ISC.

[18]  Yih-Chun Hu,et al.  Secure and precise location verification using distance bounding and simultaneous multilateration , 2009, WiSec '09.

[19]  Heinrich Luecken,et al.  UWB impulse radio based distance bounding , 2010, 2010 7th Workshop on Positioning, Navigation and Communication.

[20]  Srdjan Capkun,et al.  Realization of RF Distance Bounding , 2010, USENIX Security Symposium.

[21]  Kishore Kothapalli,et al.  Automatic analysis of distance bounding protocols , 2010, ArXiv.

[22]  Ghassan O. Karame,et al.  Integrity Regions: Authentication through Presence in Wireless Networks , 2006, IEEE Transactions on Mobile Computing.

[23]  Gildas Avoine,et al.  The Poulidor Distance-Bounding Protocol , 2010, RFIDSec.

[24]  Julio C. Hernandez-Castro,et al.  Cryptographic puzzles and distance-bounding protocols: Practical tools for RFID security , 2010, 2010 IEEE International Conference on RFID (IEEE RFID 2010).

[25]  Marc Fischlin,et al.  A Formal Approach to Distance-Bounding RFID Protocols , 2011, ISC.

[26]  Srdjan Capkun,et al.  Investigation of Signal and Message Manipulations on the Wireless Channel , 2011, ESORICS.

[27]  Cédric Lauradoux,et al.  A framework for analyzing RFID distance bounding protocols , 2011, J. Comput. Secur..

[28]  W. Marsden I and J , 2012 .