Security of Distance-Bounding

Distance-bounding protocols allow a verifier to both authenticate a prover and evaluate whether the latter is located in his vicinity. These protocols are of particular interest in contactless systems, e.g., electronic payment or access control systems, which are vulnerable to distance-based frauds. This survey analyzes and compares in a unified manner many existing distance-bounding protocols with respect to several key security and complexity features.

[1]  Juan Manuel González Nieto,et al.  Detecting relay attacks with timing-based protocols , 2007, ASIACCS '07.

[2]  Markus G. Kuhn,et al.  Attacks on time-of-flight distance bounding channels , 2008, WiSec '08.

[3]  Süleyman Kardas,et al.  A Novel RFID Distance Bounding Protocol Based on Physically Unclonable Functions , 2011, IACR Cryptol. ePrint Arch..

[4]  Gerhard P. Hancke,et al.  A Practical Generic Relay Attack on Contactless Transactions by Using NFC Mobile Phones , 2013 .

[5]  Mohammad Reza Sohizadeh Abyaneh,et al.  Security Analysis of Two Distance-Bounding Protocols , 2011, RFIDSec.

[6]  Gildas Avoine,et al.  RFID Distance Bounding Protocol with Mixed Challenges to Prevent Relay Attacks , 2009, CANS.

[7]  Rolando Trujillo-Rasua,et al.  Optimality Results on the Security of Lookup-Based Protocols , 2016, RFIDSec.

[8]  Gerhard P. Hancke,et al.  Design of a secure distance-bounding channel for RFID , 2011, J. Netw. Comput. Appl..

[9]  Gildas Avoine,et al.  Mutual Distance Bounding Protocols , 2013, IEEE Transactions on Mobile Computing.

[10]  Marc Fischlin,et al.  Terrorism in Distance Bounding: Modeling Terrorist-Fraud Resistance , 2013, ACNS.

[11]  Markus G. Kuhn,et al.  So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks , 2006, ESAS.

[12]  Jorge Munilla,et al.  Security Analysis of Tu and Piramuthu's Protocol , 2008, 2008 New Technologies, Mobility and Security.

[13]  Yvo Desmedt,et al.  Identification Tokens - or: Solving the Chess Grandmaster Problem , 1990, CRYPTO.

[14]  Frank Stajano,et al.  Make Noise and Whisper: A Solution to Relay Attacks , 2011, Security Protocols Workshop.

[15]  Serge Vaudenay,et al.  The Bussard-Bagga and Other Distance-Bounding Protocols under Attacks , 2012, Inscrypt.

[16]  Chris J. Mitchell,et al.  Digital rights management using a mobile phone , 2007, ICEC.

[17]  Christos Dimitrakakis,et al.  Reid et al.'s distance bounding protocol and mafia fraud attacks over noisy channels , 2010, IEEE Communications Letters.

[18]  Amos Fiat,et al.  Zero Knowledge Proofs of Identity , 1987, STOC.

[19]  Paramvir Bahl,et al.  RADAR: an in-building RF-based user location and tracking system , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[20]  Serge Vaudenay,et al.  Practical and provably secure distance-bounding , 2013, J. Comput. Secur..

[21]  Di Ma,et al.  Context-Aware Defenses to RFID Unauthorized Reading and Relay Attacks , 2013, IEEE Transactions on Emerging Topics in Computing.

[22]  Laurent Bussard,et al.  Distance-Bounding Proof of Knowledge to Avoid Real-Time Attacks , 2005, SEC.

[23]  Srdjan Capkun,et al.  Distance Hijacking Attacks on Distance Bounding Protocols , 2012, 2012 IEEE Symposium on Security and Privacy.

[24]  Yuanfei Tu RFID Distance Bounding Protocols , 2007 .

[25]  Serge Vaudenay,et al.  On the Pseudorandom Function Assumption in (Secure) Distance-Bounding Protocols - PRF-ness alone Does Not Stop the Frauds! , 2012, LATINCRYPT.

[26]  Samy Bengio,et al.  Special Uses and Abuses of the Fiat-Shamir Passport Protocol , 1987, CRYPTO.

[27]  Cédric Lauradoux,et al.  A framework for analyzing RFID distance bounding protocols , 2011, J. Comput. Secur..

[28]  Serge Vaudenay,et al.  Secure and Lightweight Distance-Bounding , 2013, LightSec.

[29]  Srdjan Capkun,et al.  Secure positioning in wireless networks , 2006, IEEE Journal on Selected Areas in Communications.

[30]  Serge Vaudenay,et al.  Practical & Provably Secure Distance-Bounding , 2013, IACR Cryptol. ePrint Arch..

[31]  R.K. Guy,et al.  On numbers and games , 1978, Proceedings of the IEEE.

[32]  Marc Fischlin,et al.  A Formal Approach to Distance-Bounding RFID Protocols , 2011, ISC.

[33]  Avishai Wool,et al.  Picking Virtual Pockets using Relay Attacks on Contactless Smartcard , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[34]  Samy Bengio,et al.  Secure implementation of identification systems , 2004, Journal of Cryptology.

[35]  Srdjan Capkun,et al.  SECTOR: secure tracking of node encounters in multi-hop wireless networks , 2003, SASN '03.

[36]  Ryuji Kohno,et al.  Ultra Wideband Signals and Systems in Communication Engineering: Ghavami/Ultra Wideband Signals and Systems in Communication Engineering , 2004 .

[37]  Gerhard P. Hancke,et al.  Confidence in smart token proximity: Relay attacks revisited , 2009, Comput. Secur..

[38]  Gildas Avoine,et al.  Comparing distance bounding protocols: A critical mission supported by decision theory , 2015, Comput. Commun..

[39]  Gerhard P. Hancke Practical attacks on proximity identification systems , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[40]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[41]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[42]  Serge Vaudenay Private and Secure Public-Key Distance Bounding - Application to NFC Payment , 2015, Financial Cryptography.

[43]  Rolando Trujillo-Rasua Complexity of distance fraud attacks in graph-based distance bounding , 2013, MobiQuitous.

[44]  Gildas Avoine,et al.  Distance Bounding Facing Both Mafia and Distance Frauds , 2014, IEEE Transactions on Wireless Communications.

[45]  Jorge Munilla,et al.  Enhanced low-cost RFID protocol to detect relay attacks , 2010, CMC 2010.

[46]  Jorge Munilla,et al.  Distance bounding protocols for RFID enhanced by using void-challenges and analysis in noisy channels , 2008 .

[47]  Cédric Lauradoux,et al.  How secret-sharing can defeat terrorist fraud , 2011, WiSec '11.

[48]  Marc Fischlin,et al.  Subtle kinks in distance-bounding: an analysis of prominent protocols , 2013, WiSec '13.

[49]  Juan E. Tapiador,et al.  Shedding Some Light on RFID Distance Bounding Protocols and Terrorist Attacks , 2009, ArXiv.

[50]  Rolando Trujillo-Rasua,et al.  A Class of Precomputation-Based Distance-Bounding Protocols , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[51]  Srdjan Capkun,et al.  Realization of RF Distance Bounding , 2010, USENIX Security Symposium.

[52]  Vivien Chu,et al.  Ultra Wideband Signals and Systems in Communication Engineering , 2007 .

[53]  Sung Je Hong,et al.  Distance Bounding Protocol for Mutual Authentication , 2011, IEEE Transactions on Wireless Communications.

[54]  Julio C. Hernandez-Castro,et al.  Cryptographic puzzles and distance-bounding protocols: Practical tools for RFID security , 2010, 2010 IEEE International Conference on RFID (IEEE RFID 2010).

[55]  Bruce Christianson,et al.  Multichannel Protocols to Prevent Relay Attacks , 2010, Financial Cryptography.

[56]  Gildas Avoine,et al.  RFID Distance Bounding Protocols with Mixed Challenges , 2011, IEEE Transactions on Wireless Communications.

[57]  Kasper Bonne Rasmussen Primitives For Secure Localization And Location Verification , 2011 .

[58]  Ventzislav Nikov,et al.  Yet Another Secure Distance-Bounding Protocol , 2008, SECRYPT.

[59]  Gerhard P. Hancke,et al.  Practical NFC Peer-to-Peer Relay Attack Using Mobile Phones , 2010, RFIDSec.

[60]  Orhun Kara,et al.  Optimal Security Limits of RFID Distance Bounding Protocols , 2010, RFIDSec.

[61]  Srdjan Capkun,et al.  Proximity-based access control for implantable medical devices , 2009, CCS.

[62]  Gildas Avoine,et al.  An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and Memory Requirement , 2009, ISC.

[63]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[64]  Gildas Avoine,et al.  The Poulidor Distance-Bounding Protocol , 2010, RFIDSec.

[65]  Pascal Urien,et al.  Elliptic curve-based RFID/NFC authentication with temperature sensor input for relay attacks , 2014, Decis. Support Syst..

[66]  Serge Vaudenay,et al.  Towards Secure Distance Bounding , 2013, FSE.

[67]  Gildas Avoine,et al.  The Swiss-Knife RFID Distance Bounding Protocol , 2008, ICISC.

[68]  Steven J. Murdoch,et al.  Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks , 2007, USENIX Security Symposium.

[69]  Srdjan Capkun,et al.  Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars , 2010, NDSS.

[70]  Gildas Avoine,et al.  RFID Distance Bounding Multistate Enhancement , 2009, INDOCRYPT.

[71]  S. Vaudenay,et al.  Secure & Lightweight Distance-Bounding , 2013 .

[72]  Bart Preneel,et al.  Distance Bounding in Noisy Environments , 2007, ESAS.