Proximity Verification for Contactless Access Control and Authentication Systems

Today, contactless smart cards are used to provide physical access control and authentication in a wide variety of applications. Prior research have demonstrated the vulnerability of contactless smart cards to relay attacks. For example, an attacker can relay the communication between the card reader and the smart card to steal a car or pay for goods in a supermarket. To solve this problem, smart cards need to be enhanced with secure proximity verification, i.e., distance bounding, which enables the card reader and the card to verify their mutual distance. However, existing technologies do not support the deployment of distance bounding in such systems: NFC cannot provide sufficient distance resolution, and hardware complexity of the proposed (e.g., UWB-based) distance bounding radios prevents their use in contactless smart cards. In this work, we propose a novel distance bounding system specifically designed for short-range contactless access control and authentication applications. Our system combines frequency modulated continuous wave (FMCW) and backscatter communication. The use of backscatter communication enables low-complexity, power-efficient design of the prover which is critical for contactless smart cards. In addition, our distance bounding system enables the implementation of a majority of distance bounding protocols developed in prior art. We analyze our system against various attack scenarios and show that it offers strong security guarantees. Additionally, we evaluate our system's communication and distance measurement characteristics using a prototype implementation.

[1]  Mike Bond,et al.  Chip and Skim: Cloning EMV Cards with the Pre-play Attack , 2012, 2014 IEEE Symposium on Security and Privacy.

[2]  Gang Li,et al.  Bandwidth dependence of CW ranging to UHF RFID tags in severe multipath environments , 2011, 2011 IEEE International Conference on RFID.

[3]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[4]  Srdjan Capkun,et al.  Design and Implementation of a Terrorist Fraud Resilient Distance Bounding System , 2012, ESORICS.

[5]  Yuanfei Tu RFID Distance Bounding Protocols , 2007 .

[6]  Srdjan Capkun,et al.  Realization of RF Distance Bounding , 2010, USENIX Security Symposium.

[7]  Juan Manuel González Nieto,et al.  Detecting relay attacks with timing-based protocols , 2007, ASIACCS '07.

[8]  Frank Ellinger,et al.  An active pulsed reflector circuit for FMCW radar application based on the switched injection-locked oscillator principle , 2011, 2011 Semiconductor Conference Dresden.

[9]  Srdjan Capkun,et al.  ID-Based Secure Distance Bounding and Localization , 2009, ESORICS.

[10]  Gerhard P. Hancke Practical attacks on proximity identification systems , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[11]  W. Hirt The European UWB Radio Regulatory and Standards Framework: Overview and Implications , 2007, 2007 IEEE International Conference on Ultra-Wideband.

[12]  Davide Dardari,et al.  Passive Ultrawide Bandwidth RFID , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[13]  Gildas Avoine,et al.  The Swiss-Knife RFID Distance Bounding Protocol , 2008, ICISC.

[14]  Srdjan Capkun,et al.  Distance Hijacking Attacks on Distance Bounding Protocols , 2012, 2012 IEEE Symposium on Security and Privacy.

[15]  Samy Bengio,et al.  Special Uses and Abuses of the Fiat-Shamir Passport Protocol , 1987, CRYPTO.

[16]  Gerhard P. Hancke,et al.  On the security issues of NFC enabled mobile phones , 2010 .

[17]  David Chaum,et al.  Distance-Bounding Protocols (Extended Abstract) , 1994, EUROCRYPT.

[18]  Markus G. Kuhn,et al.  So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks , 2006, ESAS.

[19]  Srdjan Capkun,et al.  Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars , 2010, NDSS.

[20]  Andrew Gerald Stove,et al.  Linear FMCW radar techniques , 1992 .

[21]  Laurent Bussard,et al.  Distance-Bounding Proof of Knowledge to Avoid Real-Time Attacks , 2005, SEC.

[22]  F. Ellinger,et al.  Integrated Active Pulsed Reflector for an Indoor Local Positioning System , 2010, IEEE Transactions on Microwave Theory and Techniques.

[23]  Markus G. Kuhn,et al.  Attacks on time-of-flight distance bounding channels , 2008, WiSec '08.

[24]  Nils Ole Tippenhauer Physical-Layer Security Aspects of Wireless Localization , 2012 .

[25]  W. Gregg,et al.  On the Utility of Chirp Modulation for Digital Signaling , 1973, IEEE Trans. Commun..

[26]  Bart Preneel,et al.  Distance Bounding in Noisy Environments , 2007, ESAS.

[27]  Michael Roland,et al.  Applying recent secure element relay attack scenarios to the real world: Google Wallet Relay Attack , 2012, ArXiv.

[28]  Gerhard P. Hancke,et al.  Design of a secure distance-bounding channel for RFID , 2011, J. Netw. Comput. Appl..

[29]  David A. Wagner,et al.  Secure verification of location claims , 2003, WiSe '03.

[30]  Srdjan Capkun,et al.  SECTOR: secure tracking of node encounters in multi-hop wireless networks , 2003, SASN '03.

[31]  Srdjan Capkun,et al.  Location privacy of distance bounding protocols , 2008, CCS.

[32]  Mike Bond,et al.  2010 IEEE Symposium on Security and Privacy Chip and PIN is Broken , 2022 .

[33]  Tor Helleseth,et al.  Workshop on the theory and application of cryptographic techniques on Advances in cryptology , 1994 .