Towards Quantum Distance Bounding Protocols

Distance Bounding (DB) is a security technique through which it is possible to determine an upper-bound on the physical distance between two parties (denoted as verifier and prover). These protocols typically combine physical properties of the communication channel with cryptographic challenge-response schemes. A key challenge to design secure DB protocols is to keep the time required by the prover to process the challenges and compute and transmit the responses as low as possible. For this purpose, different implementation approaches have been proposed in the literature, both in the analog as in the digital domain. Moreover, different types of communication channels have been proposed as well to find an optimal balance between security and implementation feasibility. This paper is the first to evaluate the feasibility of implementing DB protocols using quantum communication. Unlike conventional DB protocols, which execute the rapid-bit exchanges over a Radio Frequency (RF) or ultrasound channel, our quantum-based DB protocol makes use of quantum-bit (qubit) transmissions and detection during the challenge-response phase. Our protocol offers security against distance fraud, mafia fraud and terrorist attacks. We also discuss how to protect against some specific implementation attacks, such as double read-out and quantum attacks, and give an overview of the main implementation challenges as well as possible limitations.

[1]  Srdjan Capkun,et al.  Proximity-based access control for implantable medical devices , 2009, CCS.

[2]  Rafail Ostrovsky,et al.  Position-Based Quantum Cryptography: Impossibility and Constructions , 2011, IACR Cryptol. ePrint Arch..

[3]  Srdjan Capkun,et al.  ID-Based Secure Distance Bounding and Localization , 2009, ESORICS.

[4]  Bart Preneel,et al.  Distance Bounding in Noisy Environments , 2007, ESAS.

[5]  Markus G. Kuhn,et al.  So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks , 2006, ESAS.

[6]  David Chaum,et al.  Distance-Bounding Protocols (Extended Abstract) , 1994, EUROCRYPT.

[7]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[8]  Srdjan Capkun,et al.  Design and Implementation of a Terrorist Fraud Resilient Distance Bounding System , 2012, ESORICS.

[9]  Srdjan Capkun,et al.  Distance enlargement and reduction attacks on ultrasound ranging , 2005, SenSys '05.

[10]  Gilles Brassard,et al.  Quantum cryptography: Public key distribution and coin tossing , 2014, Theor. Comput. Sci..

[11]  Srdjan Capkun,et al.  Realization of RF Distance Bounding , 2010, USENIX Security Symposium.

[12]  Srdjan Capkun,et al.  Proximity Verification for Contactless Access Control and Authentication Systems , 2015, ACSAC 2015.

[13]  Juan Manuel González Nieto,et al.  Detecting relay attacks with timing-based protocols , 2007, ASIACCS '07.