On Modeling Terrorist Frauds - Addressing Collusion in Distance Bounding Protocols

Quite recently, distance-bounding protocols received a lot of attention as they offer a good solution to thwart relay attacks. Their security models at still unstable, especially when considering terrorist fraud. This considers the case where a malicious prover would try to bypass the protocol by colluding with an adversary without leaking his credentials. Two formal models appeared recently: one due to Fischlin and Onete and another one by Boureanu, Mitrokotsa, and Vaudenay. Both were proposed with a provably secure distance-bounding protocols (FO and SKI, respectively) providing security against all state-of-the-art threat models. So far, these two protocols are the only such ones. In this paper we compare both notions and protocols. We identify some errors in the Fischlin-Onete results. We also show that the design of the FO protocol lowers security against mafia frauds while the SKI protocol makes non-standard PRF assumptions and has lower security due to not using post-authentication. None of these protocols provide reasonable parameters to be used in practice with a good security. The next open challenge consists in providing a protocol combining both approaches and good practical parameters. Finally, we provide a new security definition against terrorist frauds which naturally inspires from the soundness notion for proof-of-knowledge protocols.

[1]  Srdjan Capkun,et al.  Distance Hijacking Attacks on Distance Bounding Protocols , 2012, 2012 IEEE Symposium on Security and Privacy.

[2]  David Chaum,et al.  Distance-Bounding Protocols (Extended Abstract) , 1994, EUROCRYPT.

[3]  Gregory Neven,et al.  Progress in Cryptology – LATINCRYPT 2012 , 2012, Lecture Notes in Computer Science.

[4]  Serge Vaudenay,et al.  On the Pseudorandom Function Assumption in (Secure) Distance-Bounding Protocols - PRF-ness alone Does Not Stop the Frauds! , 2012, LATINCRYPT.

[5]  Serge Vaudenay,et al.  Practical & Provably Secure Distance-Bounding , 2013, IACR Cryptol. ePrint Arch..

[6]  Marc Fischlin,et al.  A Formal Approach to Distance-Bounding RFID Protocols , 2011, ISC.

[7]  Serge Vaudenay,et al.  Secure and Lightweight Distance-Bounding , 2013, LightSec.

[8]  Serge Vaudenay,et al.  Practical and provably secure distance-bounding , 2013, J. Comput. Secur..

[9]  Marc Fischlin,et al.  Subtle kinks in distance-bounding: an analysis of prominent protocols , 2013, WiSec '13.

[10]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[11]  Gerhard P. Hancke Distance-bounding for RFID: Effectiveness of ‘terrorist fraud’ in the presence of bit errors , 2012, 2012 IEEE International Conference on RFID-Technologies and Applications (RFID-TA).

[12]  S. Vaudenay,et al.  Secure & Lightweight Distance-Bounding , 2013 .

[13]  Wlodzimierz Bryc,et al.  A uniform approximation to the right normal tail integral , 2002, Appl. Math. Comput..

[14]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[15]  Serge Vaudenay,et al.  Towards Secure Distance Bounding , 2013, FSE.

[16]  Gildas Avoine,et al.  The Swiss-Knife RFID Distance Bounding Protocol , 2008, ICISC.

[17]  Cédric Lauradoux,et al.  A framework for analyzing RFID distance bounding protocols , 2011, J. Comput. Secur..

[18]  Marc Fischlin,et al.  Terrorism in Distance Bounding: Modeling Terrorist-Fraud Resistance , 2013, ACNS.