Formal Analysis of Distance Bounding with Secure Hardware

A distance bounding (DB) protocol is a two-party authentication protocol between a prover and a verifier which is based on the distance between the prover and the verifier. It aims to defeat threats by malicious provers who try to convince that they are closer to the verifier or adversaries which seek to impersonate a far-away prover. All these threats are covered in several security definitions and it is not possible to have a single definition covering all. In this paper, we describe a new DB model with three parties where the new party is named hardware. In this model, called secure hardware model (SHM), the hardware is held by the prover without being able to tamper with. We define an all-in-one security model which covers all the threats of DB and an appropriate privacy notion for SHM. In the end, we construct the most efficient (in terms of computation by the prover-hardware and number of rounds) and secure DB protocols achieving the optimal security bounds as well as privacy.

[1]  Frederik Vercauteren,et al.  A New RFID Privacy Model , 2011, ESORICS.

[2]  Laurent Bussard,et al.  Distance-Bounding Proof of Knowledge to Avoid Real-Time Attacks , 2005, SEC.

[3]  Cédric Lauradoux,et al.  A framework for analyzing RFID distance bounding protocols , 2011, J. Comput. Secur..

[4]  Laurent Bussard,et al.  Embedding Distance-Bounding Protocols within Intuitive Interactions , 2003, SPC.

[5]  Serge Vaudenay,et al.  Efficient Public-Key Distance Bounding Protocol , 2016, ASIACRYPT.

[6]  Serge Vaudenay,et al.  Secure and Lightweight Distance-Bounding , 2013, LightSec.

[7]  Serge Vaudenay,et al.  On Privacy for RFID , 2015, ProvSec.

[8]  Gildas Avoine,et al.  The Swiss-Knife RFID Distance Bounding Protocol , 2008, ICISC.

[9]  Serge Vaudenay,et al.  Optimal Proximity Proofs , 2014, Inscrypt.

[10]  Mihir Bellare,et al.  Key-Privacy in Public-Key Encryption , 2001, ASIACRYPT.

[11]  Marc Fischlin,et al.  A Formal Approach to Distance-Bounding RFID Protocols , 2011, ISC.

[12]  Serge Vaudenay Private and Secure Public-Key Distance Bounding - Application to NFC Payment , 2015, Financial Cryptography.

[13]  Srdjan Capkun,et al.  SECTOR: secure tracking of node encounters in multi-hop wireless networks , 2003, SASN '03.

[14]  Roel Peeters,et al.  Efficient, secure, private distance bounding without key updates , 2013, WiSec '13.

[15]  Sébastien Gambs,et al.  A Prover-Anonymous and Terrorist-Fraud Resistant Distance-Bounding Protocol , 2016, WISEC.

[16]  Bart Preneel,et al.  Location verification using secure distance bounding protocols , 2005, IEEE International Conference on Mobile Adhoc and Sensor Systems Conference, 2005..

[17]  Marc Fischlin,et al.  Terrorism in Distance Bounding: Modeling Terrorist-Fraud Resistance , 2013, ACNS.

[18]  David Pointcheval,et al.  The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes , 2001, Public Key Cryptography.

[19]  Sébastien Gambs,et al.  A Terrorist-fraud Resistant and Extractor-free Anonymous Distance-bounding Protocol , 2017, IACR Cryptol. ePrint Arch..

[20]  Juan Manuel González Nieto,et al.  Detecting relay attacks with timing-based protocols , 2007, ASIACCS '07.

[21]  Serge Vaudenay,et al.  Sound Proof of Proximity of Knowledge , 2015, ProvSec.

[22]  Serge Vaudenay On Modeling Terrorist Frauds - Addressing Collusion in Distance Bounding Protocols , 2013, ProvSec.

[23]  Bart Preneel,et al.  Distance Bounding in Noisy Environments , 2007, ESAS.

[24]  Gerhard P. Hancke,et al.  A Practical Relay Attack on ISO 14443 Proximity Cards , 2005 .

[25]  Serge Vaudenay,et al.  Optimal Proximity Proofs Revisited , 2015, ACNS.

[26]  Srdjan Capkun,et al.  Distance Hijacking Attacks on Distance Bounding Protocols , 2012, 2012 IEEE Symposium on Security and Privacy.

[27]  David Chaum,et al.  Distance-Bounding Protocols (Extended Abstract) , 1994, EUROCRYPT.