research-article

A Terrorist-fraud Resistant and Extractor-free Anonymous Distance-bounding Protocol

Authors:

Sébastien Gambs,

David Gérault,

Pascal Lafourcade,

Cristina Onete,

Jean-Marc RobertAuthors Info & Claims

ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

Pages 800 - 814

https://doi.org/10.1145/3052973.3053000

Published: 02 April 2017 Publication History

Abstract

Distance-bounding protocols have been introduced to thwart relay attacks against contactless authentication protocols. In this context, verifiers have to authenticate the credentials of untrusted provers. Unfortunately, these protocols are themselves subject to complex threats such as terrorist-fraud attacks, in which a malicious prover helps an accomplice to authenticate. Provably guaranteeing the resistance of distance-bounding protocols to these attacks is complex. The classical solutions assume that rational provers want to protect their long-term authentication credentials, even with respect to their accomplices. Thus, terrorist-fraud resistant protocols generally rely on artificial extraction mechanisms, ensuring that an accomplice can retrieve the credential of his partnering prover, if he is able to authenticate. We propose a novel approach to obtain provable terrorist-fraud resistant protocols that does not rely on an accomplice being able to extract any long-term key. Instead, we simply assume that he can replay the information received from the prover. Thus, rational provers should refuse to cooperate with third parties if they can impersonate them freely afterwards. We introduce a generic construction for provably secure distance-bounding protocols, and give three instances of this construction: (1) an efficient symmetric-key protocol, (2) a public-key protocol protecting the identities of provers against external eavesdroppers, and finally (3) a fully anonymous protocol protecting the identities of provers even against malicious verifiers that try to profile them.

References

[1]

Ahmadi, A., and Safavi-Naini, R. Privacy-preserving distance-bounding proof-of-knowledge. In Proc. of the 16th Int. Conf. on Information and Communications Security - Revised Selected Papers, LNCS. Springer, 2014, pp. 74--88.

Digital Library

[2]

Avoine, G., Bingöl, M. A., Kardaş, S., Lauradoux, C., and Martin, B. A formal framework for analyzing RFID distance bounding protocols. Journal of Computer Security - Special Issue on RFID System Security 19, 2 (2010), 289--317.

Digital Library

[3]

Avoine, G., Lauradoux, C., and Martin, B. How secret-sharing can defeat terrorist fraud. In Proc. of WiSec (2011), ACM, pp. 145--156.

Digital Library

[4]

Bengio, S., Brassard, G., Desmedt, Y. G., Goutier, C., and Quisquater, J.-J. Secure implementation of identification systems. Journal of Cryptology 4, 3 (1991), 175--183.

Digital Library

[5]

Boureanu, I., Mitrokotsa, A., and S.Vaudenay. Secure and lightweight distance-bounding. In Proc. of LightSec (2013), LNCS, Springer, pp. 97--113.

[6]

Boureanu, I., Mitrokotsa, A., and Vaudenay, S. On the pseudorandom function assumption in (secure) distance-bounding protocols: PRF-ness alone does not stop the frauds! In Proc. of the 2nd Int. Conf. on Cryptology and Information Security in Latin America (2012), LNCS, Springer, pp. 100--120.

Digital Library

[7]

Boureanu, I., Mitrokotsa, A., and Vaudenay, S. Practical & provably secure distance-bounding. Cryptology ePrint Archive, Report 2013/465, 2013.

[8]

Boureanu, I., Mitrokotsa, A., and Vaudenay, S. Towards secure distance bounding. In Proc. of Fast Software Encryption, LNCS. Springer, 2014, pp. 55--67.

[9]

Boureanu, I., and Vaudenay, S. Optimal proximity proofs. In Proc. 10th Int. Conf. Inscrypt 2014 (2014), LNCS, Springer, pp. 170--190.

[10]

Brands, S., and Chaum, D. Distance-bounding protocols. In Proc. of Advances in Cryptology -- EUROCRYPT (1993), LNCS, Springer, pp. 344--359.

Digital Library

[11]

Brelurut, A., Gérault, D., and Lafourcade, P. Survey of distance bounding protocols and threats. In Proc. of 8th Int. Symp. on Foundations and Practice of Security (2015), LNCS, Springer, pp. 29--49.

[12]

Bultel, X., Gambs, S., Gérault, D., Lafourcade, P., Onete, C., and Robert, J.-M. A prover-anonymous and terrorist-fraud resistant distance-bounding protocol. In Proc. of WiSec (2016), ACM.

Digital Library

[13]

Bussard, L., and Bagga, W. Distance-bounding proof of knowledge to avoid real-time attacks. In Proc. of Security and Privacy in the Age of Ubiquitous Computing (2005), IFIP International Federation for Information Processing, Springer, pp. 222--238.

[14]

Cremers, C., Rasmussen, K. B., Schmidt, B., and Capkun, S. Distance hijacking attacks on distance bounding protocols. In Proc. of IEEE Symp. on Security and Privacy (2012), IEEE, pp. 113--127.

Digital Library

[15]

Dürholz, U., Fischlin, M., Kasper, M., and Onete, C. A formal approach to distance bounding RFID protocols. In Proc. of ISC (2011), vol. 7001 of LNCS, Springer, pp. 47--62.

Digital Library

[16]

Dürholz, U., Fischlin, M., Kasper, M., and Onete, C. A formal approach to distance-bounding RFID protocols. In Proc. of Int. Conf. on Information Security, LNCS. Springer, 2011, pp. 47--62.

Digital Library

[17]

Fischlin, M., and Onete, C. Terrorism in distance bounding: Modeling terrorist fraud resistance. In Proc. of ACNS (2013), LNCS, Springer, pp. 414--431.

Digital Library

[18]

Gambs, S., Killijian, M., and del Prado Cortez, M. N. Show me how you move and I will tell you who you are. Trans. Data Privacy 4, 2 (2011), 103--126.

Digital Library

[19]

Gambs, S., Onete, C., and Robert, J.-M. Prover anonymous and deniable distance-bounding authentication. In Proc. of AsiaCCS (2014), ACM, pp. 501--506.

Digital Library

[20]

Hermans, J., Peeters, R., and Onete, C. Efficient, secure, private distance bounding without key updates. In Proc. of WiSec (2013), ACM, pp. 207--218.

Digital Library

[21]

Kim, C. H., Avoine, G., Koeune, F., Standaert, F., and Pereira, O. The Swiss-Knife RFID distance bounding protocol. In Proc. of Information Security and Cryptology (2008), LNCS, Springer, pp. 98--115.

[22]

Nakanishi, T., Fujii, H., Hira, Y., and Funabiki, N. Revocable group signature schemes with constant costs for signing and verifying. In Proc. of Public Key Cryptography, LNCS. Springer, 2009, pp. 463--480.

Digital Library

[23]

Shoup, V. Sequences of games: a tool for taming complexity in security proofs, 2004. URL: http://eprint.iacr.org/2004/332.

[24]

Vaudenay, S. On privacy models for RFID. In Proc. of Advances in Cryptology -- Asiacrypt (2007), LNCS, Springer, pp. 68--87.

Digital Library

[25]

Vaudenay, S. Private and secure public-key distance bounding: Application to NFC payment. In Proc. of Financial Cryptography (2015), LNCS, Springer, pp. 207--216.

[26]

Vaudenay, S. Sound proof of proximity of knowledge. In Proc. of 9th Int. Conf. ProvSec (2015), LNCS, Springer, pp. 105--126.

Digital Library

Cited By

Pan HWang YWang WCao PYe FWu Q(2024)Privacy-preserving location authentication for low-altitude UAVs: A blockchain-based approachSecurity and Safety10.1051/sands/20240043(2024004)Online publication date: 16-Apr-2024
https://doi.org/10.1051/sands/2024004
GÉRAULT DLAFOURCADE PROBERT LMendiboure L(2024)Distance‐Bounding ProtocolsCooperative Intelligent Transport Systems10.1002/9781394325849.ch11(273-293)Online publication date: 11-Oct-2024
https://doi.org/10.1002/9781394325849.ch11
Akand MSafavi-Naini RKneppers MGiraud MLafourcade P(2023)Privacy-Preserving Proof-of-Location With Security Against Geo-TamperingIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.312807320:1(131-146)Online publication date: 1-Jan-2023
https://doi.org/10.1109/TDSC.2021.3128073
Show More Cited By

Recommendations

Prover anonymous and deniable distance-bounding authentication
ASIA CCS '14: Proceedings of the 9th ACM symposium on Information, computer and communications security

In distance-bounding authentication protocols, a verifier assesses that a prover is (1) legitimate and (2) in the verifier's proximity. Proximity checking is done by running time-critical exchanges between both parties. This enables the verifier to ...
A Prover-Anonymous and Terrorist-Fraud Resistant Distance-Bounding Protocol
WiSec '16: Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks

Contactless communications have become omnipresent in our daily lives, from simple access cards to electronic passports. Such systems are particularly vulnerable to relay attacks, in which an adversary relays the messages from a prover to a verifier. ...
An Ultra-Lightweight Mutual Authentication Protocol Based on LPN Problem with Distance Fraud Resistant
Abstract
RFID tags are one of the main enablers of the internet of things. All objects have to be equipped with an electronic product code such as RFID tags. Because of minimizing the price, RFID environments are resource-scarce, then designing ultra-...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

April 2017

952 pages

ISBN:9781450349444

DOI:10.1145/3052973

General Chairs:
Ramesh Karri
New York University, New York, USA
,
Ozgur Sinanoglu
New York University Abu Dhabi, UAE
,
Program Chairs:
Ahmad-Reza Sadeghi
Technische Universität Darmstadt, Germany
,
Xun Yi
RMIT University, Australia

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 April 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Canadian Network for Research and Innovation in Machining Technology, Natural Sciences and Engineering Research Council of Canada
European Regional Development Fund
Conseil Régional d'Auvergne
European Cooperation in Science and Technology
Digital Trust Chair of the University of Auvergne

Conference

ASIA CCS '17

Sponsor:

SIGSAC

ASIA CCS '17: ACM Asia Conference on Computer and Communications Security

April 2 - 6, 2017

Abu Dhabi, United Arab Emirates

Acceptance Rates

ASIA CCS '17 Paper Acceptance Rate 67 of 359 submissions, 19%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

31
Total Citations
View Citations
189
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Pan HWang YWang WCao PYe FWu Q(2024)Privacy-preserving location authentication for low-altitude UAVs: A blockchain-based approachSecurity and Safety10.1051/sands/20240043(2024004)Online publication date: 16-Apr-2024
https://doi.org/10.1051/sands/2024004
GÉRAULT DLAFOURCADE PROBERT LMendiboure L(2024)Distance‐Bounding ProtocolsCooperative Intelligent Transport Systems10.1002/9781394325849.ch11(273-293)Online publication date: 11-Oct-2024
https://doi.org/10.1002/9781394325849.ch11
Akand MSafavi-Naini RKneppers MGiraud MLafourcade P(2023)Privacy-Preserving Proof-of-Location With Security Against Geo-TamperingIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.312807320:1(131-146)Online publication date: 1-Jan-2023
https://doi.org/10.1109/TDSC.2021.3128073
Akand MSafavi-Naini RAvizheh S(2023)Composable Anonymous Proof-of-Location With User-Controlled Offline AccessIEEE Access10.1109/ACCESS.2023.327939511(50884-50898)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3279395
Debant ADelaune SWiedling C(2022)So Near and Yet So Far – Symbolic Verification of Distance-Bounding ProtocolsACM Transactions on Privacy and Security10.1145/350140225:2(1-39)Online publication date: 1-Jul-2022
https://dl.acm.org/doi/10.1145/3501402
Boureanu IDrăgan CDupressoir FGérault DLafourcade P(2021)Mechanised Models and Proofs for Distance-Bounding2021 IEEE 34th Computer Security Foundations Symposium (CSF)10.1109/CSF51468.2021.00049(1-16)Online publication date: Jun-2021
https://doi.org/10.1109/CSF51468.2021.00049
Qu YNosouhi MCui LYu SQu YNosouhi MCui LYu S(2021)Personalized Privacy Protection SolutionsPersonalized Privacy Protection in Big Data10.1007/978-981-16-3750-6_4(23-130)Online publication date: 24-Jul-2021
https://doi.org/10.1007/978-981-16-3750-6_4
Gerault D(2021)Short Paper: Terrorist Fraud in Distance Bounding: Getting Around the ModelsFinancial Cryptography and Data Security10.1007/978-3-662-64322-8_17(351-359)Online publication date: 23-Oct-2021
https://doi.org/10.1007/978-3-662-64322-8_17
Avoine GBoureanu IGérault DHancke GLafourcade POnete C(2021)From Relay Attacks to Distance-Bounding ProtocolsSecurity of Ubiquitous Computing Systems10.1007/978-3-030-10591-4_7(113-130)Online publication date: 15-Jan-2021
https://doi.org/10.1007/978-3-030-10591-4_7
Jho NYoun T(2020)Dynamic Membership Management in Anonymous and Deniable Distance BoundingSustainability10.3390/su12241033012:24(10330)Online publication date: 10-Dec-2020
https://doi.org/10.3390/su122410330
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten