Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Multichannel Protocols to Prevent Relay Attacks

  • Conference paper
Financial Cryptography and Data Security (FC 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6052))

Included in the following conference series:

Abstract

A number of security systems, from Chip-and-PIN payment cards to contactless subway and train tokens, as well as secure localization systems, are vulnerable to relay attacks.

Encrypting the communication between the honest endpoints does not protect against such attacks. The main solution that has been offered to date is distance bounding, in which a tightly timed exchange of challenges and responses persuades the verifier that the prover cannot be further away than a certain distance. This solution, however, still won’t say whether the specific endpoint the verifier is talking to is the intended one or not—it will only tell the verifier whether the real prover is “nearby”.

Are there any alternatives? We propose a more general paradigm based on multichannel protocols. Our class of protocols, of which distance bounding can be modelled as a special case, allows a precise answer to be given to the question of whether the unknown device in front of the potential victim is a relaying attacker or the device with which the victim intended to communicate.

We discuss several instantiations of our solution and point out the extent to which all these countermeasures rely, often implicitly, on the alertness of a honest human taking part in the protocol.

Revision 39 of 2010-02-27 22:23:18 +0100 (Sat, 27 Feb 2010).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Bennett, C., Brassard, G.: Quantum cryptography: Public-key distribution and coin tossing. In: Proc. IEEE ICCSSP (1984)

    Google Scholar 

  2. Beth, T., Desmedt, Y.: Identification Tokens — or: Solving the Chess Grandmaster Problem. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 169–176. Springer, Heidelberg (1991)

    Google Scholar 

  3. Brands, S., Chaum, D.: Distance-Bounding Protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)

    Google Scholar 

  4. Christianson, B., Li, J.: Multi-channel Key Agreement using Encrypted Public Key Exchange. In: Proc. Security Protocols Workshop 2007. LNCS, vol. 5964. Springer, Heidelberg (2007)

    Google Scholar 

  5. Clulow, J., Hancke, G., Kuhn, M., Moore, T.: So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks. In: Buttyán, L., Gligor, V.D., Westhoff, D. (eds.) ESAS 2006. LNCS, vol. 4357, pp. 83–97. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  6. Conway, J.: On numbers and games. Academic Press, London (1976)

    MATH  Google Scholar 

  7. Damgård, I., Nielsen, J.B., Wichs, D.: Isolated Proofs of Knowledge and Isolated Zero Knowledge. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 509–526. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  8. Desmedt, Y., Goutier, C., Bengio, S.: Special Uses and Abuses of the Fiat-Shamir Passport Protocol. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 21–39. Springer, Heidelberg (1988)

    Google Scholar 

  9. Drimer, S., Murdoch, S.: Keep your enemies close: distance bounding against smartcard relay attacks. In: Proc. USENIX Security 2007 (2007)

    Google Scholar 

  10. Ekert, A.: Quantum cryptography based on Bell’s theorem. Physical Review Letters 67(6), 661 (1991)

    Article  MATH  MathSciNet  Google Scholar 

  11. Hancke, G.: Security of proximity identification systems. Tech. Rep. 752, University of Cambridge (2009)

    Google Scholar 

  12. Hancke, G., Kuhn, M.: An RFID Distance Bounding Protocol. In: Proc. IEEE Securecomm 2005 (2005)

    Google Scholar 

  13. Holmquist, L., Mattern, F., Schiele, B., Alahuhta, P., Beigl, M., Gellersen, H.: Smart-Its Friends: A Technique for Users to Easily Establish Connections between Smart Artefacts. In: Abowd, G.D., Brumitt, B., Shafer, S. (eds.) UbiComp 2001. LNCS, vol. 2201, p. 116. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  14. Mayrhofer, R., Gellersen, H.: Shake well before use: Intuitive and Secure Pairing of Mobile Devices. IEEE Trans. Mobile Computing 8(6), 792–806 (2009)

    Article  Google Scholar 

  15. McCune, J., Perrig, A., Reiter, M.: Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication. In: Proc. IEEE Security and Privacy 2005 (2005)

    Google Scholar 

  16. Nguyen, L., Roscoe, A.: Authentication protocols based on low-bandwidth unspoofable channels: a comparative survey (2009) (manuscript)

    Google Scholar 

  17. Pappu, R., Recht, B., Taylor, J., Gershenfeld, N.: Physical One-Way Functions. Science 297(5589), 2026–2030 (2002)

    Article  Google Scholar 

  18. Pavlovic, D., Meadows, C.: Deriving Authentication for Pervasive Security. In: Proc. ACM ISTPS 2008 (2008)

    Google Scholar 

  19. Stajano, F., Wilson, P.: Understanding scam victims: seven principles for systems security. Tech. rep. 754, University of Cambridge (2009)

    Google Scholar 

  20. Wong, F., Stajano, F.: Multi-channel Protocols. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2005. LNCS, vol. 4631, pp. 112–127. Springer, Heidelberg (2007); See also the extended and revised version in IEEE Pervasive Computing 6(4), 31–39 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Cambridge Computer Laboratory, Cambridge, United Kingdom

    Frank Stajano

  2. DSO National Laboratories, Singapore

    Ford-Long Wong

  3. School of Computer Science, University of Hertfordshire, Hatfield, United Kingdom

    Bruce Christianson

Authors
  1. Frank Stajano
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ford-Long Wong
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bruce Christianson
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, Stony Brook, Stony Brook University, 11794, NY, USA

    Radu Sion

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Stajano, F., Wong, FL., Christianson, B. (2010). Multichannel Protocols to Prevent Relay Attacks. In: Sion, R. (eds) Financial Cryptography and Data Security. FC 2010. Lecture Notes in Computer Science, vol 6052. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14577-3_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14577-3_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14576-6

  • Online ISBN: 978-3-642-14577-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation