Skip to main content
SpringerLink
Log in

Assumption-Based Analysis of Distance-Bounding Protocols with cpsa

  • Chapter
  • First Online:
Book cover Logic, Language, and Security

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 12300))

Abstract

This paper, dedicated to Andre Scedrov, was inspired by conversations with him about the physical properties of distributed systems. We use cpsa, the strand space protocol analysis tool, to analyze and classify distance-bounding protocols. We introduce a model of strand spaces that explicitly accounts for physical properties like distance. We prove that non-metric, causal facts allow us to infer distance bounds. Moreover, cpsa already provides these causal conclusions about protocols. We apply this method to numerous protocols from the literature. By taking an assumption-based perspective—rather than an attack-based perspective—we introduce a taxonomy of distance-bounding protocols that compares the relative strength of different designs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Indeed, since Andre et al.  [13] proved the underlying problem class to be undecidable, uniform termination is impossible.

  2. 2.

    Cf. https://github.com/mitre/cpsaexp/tree/master/doc/dist_bnd_prots.

References

  1. Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: 28th ACM Symposium on Principles of Programming Languages (POPL 2001), pp. 104–115 (2001)

    Google Scholar 

  2. AlTurki, M.A., Kanovich, M.I., Kirigin, T.B., Nigam, V., Scedrov, A., Talcott, C.L.: Statistical model checking of distance fraud attacks on the hancke-kuhn family of protocols. In: Lie, D., Mannan, M. (eds) Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy, CPS-SPC@CCS 2018, Toronto, ON, Canada, 19 October 2018, pp. 60–71. ACM (2018)

    Google Scholar 

  3. Alturki, M.A., Ban Kirigin, T., Kanovich, M., Nigam, V., Scedrov, A., Talcott, C.: A multiset rewriting model for specifying and verifying timing aspects of security protocols. In: Guttman, J.D., Landwehr, C.E., Meseguer, J., Pavlovic, D. (eds.) Foundations of Security, Protocols, and Equational Reasoning. LNCS, vol. 11565, pp. 192–213. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-19052-1_13

    Chapter  MATH  Google Scholar 

  4. Avoine, G., et al.: A terrorist-fraud resistant and extractor-free anonymous distance-bounding protocol. In: Karri, R., Sinanoglu, O., Sadeghi, A.-R., Yi, X. (eds.) Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2017, Abu Dhabi, United Arab Emirates, 2–6 April 2017, pp. 800–814. ACM (2017)

    Google Scholar 

  5. Avoine, G., et al.: A terrorist-fraud resistant and extractor-free anonymous distance-bounding protocol. IACR Cryptology ePrint Archive 2017, 297 (2017)

    Google Scholar 

  6. Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48285-7_30

    Chapter  Google Scholar 

  7. Chothia, T., de Ruiter, J., Smyth, B.: Modelling and analysis of a hierarchy of distance bounding attacks. In: Enck, W., Felt, A.P. (eds.) 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, 15–17 August 2018, pp. 1563–1580. USENIX Association (2018)

    Google Scholar 

  8. Chothia, T., Garcia, F.D., de Ruiter, J., van den Breekel, J., Thompson, M.: Relay cost bounding for contactless EMV payments. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 189–206. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47854-7_11

    Chapter  Google Scholar 

  9. Cremers, C.J.F., Rasmussen, K.B., Schmidt, B., Čapkun, S.: Distance hijacking attacks on distance bounding protocols. In: IEEE Symposium on Security and Privacy, SP 2012, San Francisco, California, USA, 21–23 May 2012, pp. 113–127. IEEE Computer Society (2012)

    Google Scholar 

  10. Debant, A., Delaune, S.: Symbolic verification of distance bounding protocols. In: Nielson, F., Sands, D. (eds.) POST 2019. LNCS, vol. 11426, pp. 149–174. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17138-4_7

    Chapter  Google Scholar 

  11. Desmedt, Y.: Major security problems with the ‘unforgeable’ (feige)-fiat-shamir proofs of identity and how to overcome them. In: SECURICOM 1988, pp. 15–17 (1988)

    Google Scholar 

  12. Dolev, D., Yao, A.: On the security of public-key protocols. IEEE Trans. Inf. Theory 29, 198–208 (1983)

    Article  MathSciNet  Google Scholar 

  13. Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A.: Multiset rewriting and the complexity of bounded security protocols. J. Comput. Secur. 12(2), 247–311 (2004). Initial version appeared in Workshop on Formal Methods and Security Protocols, 1999

    Article  Google Scholar 

  14. Guttman, J.D.: Shapes: surveying crypto protocol runs. In: Cortier, V., Kremer, S. (eds.) Formal Models and Techniques for Analyzing Security Protocols, Cryptology and Information Security Series. IOS Press (2011)

    Google Scholar 

  15. Guttman, J.D.: Establishing and preserving protocol security goals. J. Comput. Secur. 22(2), 201–267 (2014)

    Article  Google Scholar 

  16. Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: First International Conference on Security and Privacy for Emerging Areas in Communications Networks, SecureComm 2005, Athens, Greece, 5–9 September 2005, pp. 67–73. IEEE (2005)

    Google Scholar 

  17. Kanovich, M., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C.: Timed multiset rewriting and the verification of time-sensitive distributed systems. In: Fränzle, M., Markey, N. (eds.) FORMATS 2016. LNCS, vol. 9884, pp. 228–244. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44878-7_14

    Chapter  MATH  Google Scholar 

  18. Kanovich, M.I., Kirigin, T.B., Nigam, V., Scedrov, A., Talcott, C.L.: Time, computational complexity, and probability in the analysis of distance-bounding protocols. J. Comput. Secur. 25(6), 585–630 (2017)

    Article  Google Scholar 

  19. Kim, C.H., Avoine, G.: RFID distance bounding protocol with mixed challenges to prevent relay attacks. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 119–133. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10433-6_9

    Chapter  Google Scholar 

  20. Kim, C.H., Avoine, G., Koeune, F., Standaert, F.-X., Pereira, O.: The swiss-knife RFID distance bounding protocol. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 98–115. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00730-9_7

    Chapter  Google Scholar 

  21. Maurer, U.M., Schmid, P.E.: A calculus for security bootstrapping in distributed systems. J. Comput. Secur. 4(1), 55–80 (1996)

    Article  Google Scholar 

  22. Mauw, S., Smith, Z., Toro-Pozo, J., Trujillo-Rasua, R.: Distance-bounding protocols: Verification without time and location. In: 2018 IEEE Symposium on Security and Privacy, SP 2018, Proceedings, 21–23 May 2018, San Francisco, California, USA, pp. 549–566. IEEE Computer Society (2018)

    Google Scholar 

  23. Mauw, S., Smith, Z., Toro-Pozo, J., Trujillo-Rasua, R.: Post-collusion security and distance bounding. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, UK, 11–15 November 2019, pp. 941–958. ACM (2019)

    Google Scholar 

  24. Meadows, C.A., Poovendran, R., Pavlovic, D., Chang, L., Syverson, P.F.: Distance bounding protocols: authentication logic analysis and collusion attacks. In: Poovendran, R., Roy, S., Wang, C. (eds.) Secure Localization and Time Synchronization for Wireless Sensor and Ad Hoc Networks. Advances in Information Security, vol. 30, pp. 279–298. Springer, Heidelberg (2007). https://doi.org/10.1007/978-0-387-46276-9_12

    Chapter  Google Scholar 

  25. Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_48

    Chapter  Google Scholar 

  26. Munilla, J., Peinado, A.: Distance bounding protocols for RFID enhanced by using void-challenges and analysis in noisy channels. Wirel. Commun. Mobile Comput. 8(9), 1227–1232 (2008)

    Article  Google Scholar 

  27. Ramsdell, J.D.: Deducing security goals from shape analysis sentences. The MITRE Corporation (2012). http://arxiv.org/abs/1204.0480

  28. Ramsdell, J.D., Guttman, J.D.: CPSA4: A cryptographic protocol shapes analyzer (2017). https://github.com/mitre/cpsaexp

  29. Ramsdell, J.D., Guttman, J.D., Liskov, M.D., Rowe, P.D.: The CPSA Specification: A Reduction System for Searching for Shapes in Cryptographic Protocols. The MITRE Corporation (2009). http://hackage.haskell.org/package/cpsa. source distribution, doc directory

  30. Rasmussen, K.B., Capkun, S.: Realization of RF distance bounding. In: 19th USENIX Security Symposium, Washington, DC, USA, 11–13 August 2010, Proceedings, pp. 389–402. USENIX Association (2010)

    Google Scholar 

  31. Reid, J., Nieto, J.M.G., Tang, T., Senadji, B.: Detecting relay attacks with timing-based protocols. In: Bao, F., Miller, S. (eds.) Proceedings of the 2007 ACM Symposium on Information, Computer and Communications Security, ASIACCS 2007, Singapore, 20–22 March 2007, pp. 204–213. ACM (2007)

    Google Scholar 

  32. Rowe, P.D., Guttman, J.D., Liskov, M.D.: Measuring protocol strength with security goals. Int. J. Inf. Secur. 15(6), 575–596 (2016). https://doi.org/10.1007/s10207-016-0319-z. http://web.cs.wpi.edu/~guttman/pubs/ijis_measuring-security.pdf

  33. Thayer, F.J., Swarup, V., Guttman, J.D.: Metric strand spaces for locale authentication protocols. In: Nishigaki, M., Jøsang, A., Murayama, Y., Marsh, S. (eds.) IFIPTM 2010. IAICT, vol. 321, pp. 79–94. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13446-3_6

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The MITRE Corporation, Bedford, USA

    Paul D. Rowe, Joshua D. Guttman & John D. Ramsdell

Authors
  1. Paul D. Rowe
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joshua D. Guttman
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. John D. Ramsdell
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Paul D. Rowe .

Editor information

Editors and Affiliations

  1. fortiss GmbH, Munich, Germany

    Vivek Nigam

  2. University of Rijeka, Rijeka, Croatia

    Tajana Ban Kirigin

  3. SRI International, Menlo Park, CA, USA

    Carolyn Talcott

  4. Worcester Polytechnic Institute, Worcester, MA, USA

    Joshua Guttman

  5. Steklov Mathematical Institute of the Russian Academy of Sciences, Moscow, Russia

    Stepan Kuznetsov

  6. University of Pennsylvania, Philadelphia, PA, USA

    Boon Thau Loo

  7. Keio University, Tokyo, Japan

    Mitsuhiro Okada

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Rowe, P.D., Guttman, J.D., Ramsdell, J.D. (2020). Assumption-Based Analysis of Distance-Bounding Protocols with cpsa. In: Nigam, V., et al. Logic, Language, and Security. Lecture Notes in Computer Science(), vol 12300. Springer, Cham. https://doi.org/10.1007/978-3-030-62077-6_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-62077-6_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-62076-9

  • Online ISBN: 978-3-030-62077-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation