Abstract
Distance-bounding anonymous credentials could be used for any location proofs that do not need to identify the prover and thus could make even notoriously invasive mechanisms such as location-based services privacy-preserving. There is, however, no secure distance-bounding protocol for general attribute-based anonymous credentials. Brands and Chaum’s (EUROCRYPT’93) protocol combining distance-bounding and Schnorr identification comes close, but does not fulfill the requirements of modern distance-bounding protocols. For that, we need a secure distance-bounding zero-knowledge proof-of-knowledge resisting mafia fraud, distance fraud, distance hijacking and terrorist fraud.
Our approach is another attempt toward combining distance bounding and Schnorr to construct a distance-bounding zero-knowledge proof-of-knowledge. We construct such a protocol and prove it secure in the (extended) DFKO model for distance bounding. We also performed a symbolic verification of security properties needed for resisting these attacks, implemented in Tamarin.
Encouraged by results from Singh et al. (NDSS’19), we take advantage of lessened constraints on how much can be sent in the fast phase of the distance-bounding protocol and achieve a more efficient protocol. We also provide a version that does not rely on being able to send more than one bit at a time which yields the same properties except for (full) terrorist fraud resistance.
D. Bosk—Thanks to Sébastien Gambs (UQAM), Cristina Onete (Univ. Limoges) and Douglas Wikström (KTH) for valuable discussions. Thanks to Mats Näslund (FRA, KTH) for reading the draft and pointing out several mistakes. Part of the work done while visiting the WIDE team in Inria/CNRS/IRISA/Univ. Rennes. Supported by the Swedish Foundation for Strategic Research grant SSF FFL09-0086.
S. Bouget—Supported by the funding for H2020 project CONCORDIA (Grant Agreement No. 830927). Part of the work done while at KTH, funded by the Swdish Foundation for Strategic Research, grant SSF FFL09-0086.
S. Buchegger—Supported by the Swedish Foundation for Strategic Research grant SSF FFL09-0086.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This means that even things like functional encryption will not help.
- 2.
Note that [9] uses the abbreviation PoPoK, we prefer PPK for shorter notation.
- 3.
One of the two competing formal models for DB protocols.
- 4.
This is due to redundancy for the purpose of error correction.
References
Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48285-7_30
Desmedt, Y., Goutier, C., Bengio, S.: Special uses and abuses of the Fiat-Shamir passport protocol (extended abstract). In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 21–39. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_3
Desmedt, Y.: Major security problems with the ‘unforgeable’(Feige)-Fiat-Shamir proofs of identity and how to overcome them. Proc. SECURICOM 88, 15–17 (1988)
Cremers, C., Rasmussen, K.B., Schmidt, B., Capkun, S.: Distance hijacking attacks on distance bounding protocols. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 113–127. IEEE (2012)
Lee, M.Z., Dunn, A.M., Waters, B., Witchel, E., Katz, J.: Anon-pass: practical anonymous subscriptions. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 319–333. IEEE (2013)
Mauw, S., Smith, Z., Toro-Pozo, J., Trujillo-Rasua, R.: Distance-bounding protocols: verification without time and location. In: IEEE S&P 2018 (Oakland), pp. 152–169 (2018). https://doi.org/10.1109/SP.2018.00001
Bussard, L., Bagga, W.: Distance-bounding proof of knowledge to avoid real-time attacks. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds.) SEC 2005. IAICT, vol. 181, pp. 223–238. Springer, Boston, MA (2005). https://doi.org/10.1007/0-387-25660-1_15
Bay, A., Boureanu, I., Mitrokotsa, A., Spulber, I., Vaudenay, S.: The Bussard-Bagga and other distance-bounding protocols under attacks. In: Kutyłowski, M., Yung, M. (eds.) Inscrypt 2012. LNCS, vol. 7763, pp. 371–391. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38519-3_23
Vaudenay, S.: Sound proof of proximity of knowledge. In: Au, M.-H., Miyaji, A. (eds.) ProvSec 2015. LNCS, vol. 9451, pp. 105–126. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26059-4_6
Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161–174 (1991). https://doi.org/10.1007/BF00196725
Dürholz, U., Fischlin, M., Kasper, M., Onete, C.: A formal approach to distance-bounding RFID protocols. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 47–62. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24861-0_4
Fischlin, M., Onete, C.: Terrorism in distance bounding: modeling terrorist-fraud resistance. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 414–431. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38980-1_26
Avoine, G., et al.: A terrorist-fraud resistant and extractor-free anonymous distance-bounding protocol. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, ASIA CCS 2017, pp. 800–814 (2017). https://doi.org/10.1145/3052973.3053000
Singh, M., Leu, P., Capkun, S.: UWB with pulse reordering: securing ranging against relay and physical-layer attacks. In: 26th Annual Network and Distributed System Security Symposium, NDSS 2019 (2019)
Diffie, W., Van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Designs Codes Cryptogr. 2(2), 107–125 (1992). https://doi.org/10.1007/BF00124891
Camenisch, J.: Group signature schemes and payment systems based on the discrete logarithm problem. Ph.D. thesis, ETH Zurich, Zürich, Switzerland (1998). http://d-nb.info/953066045
Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_4
Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052252
Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Practical and provably secure distance-bounding. J. Comput. Secur. 23(2), 229–257 (2015)
Damgård, I.: On \(\Sigma \)-protocols. In: CPT 2010, vol. 2. http://www.cs.au.dk/~ivan/Sigma.pdf
Gambs, S., Lassance, C.E.R.K., Onete, C.: The not-so-distant future: distance-bounding protocols on smartphones. In: Homma, N., Medwed, M. (eds.) CARDIS 2015. LNCS, vol. 9514, pp. 209–224. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31271-2_13
Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36413-7_20
Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 132–145 (2004)
Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)
Dodis, Y., Yampolskiy, A.: A verifiable random function with short proofs and keys. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 416–431. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30580-4_28
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Bosk, D., Bouget, S., Buchegger, S. (2020). Distance-Bounding, Privacy-Preserving Attribute-Based Credentials. In: Krenn, S., Shulman, H., Vaudenay, S. (eds) Cryptology and Network Security. CANS 2020. Lecture Notes in Computer Science(), vol 12579. Springer, Cham. https://doi.org/10.1007/978-3-030-65411-5_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-65411-5_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-65410-8
Online ISBN: 978-3-030-65411-5
eBook Packages: Computer ScienceComputer Science (R0)