Abstract
Anonymous Distance-Bounding (DB) protocols allow a prover to convince a verifier that they are within a distance bound from the verifier, without revealing their identity. This is an attractive property that enables the prover to enjoy proximity based services while preserving their privacy. Combination of anonymity and distance-bounding however introduces new security challenges. We show two new realistic attacks, using directional antenna and the collusion of multiple users, that breaks all existing anonymous DB protocols, and propose a new security model that captures these new attacks. We construct a protocol with provable security in this new model and discuss directions for future research.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Agiwal, M., Roy, A., Saxena, N.: Next generation 5G wireless networks: a comprehensive survey. IEEE Commun. Surv. Tutor. 18, 1617–1655 (2016)
Ahmadi, A., Safavi-Naini, R.: Distance-bounding identification. In: Proceedings of the 3rd International Conference on Information Systems Security and Privacy: ICISSP, INSTICC, vol. 1, pp. 202–212. SciTePress (2017)
Ahmadi, A., Safavi-Naini, R., Akand, M.: Anonymous distance-bounding identification. Cryptology ePrint Archive, Report 2018/365 (2018). https://eprint.iacr.org/2018/365
Ahmadi, A., Safavi-Naini, R.: Privacy-preserving distance-bounding proof-of-knowledge. In: 16th ICICS (2014)
Avoine, G., Bingöl, M.A., Kardaş, S., Lauradoux, C., Martin, B.: A framework for analyzing RFID distance bounding protocols. J. Comput. Secur. 19, 289–317 (2011)
Avoine, G., Bultel, X., Gambs, S., Gérault, D., Lafourcade, P., Onete, C., Robert, J.-M.: A terrorist-fraud resistant and extractor-free anonymous distance-bounding protocol. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 800–814. ACM (2017)
Bellare, M., Goldwasser, S.: New paradigms for digital signatures and message authentication based on non-interactive zero knowledge proofs. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 194–211. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_19
Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications. In: Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing (1988)
Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Secure and lightweight distance-bounding. In: Avoine, G., Kara, O. (eds.) LightSec 2013. LNCS, vol. 8162, pp. 97–113. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40392-7_8
Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48285-7_30
Bultel, X., Gambs, S., Gérault, D., Lafourcade, P., Onete, C., Robert, J.-M.: A prover-anonymous and terrorist-fraud resistant distance-bounding protocol. In: WiSec 2016 (2016)
Bussard, L., Bagga, W.: Distance-bounding proof of knowledge protocols to avoid terrorist fraud attacks. Technical report, Institut Eurecom, France (2004)
Cremers, C., Rasmussen, K.B., Schmidt, B., Capkun, S.: Distance hijacking attacks on distance bounding protocols. In: Security and Privacy (2012)
Damgård, I.: On \(\Sigma \)-protocols. Lecture Notes, Department for Computer Science, University of Aarhus (2002)
Damgård, I., Dupont, K., Pedersen, M.Ø.: Unclonable group identification. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 555–572. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_33
Desmedt, Y.: Major security problems with the ünforgeable\(\ddot{(}\)feige-)fiat-Shamir proofs of identity and how to overcome them. In: SECURICOM 1988 (1988)
Francillon, A., Danev, B., Capkun, S.: Relay attacks on passive keyless entry and start systems in modern cars. In: NDSS (2011)
Gennaro, R.: Multi-trapdoor commitments and their applications to proofs of knowledge secure under concurrent man-in-the-middle attacks. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 220–236. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_14
Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)
Guillou, L.C., Quisquater, J.-J.: A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory. In: Barstow, D., et al. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 123–128. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-45961-8_11
Kurosawa, K., Heng, S.-H.: The power of identification schemes. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 364–377. Springer, Heidelberg (2006). https://doi.org/10.1007/11745853_24
Rasmussen, K.B., Capkun, S.: Realization of RF distance bounding. In: USENIX Security Symposium, pp. 389–402 (2010)
Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4, 161–174 (1991)
Vaudenay, S.: On modeling terrorist frauds. In: Susilo, W., Reyhanitabar, R. (eds.) ProvSec 2013. LNCS, vol. 8209, pp. 1–20. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41227-1_1
Vaudenay, S.: Proof of proximity of knowledge. IACR eprint, 695 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Ahmadi, A., Safavi-Naini, R., Akand, M. (2018). New Attacks and Secure Design for Anonymous Distance-Bounding. In: Susilo, W., Yang, G. (eds) Information Security and Privacy. ACISP 2018. Lecture Notes in Computer Science(), vol 10946. Springer, Cham. https://doi.org/10.1007/978-3-319-93638-3_34
Download citation
DOI: https://doi.org/10.1007/978-3-319-93638-3_34
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-93637-6
Online ISBN: 978-3-319-93638-3
eBook Packages: Computer ScienceComputer Science (R0)