Abstract
In order to protect a wireless sensor network and an RFID system against wormhole and relay attacks respectively, distance bounding protocols are suggested for the past decade. In these protocols, a verifier authenticates a user as well as estimating an upper bound for the physical distance between the user and itself. Recently, distance bounding protocols, each with a mutual authentication, are proposed to increase the security level for such systems. They are also suggested to be deployed for key agreement protocols in a short-range wireless communication system to prevent Man-in-the-Middle attack. In this paper, a new mutual distance bounding protocol called NMDB is proposed with two security parameters (\(n\) and \(t\)). The parameter \(n\) denotes the number of iterations in an execution of the protocol and the parameter \(t\) presents the number of errors acceptable by the verifier during \(n\) iterations. This novel protocol is implementable in a noisy wireless environment without requiring final confirmation message. Moreover, it is shown that, how this protocol can be employed for the key agreement procedures to resist against Man-in-the-Middle attack. NMDB is also analyzed in a noisy environment to compute the success probability of attackers and the rejection probability of a valid user due to channel errors. The analytically obtained results show that, with the proper selection of the security parameters (\(n\) and \(t\)) in a known noisy environment, NMDB provides an appropriate security level with a reliable performance.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Deng, G., Li, H., Zhang, Y., & Wang, J. (2013). Tree-LSHB+: An LPN-based lightweight mutual authentication RFID protocol. Wireless Personal Communications, 72(1), 159–174.
Gao, L., Ma, M., Shu, Y., & Wei, Y. (2013). A security protocol resistant to intermittent position trace attacks and desynchronization attacks in RFID systems. Wireless Personal Communications, 68(4), 1943–1959.
Rashid, H., & Turuk, A. K. (2013). Localization of wireless sensor networks using a single anchor node. Wireless Personal Communications, 72(2), 975–986.
Manap, Z., Ali, B. M., Ng, C. K., Noordin, N. K., & Sali, A. (2013). A review on hierarchical routing protocols for wireless sensor networks. Wireless Personal Communications, 72(2), 1077–1104.
Jannati, H., & Falahati, A. (2012). Security enhanced user authentication scheme for wireless sensor network. International Journal of Electronic Security and digital forensic, 4(4), 215–228.
Jannati, H., & Falahati, A. (2011). Cryptanalysis and enhancement of a secure group ownership transfer protocol for RFID tags. In C. K. Georgiadis, H. Jahankhani, E. Pimenidis, R. Bashroush, & A. Al-Nemrat (Eds.), LNCS: Vol. 6370. Radio frequency identification: security and privacy issues (RFIDSec 2010) (pp. 186–193). Heidelberg: Springer.
Francis, L., Hancke, G. P., Mayes, K., & Markantonakis, K. (2010). Practical NFC peer-to-peer relay attack using mobile phones. In S. B. Ors Yalcin (Ed.), LNCS: Vol. 6370. Radio frequency identification: security and privacy issues (RFIDSec 2010) (pp. 35–49). Heidelberg: Springer.
Thevenon, P., Savry, O., & Tedjini, S. (2011). On the weakness of contactless systems under relay attacks. In Proceeding of the 19th international conference on software, telecommunications and computer networks (SoftCOM 2011), Split, Croatia (pp. 1–5).
Francillon, A., Danev, B., & Čapkun, S. (2011). Relay attacks on passive keyless entry and start systems in modern cars. In Proceedings of the 18th annual network and distributed system security symposium (NDSS 2011), San Diego. USA: California.
Hu, Y. C., Perrig, A., & Johnson, D. B. (2006). Wormhole attacks in wireless networks. IEEE Journal on Selected Areas in Communications, 24(2), 370–380.
Jain, S., & Baras, J. S. (2012). Preventing wormhole attacks using physical layer authentication. In Proceedings of the wireless communications and networking conference (WCNC 2012), Paris, France (pp. 2712–2717).
Hancke, G. P., & Kuhn, M. (2005). An RFID distance bounding protocol. In Proceedings of the 1st international conference on security and privacy for emergent areas in communications networks (SecureComm 2005), Athens, Greece (pp. 67–73).
Avoine, G., Bingöl, M. A., Kardaş, S., Lauradoux, C., & Martin, B. (2011). A framework for analyzing RFID distance bounding protocols. Journal of Computer Security Special Issue on RFID Security (RFIDSec 2010), 19(2), 289–317. doi:10.3233/JCS-2010-0408.
Hancke, G. P. (2011). Design of a secure distance-bounding channel for RFID. Journal of Network and Computer Applications, 34(3), 877–887.
Avoine, G., & Tchamkerten, A. (2009). An efficient distance bounding RFID authentication protocol: Balancing false-acceptance rate and memory requirement. In P. Samarati, M. Yung, F. Martinelli, & C. A. Ardagna (Eds.), LNCS: Vol. 5735. Information security (ISC 2009) (pp. 250–261). Heidelberg: Springer.
Yum, D. H., Kim, J. S., Hong, S. J., & Lee, P. J. (2011). Distance bounding protocol with adjustable false acceptance rate. IEEE Communications Letters, 15(4), 434–436.
Kim, C. H., & Avoine, G. (2011). RFID distance bounding protocols with mixed challenges. IEEE Transactions on Wireless Communications, 10(5), 1618–1626.
Jannati, H., & Falahati, A. (2012). Mutual implementation of predefined and random challenges over RFID distance bounding protocol. In Proceedings of the 9th international conference on information security and cryptology (ISCISC 2012), Tabriz, Iran (pp. 43–47).
Lee, S., Kim, J. S., Hong, S. J., & Kim, J. (2012). Distance bounding with delayed responses. IEEE Communications Letters, 16(9), 1478–1481.
Kardas, S., Kiraz, M. S., Bingöl, M. A., & Demirci, H. (2012). A novel RFID distance bounding protocol based on physically unclonable functions. In A. Jules & C. Paar (Eds.), LNCS: Vol. 7055. RFID security and privacy (RFIDsec 2012) (pp. 78–93). Heiledberg: Springer.
Kim, J. S., Cho, K., Yum, D. H., Hong, S. J., & Lee, P. J. (2012). Lightweight distance bounding protocol against relay attacks. IEIEC Transactions on Information and Systems, E95-D(4), 1155–1158, doi:10.1587/transinf.E95.D.1155.
Gürel, A. Ö., Arslan, A., & Akgün, M. (2011). Non-uniform stepping approach to RFID distance bounding problem. In J. Garcia-Alfaro, G. Navarro-Arribas, A. Cavalli, & J. Leneutre (Eds.), LNCS: Vol. 6514. Data privacy management and autonomous spontaneous security (DPM 2011) (pp. 64–78). New York: Springer.
Čapkun, S., Buttyán, L., & Hubaux, J. P. (2003). SECTOR: Secure tracking of node encounters in multi-hop wireless networks. In Proceedings of the 1th ACM workshop on security of ad hoc and sensor networks, Fairfax, Virginia, USA (pp. 21–32).
Yum, D. H., Kim, J. S., Hong, S. J., & Lee, P. J. (2011). Distance bounding protocol for mutual authentication. IEEE Transactions on Wireless Communications, 10(2), 592–601.
Avoine, G., & Kim, C. H. (2013). Mutual distance bounding protocols. IEEE Transactions on Mobile Computing, 12(5), 830–839.
Čagalj, M., Čapkun, S., & Hubaux, J. P. (2006). Key agreement in peer-to-peer wireless networks. Proceedings of the IEEE, 94(2), 467–478.
Rasmussen, K. B., Castelluccia, C., Heydt-Benjamin, T. S., Čapkun, S. (2009). Proximity-based access control for implantable medical devices. In Proceedings of the 16th ACM conference on computer and communications security, Chicago, IL, USA (pp. 410–419).
Čagalj, M., Saxena, N., & Uzun, E. (2009). On the usability of secure association of wireless devices based on distance bounding. In J. A. Garay, A. Miyaji, & A. Otsuka (Eds.), LNCS: Vol. 5888. Cryptology and network security (CNS 2009) (pp. 443–462). Heiledberg: Springer.
Čapkun, S., Čagalj, M., Karame, G., & Tippenhauer, N. O. (2010). Integrity regions: Authentication through presence in wireless networks. IEEE Transactions on Mobile Computing, 9(11), 1608–1621.
Cremers, C., Rasmussen, K. B., & Čapkun, S. (2012). Distance hijacking attacks on distance bounding protocols. In Proceedings of IEEE symposium on security and privacy (SP 2012), Can Francisco, CA, USA (pp. 113–127).
Raymond, J. F., & Stiglic, A. (2002). Security issues in the Diffie–Hellman key agreement protocol, Technical Manuscript. Montreal: McGill University.
Jannati, H., & Falahati, A. (2013). Achieving an appropriate security level for distance bounding protocols over a noisy channel. Special Issue on RFID Technology and Applications, Telecommunication Systems.
Falahati, A., & Jannati, H. (2012). Application of distance bounding protocols with random challenges over RFID noisy communication systems. In Proceedings of IET conference on wireless sensor systems (WSS 2012), London, UK (pp. 1–5).
Hoeffding, W. (1963). Probability inequalities for sums of bounded random variables. Journal of the American Statistical Association, 58(301), 13–30.
Author information
Authors and Affiliations
Corresponding author
Appendix: Man-in-the-Middle Attack Over DH–IR Key Agreement Protocol
Appendix: Man-in-the-Middle Attack Over DH–IR Key Agreement Protocol
Čapkun et al. [29] improved Diffie–Hellman key agreement scheme using a DB protocol, named DH–IR protocol. In this protocol, both user \(A\) and user \(B\) compute the commitment/opening pairs \((c_A,o_A)\) and \((c_B,o_B)\) by applying a commitment scheme to messages \(m_A=ID_A\Vert g^{x_A}\Vert N_A\) and \(m_B=ID_B\Vert g^{x_B}\Vert N_B\), respectively (here \(N_A\) and \(N_B\) are two \(n\)-bit random sequences and \(ID_A\) and \(ID_B\) are two public identifiers for users \(A\) and \(B\), respectively). In the first four messages of the protocol, user \(A\) and user \(B\) exchange \(c_A\), \(c_B\), \(o_A\) and \(o_B\) as shown in Fig. 10. Then, user \(A\) and user \(B\) open the commitments and verify the correctness of \(ID_B\) and \(ID_A\), respectively. If the verification is correct, each user computes the \(n\)-bit sequence as \(N_A\oplus {N_B}\). Next, as shown in Fig. 10, a DB protocol is started by user \(A\) and user \(B\) for \(n\) rounds. At each round of the rapid bit exchange, e.g., \(i\)th round, user \(A\) sends a random bit \(C_i\) as the challenge bit to user \(B\). User \(B\) also sends back \(R_i=C_i\oplus {(s_B)_i}\) as the response bit. Hence, in addition to user \(B'\)s authentication, user \(A\) estimates an upper bound for the physical distance between the user \(B\) and itself. However, if this DB protocol successfully ends, then user \(A\) and user \(B\) accept \(K_{AB}=g^{x_Ax_B}\) as the shared secret key.
DH–IR key agreement protocol [29]
Now, suppose that the attacker \(A_M\) want to perform the MITM attack on DH–IR protocol. It is assumed that the attacker \(A_M\) locates outside of two spherical spaces centred around user \(A\) and user \(B\) with radius \(d\) while it is able to modify and transmit signals between \(A\) and \(B\) (the attacker \(A_M\) is a powerful attacker that can perform the signal jamming attack).
In this attack, when DH–IR protocol is started by user \(A\) and user \(B\), the attacker \(A_M\) interrupts the first four messages exchanged between \(A\) and \(B\) at the beginning of the protocol (i.e., \(c_A\), \(c_B\), \(o_A\) and \(o_B\)) and then it transmits \(\widehat{c}_A\), \(\widehat{c}_B\), \(\widehat{o}_A\) and \(\widehat{o}_B\) instead of them as shown in Fig. 11. Hence, when user \(A\) opens the commitment, it obtains \(\widehat{N}_B\) and \(g^{x_R}\) instead of \(N_B\) and \(g^{x_B}\), respectively. User \(B\) also obtains \(\widehat{N}_A\) and \(g^{x_R}\) instead of \(N_A\) and \(g^{x_A}\), respectively.
Man-in-the-Middle attack over DH–IR key agreement protocol
Next, for the correct execution of the DB protocol, at each round of the rapid bit exchange, e.g., \(i\)th round, the attacker \(A_M\) must adopt the response bit computed with \({(\widehat{s}_B)_i}={(\widehat{N}_A)_i}\oplus {(N_B)_i}\) to the response bit computed with \({(\widehat{s}_A)_i}={({N_A})_i}\oplus {(\widehat{N}_B)_i}\). Although the attacker \(A_M\) is farther than the allowable distance, but since \(A_M\) knows \(\widehat{N}_A\), \(\widehat{N}_B\), \(N_A\) and \(N_B\) at start of the rapid bit exchange step, it can adopt the response bit computed by user \(B\), i.e., \(R_i={C_i}\oplus {(\widehat{s}_B)_i}\), to its desirable response bit, i.e., \(\widehat{R}_i={C_i}\oplus {(\widehat{s}_A)_i}\). Hence, at each round, the attacker \(A_M\) transmits a suitable signal between \(A\) and \(B\) at a particular time to change \(R_i\) to \(\widehat{R}_i\). When \({({N_A})_i}\oplus {(\widehat{N}_B)_i}\) is equal to \({(\widehat{N}_A)_i}\oplus {({N_B})_i}\), then \(\widehat{R}_i=R_i\); so in this case \(A_M\) sends no signal between \(A\) and \(B\). But if they are not equal, then \(\widehat{R}_i=R_i\oplus {1}\); so in this case \(A_M\) must modify the response bit \(R_i\). Therefore, user \(A\) and user \(B\) cannot detect the attack and accept the secret keys \(g^{x_Ax_R}\) and \(g^{x_Bx_R}\), respectively. It is notable that the attacker \(A_M\) have an access to both secret keys \(g^{x_Ax_R}\) and \(g^{x_Bx_R}\). Consequently, \(A_M\) succeeds to perform Man-in-the-Middle attack.
Rights and permissions
About this article
Cite this article
Jannati, H., Falahati, A. Mutual Distance Bounding Protocol with Its Implementability Over a Noisy Channel and Its Utilization for Key Agreement in Peer-to-Peer Wireless Networks. Wireless Pers Commun 77, 127–149 (2014). https://doi.org/10.1007/s11277-013-1498-9
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-013-1498-9