ABSTRACT
Terrorist fraud is a relay attack against distance bounding protocols where the prover conspires with an adversary to misrepresent the distance between himself and the verifier. In ideal situations, the adversary does not gain any knowledge about the prover's long-term secret. This makes designing a distance bounding protocol resistant to a such fraud tricky: the secrets of an honest prover must be protected, while those of a dishonest one should be disclosed as an incentive not to cheat. In this paper, we demonstrate that using a secret-sharing scheme, possibly based on threshold cryptography, is well suited for thwarting terrorist fraud. Although such an idea has been around since the work of Bussard and Bagga, this is the first time that secret-sharing and terrorist fraud have been systematically studied altogether. We prove that secret sharing can counter terrorist fraud, and we detail a method that can be applied directly to most existing distance bounding protocols. We illustrate our method on the protocol of Hancke and Kuhn, yielding two variants: the threshold distance bounding (tdb) protocol and the thrifty threshold distance bounding (ttdb) protocol. We define the adversarial strategies that attempt to gain some knowledge on the prover's long-term secret, evaluate the amount of information disclosed, and determine the adversary's success probability.
- G. Avoine, M. A. Bingöl, S. Kardaş, C. Lauradoux, and B. Martin. A Framework for Analyzing RFID Distance Bounding Protocols. Journal of Computer Security -- Special Issue on RFID System Security, 2010. Google ScholarDigital Library
- G. Avoine, E. Dysli, and P. Oechslin. Reducing Time Complexity in RFID Systems. In Selected Areas in Cryptography -- SAC 2005, volume 3897 of Lecture Notes in Computer Science, pages 291--306, Kingston, Canada, August 2005. Springer-Verlag. Google ScholarDigital Library
- G. Avoine, C. Floerkemeier, and B. Martin. RFID Distance Bounding Multistate Enhancement. In International Conference on Cryptology in India - Indocrypt 2009, volume 5922 of Lecture Notes in Computer Science, pages 290--307. Springer-Verlag, 2009. Google ScholarDigital Library
- S. Bengio, G. Brassard, Y. Desmedt, C. Goutier, and J.-J. Quisquater. Secure implementation of identification systems. Journal of Cryptology, 4(3):175--183, 1991.Google ScholarDigital Library
- T. Beth and Y. Desmedt. Identification Tokens - or: Solving the Chess Grandmaster Problem. In Advances in Cryptology - CRYPTO '90, volume 537 of Lecture Notes in Computer Science, pages 169--177, Santa Barbara, CA, USA, August 1990. Springer-Verlag. Google ScholarDigital Library
- G. R. Blakley. Safeguarding cryptographic keys. In AFIPS 1979 National Computer Conference, volume 48, pages 313--317, Arlington, NY, USA, 1979--317.Google ScholarCross Ref
- M. Blaze. Looking on the Bright Side of Black-Box Cryptography (Transcript of Discussion). In Security Protocols Workshop, volume 2133 of Lecture Notes in Computer Science, pages 54--61, Cambridge, UK, April 2000. Springer-Verlag. Google ScholarDigital Library
- S. Brands and D. Chaum. Distance-Bounding Protocols. In Advances in Cryptology - EUROCRYPT'93, volume 765 of Lecture Notes in Computer Science, pages 344--359, Lofthus, Norway, May 1993. Springer-Verlag. Google ScholarDigital Library
- E. F. Brickell and D. M.Davenport. On the classification of ideal secret sharing schemes. Journal of Cryptology, 4:123--134, 1991.Google ScholarDigital Library
- L. Bussard. Trust Establishement Protocols for Communications Devices. PhD thesis, Eurecom-ENST, 2004.Google Scholar
- L. Bussard and W. Bagga. Distance-bounding proof of knowledge to avoid real-time attacks. In Security and Privacy in the Age of Ubiquitous Computing, volume 181 of IFIP International Federation for Information Processing, pages 223--238. Springer-Verlag, 2005.Google ScholarCross Ref
- L. Csirmaz. The Size of a Share Must Be Large. In Advances in Cryptology - EUROCRYPT '94, volume 950 of Lecture Notes in Computer Science, pages 13--22, Perugia, Italy, 1994. Springer-Verlag.Google Scholar
- Y. Desmedt, C. Goutier, and S. Bengio. Special Uses and Abuses of the Fiat-Shamir Passport Protocol. In Advances in Cryptology - CRYPTO'87, volume 293 of Lecture Notes in Computer Science, pages 21--39, Santa Barbara, CA, USA, August 1988. Springer-Verlag. Google ScholarDigital Library
- S. Drimer and S. J. Murdoch. Keep your enemies close: distance bounding against smartcard relay attacks. In 16th USENIX Security Symposium on USENIX Security Symposium, pages 1--16, Santa Clara, CA, USA, June 2007. USENIX Association. Google ScholarDigital Library
- M. Flury, M. Poturalski, P. Papadimitratos, J.-P. Hubaux, and J.-Y. L. Boudec. Effectiveness of distance-decreasing attacks against impulse radio ranging. In ACM Conference on Wireless Network Security - WISEC 2010, pages 117--128, Hoboken, NJ, USA, 2010. ACM. Google ScholarDigital Library
- G. P. Hancke. Design of a Secure Distance-Bounding Channel for RFID. Journal of Network and Computer Applications, May 2010. Google ScholarDigital Library
- G. P. Hancke and M. Kuhn. An RFID Distance Bounding Protocol. In Conference on Security and Privacy for Emerging Areas in Communication Networks -- SecureComm 2005, pages 67--73, Athens, Greece, September 2005. IEEE Computer Society. Google ScholarDigital Library
- G. P. Hancke and M. G. Kuhn. Attacks on time-of-flight distance bounding channels. In ACM Conference on Wireless Network Security - WISEC 2008, pages 194--202, Alexandria, VA, USA, March 2008. ACM. Google ScholarDigital Library
- International Organization for Standardization. ISO/IEC 9798 -- Information technology -- Security techniques -- Entity authentication, 1997 -- 2008.Google Scholar
- A. Joux. Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions. In Advances in Cryptology - CRYPTO 2004, volume 3152 of Lecture Notes in Computer Science, pages 306--316, Santa Barbara, CA, USA, August 2004. Springer-Verlag.Google ScholarCross Ref
- C. H. Kim and G. Avoine. RFID distance bounding protocol with mixed challenges to prevent relay attacks. In International Conference on Cryptology and Network Security - CANS, volume 5888 of Lecture Notes in Computer Science, pages 119--133, Kanazawa, Ishikawa, Japan, December 2009. Springer-Verlag. Google ScholarDigital Library
- C. H. Kim, G. Avoine, F. Koeune, F.-X. Standaert, and O. Pereira. The Swiss-Knife RFID Distance Bounding Protocol. In International Conference on Information Security and Cryptology -- ICISC'08, volume 5461 of Lecture Notes in Computer Science, pages 98--115, Seoul, Korea, December 2008. Springer-Verlag.Google Scholar
- M. Kuhn, H. Luecken, and N. O. Tippenhauer. UWB Impulse Radio Based Distance Bounding. In Workshop on Positioning, Navigation and Communication 2010 - WPNC'10, Dresden, Germany, March 2010.Google Scholar
- J. L. Massey. Minimal Codewords and Secret Sharing. In Proceedings of the 6th Joint Swedish-Russian International Workshop on Information Theory, pages 276--279, 1993.Google Scholar
- R. J. McEliece and D. V. Sarwate. On sharing secrets and Reed-Solomon codes. Communication of the ACM, 24(9):583--584, 1981. Google ScholarDigital Library
- A. Mitrokotsa, C. Dimitrakakis, P. Peris-Lopez, and J. C. Hernandez-Castro. Reid et al.'s Distance Bounding Protocol and Mafia Fraud Attacks over Noisy Channels. IEEE Communications Letters, 14(2):121--123, July 2010. Google ScholarDigital Library
- J. Munilla and A. Peinado. Distance bounding protocols for RFID enhanced by using void-challenges and analysis in noisy channels. Wireless Communications and Mobile Computing, 8(9):1227--1232, 2008. Google ScholarDigital Library
- C. Paar. Efficient VLSI Architectures for Bit Parallel Computation in Galois Fields. PhD thesis, Universitat GH Essen, 1994.Google Scholar
- K. B. Rasmussen and S. Capkun. Realization of RF Distance Bounding. In USENIX Security Symposium, Washington, DC, USA, August 2010. Google ScholarDigital Library
- J. Reid, J. M. G. Nieto, T. Tang, and B. Senadji. Detecting relay attacks with timing-based protocols. In ACM symposium on Information, computer and communications security - ASIACCS '07, pages 204--213. ACM, 2007. Early version available at citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.70.5584. Google ScholarDigital Library
- A. Saxena, B. Wyseur, and B. Preneel. Towards Security Notions for White-Box Cryptography. In Information Security Conference- ISC 2009, volume 5735 of Lecture Notes in Computer Science, pages 49--58, Pisa, Italy, September 2009. Springer-Verlag. Google ScholarDigital Library
- A. Shamir. How to share a secret. Communication of the ACM, 22(11):612--613, 1979. Google ScholarDigital Library
- G. J. Simmons. Contemporary Cryptology: The Science of Information Integrity. IEEE Press, 1991. Google ScholarDigital Library
- D. Singelée and B. Preneel. Distance Bounding in Noisy Environments. In European Workshop on Security in Ad-hoc and Sensor Networks - ESAS'07, volume 4572 of Lecture Notes in Computer Science, pages 101--115, Cambridge, UK, July 2007. Springer-Verlag. Google ScholarDigital Library
- K. Suzuki, D. Tonien, K. Kurosawa, and K. Toyota. Birthday Paradox for Multi-collisions. In Information Security and Cryptology - ICISC 2006, volume 4296 of Lecture Notes in Computer Science, pages 29--40, Busan, Korea, November 2006. Springer-Verlag. Google ScholarDigital Library
- R. Trujillo Rasua, B. Martin, and G. Avoine. The Poulidor Distance-Bounding Protocol. In S. O. Yalcin, editor, Workshop on RFID Security -- RFIDSec'10, volume 6370 of Lecture Notes in Computer Science, pages 239--257, Istanbul, Turkey, June 2010. Springer-Verlag. Google ScholarDigital Library
- Y.-J. Tu and S. Piramuthu. RFID Distance Bounding Protocols. In First International EURASIP Workshop on RFID Technology, Vienna, Austria, September 2007.Google Scholar
- D. Wagner. A Generalized Birthday Problem. In Advances in Cryptology - CRYPTO 2002, volume 2442 of Lecture Notes in Computer Science, pages 288--303, Santa Barbara, CA, USA, August 2002. Springer-Verlag. Google ScholarDigital Library
Index Terms
- How secret-sharing can defeat terrorist fraud
Recommendations
Security of Distance-Bounding: A Survey
Distance-bounding protocols allow a verifier to both authenticate a prover and evaluate whether the latter is located in his vicinity. These protocols are of particular interest in contactless systems, e.g., electronic payment or access control systems, ...
Non-malleable secret sharing
STOC 2018: Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of ComputingA number of works have focused on the setting where an adversary tampers with the shares of a secret sharing scheme. This includes literature on verifiable secret sharing, algebraic manipulation detection(AMD) codes, and, error correcting or detecting ...
A Terrorist-fraud Resistant and Extractor-free Anonymous Distance-bounding Protocol
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications SecurityDistance-bounding protocols have been introduced to thwart relay attacks against contactless authentication protocols. In this context, verifiers have to authenticate the credentials of untrusted provers. Unfortunately, these protocols are themselves ...
Comments