research-article

Efficient, secure, private distance bounding without key updates

Authors:

Cristina OneteAuthors Info & Claims

WiSec '13: Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks

Pages 207 - 218

https://doi.org/10.1145/2462096.2462129

Published: 17 April 2013 Publication History

Abstract

We propose a new distance bounding protocol, which builds upon the private RFID authentication protocol by Peeters and Hermans [25]. In contrast to most distance-bounding protocols in literature, our construction is based on public-key cryptography. Public-key cryptography (specifically Elliptic Curve Cryptography) can, contrary to popular belief, be realized on resource constrained devices such as RFID tags. Our protocol is wide-forward-insider private, achieves distance-fraud resistance and near-optimal mafia-fraud resistance. Furthermore, it provides strong impersonation security even when the number of time-critical rounds supported by the tag is very small. The computational effort for the protocol is only four scalar-EC point multiplications. Hence the required circuit area is minimal because only an ECC coprocessor is needed: no additional cryptographic primitives need to be implemented.

References

[1]

M. Abdalla, M. Bellare, and P. Rogaway. The Oracle Diffie-Hellman assumptions and an analysis of DHIES. In D. Naccache, editor, Cryptographer's Track at RSA Conference, volume 2020 of LNCS, pages 143--158. Springer, 2001.

Digital Library

[2]

G. Avoine, M. A. Bingol, S. Karda, C. Lauradoux, and B. Martin. A formal framework for analyzing RFID distance bounding protocols. In Journal of Computer Security - Special Issue on RFID System Security, 2010, 2010.

Digital Library

[3]

G. Avoine, C. Lauradoux, and B. Martin. How secret-sharing can defeat terrorist fraud. In Proceedings of the Fourth ACM Conference on Wireless Network Security WISEC 2011, pages 145--156. ACM Press, 2011.

Digital Library

[4]

G. Avoine and A. Tchamkerten. An efficient distance bounding RFID authentication protocol: Balancing false-acceptance rate and memory requirement. In Conference on Information Security 2009, volume 5735 of LNCS, pages 250--261. Springer, 2009.

Digital Library

[5]

M. Bellare, C. Namprempre, D. Pointcheval, and M. Semanko. The One-More-RSA-Inversion problems and the security of Chaum's blind signature scheme. Journal of Cryptology, 16:185--215, 2003.

[6]

I. Boureanu, A. Mitrokotsa, and S. Vaudenay. On the pseudorandom function assumption in (secure) distance-bounding protocols. In Progress in Cryptology -- LATINCRYPT 2012, volume 7533 of LNCS, pages 100--120. Springer, 2012.

Digital Library

[7]

S. Brands and D. Chaum. Distance-bounding protocols. In Advances in Cryptology -- EUROCRYPT'93, volume 765 of LNCS, pages 344--359. Springer, 1993.

Digital Library

[8]

D. R. Brown. Generic groups, collision resistance, and ECDSA. Designs, Codes and Cryptography, 35(1):119--152, 2005.

Digital Library

[9]

D. R. L. Brown and K. Gjøsteen. A security analysis of the NIST SP 800-90 elliptic curve random number generator. In A. Menezes, editor, Advances in Cryptology -- CRYPTO, volume 4622 of LNCS, pages 466--481. Springer, 2007.

Digital Library

[10]

L. Bussard and W. Bagga. Distance-bounding proof of knowledge to avoid real-time attacks. In Security and Privacy in the Age of Ubiquitous Computing, volume 181 of IFIP AICT, pages 222--238. Springer, 2005.

[11]

C. Chevalier, P.-A. Fouque, D. Pointcheval, and S. Zimmer. Optimal randomness extraction from a Diffie-Hellman element. In Advances in Cryptology -- EUROCRYPT '09, number 5479 in LNCS, pages 572--589. Springer-Verlag, 2009.

Digital Library

[12]

B. Danev, T. S. Heydt-Benjamin, and S.vCapkun. Physical-layer identification of RFID devices. In USENIX, pages 125--136. USENIX, 2009.

Digital Library

[13]

Y. Desmedt. Major security problems with the 'unforgeable' (Feige)-Fiat-Shamir proofs of identity and how to overcome them. In SecuriCom, pages 15--17. SEDEP Paris, France, 1988.

[14]

U. Dürholz, M. Fischlin, M. Kasper, and C. Onete. A formal approach to distance bounding RFID protocols. In Proceedings of the 14th Information Security Conference ISC 2011, volume 7001 of LNCS, pages 47--62. Springer, 2011.

Digital Library

[15]

M. Fischlin and C. Onete. Provably secure distance-bounding: an analysis of prominent protocols. 6th Conference on Security and Privacy in Wireless and Mobile Networks ACM WISec 2013, 2013.

Digital Library

[16]

A. Francillon, B. Danev, and S.vCapkun. Relay attacks on passive keyless entry and start systems in modern cars. Cryptology ePrint Archive, Report 2010/332, 2010. http://eprint.iacr.org/.

[17]

O. Goldreich. Foundations of Cryptography: Volume 1, Basic Tools. Cambridge University Press, 2001.

Digital Library

[18]

G. P. Hancke and M. G. Kuhn. An RFID distance bounding protocol. In Conference on Security and Privacy for Emergency Areas in Communication Networks 2005, pages 67--73. IEEE, 2005.

Digital Library

[19]

J. Hermans, A. Pashalidis, F. Vercauteren, and B. Preneel. A new RFID privacy model. In V. Atluri and C. Diaz, editors, ESORICS 2011, volume 6879 of LNCS, pages 568--587. Springer, 2011.

Digital Library

[20]

C. H. Kim and G. Avoine. RFID distance bounding protocol with mixed challenges to prevent relay attacks. In Conference on Cryptology and Networks Security 2009, volume 5888 of LNCS, pages 119--131. Springer, 2009.

Digital Library

[21]

C. H. Kim, G. Avoine, F. Koeune, F. Standaert, and O. Pereira. The swiss-knife RFID distance bounding protocol. In Information Security and Cryptology (ICISC) 2008, LNCS, pages 98--115. Springer, 2008.

[22]

Y. K. Lee, L. Batina, K. Sakiyama, and I. Verbauwhede. Elliptic curve based security processor for RFID. IEEE Transactions on Computers, 57(11):1514--1527, 2008.

Digital Library

[23]

Y. K. Lee, L. Batina, D. Singelée, and I. Verbauwhede. Low-cost untraceable authentication protocols for RFID. pages 55--64. ACM, 2010.

Digital Library

[24]

C. Onete. Key updates for RFID distance-bounding protocols: Achieving narrow-destructive privacy. Cryptology ePrint Archive, Report 2012/165, 2012. http://eprint.iacr.org/.

[25]

R. Peeters and J. Hermans. Wide strong private RFID identification based on zero-knowledge. Cryptology ePrint Archive, Report 2012/389, 2012. http://eprint.iacr.org/.

[26]

A. Ranganathan, N. O. Tippenhauer, D. Singelée, B. Skoric, and S. Capkun. Design and Implementation of a Terrorist Fraud Resilient Distance Bounding System. In S. Foresti, F. Martinelli, and M. Yung, editors, ESORICS 2012, volume 7459 of LNCS, pages 415--432. Springer-Verlag, 2012.

[27]

K. B. Rasmussen and S.vCapkun. Realization of RF Distance Bounding. In USENIX, pages 389--402. USENIX, 2010.

Digital Library

[28]

J. Reid, J. M. G. Nieto, T. Tang, and B. Senadji. Detecting relay attacks with timing-based protocols. In ACM symposium on information, computer and communications security (ASIACCS) 2007, pages 204--213. ACM Press, 2007.

Digital Library

[29]

SHA-3 Zoo. Overview of all Candidates for the Current SHA-3 Hash Competition Organized by NIST. http://ehash.iaik.tugraz.at/wiki/The_SHA-3_Zoo.

[30]

R. Trujillo-Rasua, B. Martin, and G. Avoine. The Poulidor distance-bounding protocol. In RFIDSec 2010, volume 6370 of LNCS, pages 239--257. Springer, 2010.

Digital Library

[31]

T. van Deursen and S. Radomirović. Insider attacks and privacy of RFID protocols. In S. Petkova-Nikova, A. Pashalidis, and G. Pernul, editors, EUROPKI, volume 7163 of LNCS, pages 65--80. Springer, 2011.

Digital Library

[32]

S. Vaudenay. On privacy models for RFID. In Advances in Cryptology -- Asiacrypt 2007, volume 4883 of LNCS, pages 68--87. Springer, 2007.

Digital Library

[33]

E. Wenger and M. Hutter. A hardware processor supporting elliptic curve cryptography for less than 9 kGEs. In CARDIS 2011, volume 7079 of LNCS, pages 182--198. Springer, 2011.

Digital Library

[34]

A. Yang, Y. Zhuang, and D. S. Wong. An efficient single-slow-phase mutually authenticated RFID distance-bounding protocol with tag privacy. In Information and Communications Security, volume 7618 of LNCS, pages 285--292. Springer, 2012.

Digital Library

[35]

A. C.-C. Yao. Theory and applications of trapdoor functions (extended abstract). In FOCS 1982, pages 80--91. IEEE Computer Society, 1982.

Cited By

GÉRAULT DLAFOURCADE PROBERT LMendiboure L(2024)Distance‐Bounding ProtocolsCooperative Intelligent Transport Systems10.1002/9781394325849.ch11(273-293)Online publication date: 11-Oct-2024
https://doi.org/10.1002/9781394325849.ch11
Zhao XChen WSrinivasan KBoureanu ISchneider SReaves BTippenhauer N(2023)Malicious Relay Detection and Legitimate Channel RecoveryProceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3558482.3590193(353-363)Online publication date: 29-May-2023
https://dl.acm.org/doi/10.1145/3558482.3590193
Yi XWang CHu ZHolloway JKhan MIbrahim MKim MDogiamis GPerkins BKaynak MYazicigil RChandrakasan AHan R(2021)Emerging Terahertz Integrated Systems in SiliconIEEE Transactions on Circuits and Systems I: Regular Papers10.1109/TCSI.2021.308760468:9(3537-3550)Online publication date: Sep-2021
https://doi.org/10.1109/TCSI.2021.3087604
Show More Cited By

Index Terms

Efficient, secure, private distance bounding without key updates
1. Security and privacy
  1. Security services
    1. Authentication

Recommendations

Efficient Public-Key Distance Bounding Protocol
Proceedings, Part II, of the 22nd International Conference on Advances in Cryptology --- ASIACRYPT 2016 - Volume 10032

Distance bounding protocols become more and more important because they are the most accurate solution to defeat relay attacks. They consist of two parties: a verifier and a prover. The prover shows that she is close enough to the verifier. In some ...
Prover anonymous and deniable distance-bounding authentication
ASIA CCS '14: Proceedings of the 9th ACM symposium on Information, computer and communications security

In distance-bounding authentication protocols, a verifier assesses that a prover is (1) legitimate and (2) in the verifier's proximity. Proximity checking is done by running time-critical exchanges between both parties. This enables the verifier to ...
A Terrorist-fraud Resistant and Extractor-free Anonymous Distance-bounding Protocol
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

Distance-bounding protocols have been introduced to thwart relay attacks against contactless authentication protocols. In this context, verifiers have to authenticate the credentials of untrusted provers. Unfortunately, these protocols are themselves ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSec '13: Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks

April 2013

230 pages

ISBN:9781450319980

DOI:10.1145/2462096

General Chair:
Levente Buttyán
Budapest University of Technology and Economics, Hungary
,
Program Chairs:
Ahmad-Reza Sadeghi
Technische Universitaet Darmstadt, Fraunhofer SIT, Intel-CRISC, Germany
,
Marco Gruteser
Rutgers University, USA

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

In-Cooperation

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 April 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

WISEC'13

Sponsor:

SIGSAC

WISEC'13: Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks

April 17 - 19, 2013

Budapest, Hungary

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

26
Total Citations
View Citations
249
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

GÉRAULT DLAFOURCADE PROBERT LMendiboure L(2024)Distance‐Bounding ProtocolsCooperative Intelligent Transport Systems10.1002/9781394325849.ch11(273-293)Online publication date: 11-Oct-2024
https://doi.org/10.1002/9781394325849.ch11
Zhao XChen WSrinivasan KBoureanu ISchneider SReaves BTippenhauer N(2023)Malicious Relay Detection and Legitimate Channel RecoveryProceedings of the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3558482.3590193(353-363)Online publication date: 29-May-2023
https://dl.acm.org/doi/10.1145/3558482.3590193
Yi XWang CHu ZHolloway JKhan MIbrahim MKim MDogiamis GPerkins BKaynak MYazicigil RChandrakasan AHan R(2021)Emerging Terahertz Integrated Systems in SiliconIEEE Transactions on Circuits and Systems I: Regular Papers10.1109/TCSI.2021.308760468:9(3537-3550)Online publication date: Sep-2021
https://doi.org/10.1109/TCSI.2021.3087604
Khan MIbrahim MJuvekar CJung WYazicigil RChandrakasan AHan R(2021)CMOS THz-ID: A 1.6-mm² Package-Less Identification Tag Using Asymmetric Cryptography and 260-GHz Far-Field Backscatter CommunicationIEEE Journal of Solid-State Circuits10.1109/JSSC.2020.301571756:2(340-354)Online publication date: Feb-2021
https://doi.org/10.1109/JSSC.2020.3015717
Klee SRoussos AMaass MHollick MYarom YZennou S(2020)NFCGateProceedings of the 14th USENIX Conference on Offensive Technologies10.5555/3488877.3488882(5-5)Online publication date: 11-Aug-2020
https://dl.acm.org/doi/10.5555/3488877.3488882
Jho NYoun T(2020)Dynamic Membership Management in Anonymous and Deniable Distance BoundingSustainability10.3390/su12241033012:24(10330)Online publication date: 10-Dec-2020
https://doi.org/10.3390/su122410330
Yazicigil RNadeau PRichman DJuvekar CMaji SBanerjee UFuller SAbdelhamid MDesai NIbrahim MWasiq Khan MJung WHan RChandrakasan A(2020)Beyond Crypto: Physical-Layer Security for Internet of Things DevicesIEEE Solid-State Circuits Magazine10.1109/MSSC.2020.302184212:4(66-78)Online publication date: Nov-2021
https://doi.org/10.1109/MSSC.2020.3021842
Ibrahim MIbrahim MKhan WJung WYazicigil RJuvekar CChandrakasan AHan R(2020)29.8 THzID: A 1.6mm2 Package-Less Cryptographic Identification Tag with Backscattering and Beam-Steering at 260GHz2020 IEEE International Solid- State Circuits Conference - (ISSCC)10.1109/ISSCC19947.2020.9063068(454-456)Online publication date: Feb-2020
https://doi.org/10.1109/ISSCC19947.2020.9063068
Pereira HFong P(2019)SEPD: An Access Control Model for Resource Sharing in an IoT EnvironmentComputer Security – ESORICS 201910.1007/978-3-030-29962-0_10(195-216)Online publication date: 15-Sep-2019
https://doi.org/10.1007/978-3-030-29962-0_10
Yang APagnin EMitrokotsa AHancke GWong D(2018)Two-Hop Distance-Bounding ProtocolsIEEE Transactions on Mobile Computing10.1109/TMC.2017.277176917:7(1723-1736)Online publication date: 1-Jul-2018
https://dl.acm.org/doi/10.1109/TMC.2017.2771769
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten