ABSTRACT
Distance-bounding (DB) protocols protect against relay attacks on proximity-based access control systems. In a DB protocol, the verifier computes an upper bound on the distance to the prover by measuring the time-of-flight of exchanged messages. DB protocols are, however, vulnerable to distance fraud, in which a dishonest prover is able to manipulate the distance bound computed by an honest verifier. Despite their conceptual simplicity, devising a formal characterization of DB protocols and distance fraud attacks that is amenable to automated formal analysis is non-trivial, primarily because of their real-time and probabilistic nature. In this work, we introduce a generic, computational model, based on Rewriting Logic, for formally analyzing various forms of distance fraud, including recently identified timing attacks, on the Hancke-Kuhn family of DB protocols through statistical model checking. While providing an insightful formal characterization on its own, the model enables a practical formal analysis method that can help system designers bridge the gap between conceptual descriptions and low-level designs. In addition to accurately confirming known results, we use the model to define new attack strategies and quantitatively evaluate their effectiveness under realistic assumptions that would otherwise be difficult to reason about manually.
- Gul Agha. 1986. Actors: a model of concurrent computation in distributed systems .MIT Press, Cambridge, MA, USA. Google ScholarDigital Library
- Gul Agha, Carl A. Gunter, Michael Greenwald, Sanjeev Khanna, José Meseguer, Koushik Sen, and Prasanna Thati. 2005. Formal Modeling and Analysis of DoS Using Probabilistic Rewrite Theories. In International Workshop on Foundations of Computer Security (FCS'05). IEEE, Chicago, IL.Google Scholar
- Gul Agha, José Meseguer, and Koushik Sen. 2006. PMaude: Rewrite-based Specification Language for Probabilistic Object Systems. Electronic Notes in Theoretical Computer Science , Vol. 153, 2 (2006), 213--239. Google ScholarDigital Library
- Musab A. Alturki and José Meseguer. 2011. PVeStA: A Parallel Statistical Model Checking and Quantitative Analysis Tool. In Algebra and Coalgebra in Computer Science, Lecture Notes in Computer Science, Vol. 6859. Springer Berlin / Heidelberg, 386--392. Google ScholarDigital Library
- Musab A. Alturki, José Meseguer, and Carl A. Gunter. 2009. Probabilistic Modeling and Analysis of DoS Protection for the ASV Protocol. Electron. Notes Theor. Comput. Sci. , Vol. 234 (2009), 3--18. Google ScholarDigital Library
- Gildas Avoine, Muhammed Ali Bingöl, Süleyman Kardacs, Cédric Lauradoux, and Benjamin Martin. 2011. A Framework for Analyzing RFID Distance Bounding Protocols. J. Comput. Secur. , Vol. 19, 2 (April 2011), 289--317. http://dl.acm.org/citation.cfm?id=1971859.1971864 Google ScholarDigital Library
- Gildas Avoine, Xavier Bultel, Sébastien Gambs, David Gérault, Pascal Lafourcade, Cristina Onete, and Jean-Marc Robert. 2017. A Terrorist-fraud Resistant and Extractor-free Anonymous Distance-bounding Protocol. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (ASIA CCS '17). ACM, New York, NY, USA, 800--814. Google ScholarDigital Library
- David Basin, Srdjan Capkun, Patrick Schaller, and Benedikt Schmidt. 2009. Let's Get Physical: Models and Methods for Real-World Security Protocols. In Theorem Proving in Higher Order Logics: 22nd International Conference, TPHOLs 2009, Munich, Germany, August 17--20, 2009. Proceedings , Springer Berlin Heidelberg, Berlin, Heidelberg, 1--22. Google ScholarDigital Library
- D. Basin, S. Capkun, P. Schaller, and B. Schmidt. 2011. Formal Reasoning about Physical Properties of Security Protocols. ACM Transactions on Information and System Security , Vol. 14, 2 (2011). Google ScholarDigital Library
- Ioana Boureanu, Aikaterini Mitrokotsa, and Serge Vaudenay. 2013. Secure and Lightweight Distance-Bounding. In Lightweight Cryptography for Security and Privacy, Springer Berlin Heidelberg, Berlin, Heidelberg, 97--113.Google Scholar
- Stefan Brands and David Chaum. 1994. Distance-Bounding Protocols. In Advances in Cryptology -- EUROCRYPT '93: Workshop on the Theory and Application of Cryptographic Techniques Lofthus, Norway, May 23--27, 1993 Proceedings, Tor Helleseth (Ed.). Springer, Berlin, Heidelberg, 344--359. Google ScholarDigital Library
- Roberto Bruni and José Meseguer. 2006. Semantic foundations for generalized rewrite theories. Theor. Comput. Sci. , Vol. 360, 1--3 (2006), 386--414. Google ScholarDigital Library
- Manuel Clavel, Francisco Durán, Steven Eker, Patrick Lincoln, Narciso Mart'i-Oliet, José Meseguer, and Carolyn Talcott. 2007. All About Maude - A High-Performance Logical Framework. Lecture Notes in Computer Science, Vol. 4350. Springer-Verlag, Secaucus, NJ, USA. Google ScholarDigital Library
- C. Cremers, K. B. Rasmussen, B. Schmidt, and S. Capkun. 2012. Distance Hijacking Attacks on Distance Bounding Protocols. In 2012 IEEE Symposium on Security and Privacy. 113--127. Google ScholarDigital Library
- Y. G. Dantas, V. Nigam, and I. E. Fonseca. 2014. A Selective Defense for Application Layer DDoS Attacks. In 2014 IEEE Joint Intelligence and Security Informatics Conference. 75--82. Google ScholarDigital Library
- EasyCrypt. (last accessed: 2018-08--15). https://www.easycrypt.info/trac/.Google Scholar
- G. P. Hancke and M. G. Kuhn. 2005. An RFID Distance Bounding Protocol. In First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05) . 67--73. Google ScholarDigital Library
- Max Kanovich, Tajana Ban Kirigin, Vivek Nigam, Andre Scedrov, and Carolyn Talcott. 2016. Can we mitigate the attacks on Distance-Bounding Protocols by using challenge-response rounds repeatedly?. In Workshop on Foundations of Computer Security .Google Scholar
- Max Kanovich, Tajana Ban Kirigin, Vivek Nigam, Andre Scedrov, and Carolyn Talcott. 2017. Time, computational complexity, and probability in the analysis of distance-bounding protocols. Journal of Computer Security , Vol. 25, 6 (2017), 585--630.Google ScholarCross Ref
- Michael Katelman, José Meseguer, and Jennifer Hou. 2008. Redesign of the LMST Wireless Sensor Protocol through Formal Modeling and Statistical Model Checking. In Proc. of FMOODS '08 (Lecture Notes in Computer Science), Vol. 5051. Springer, Berlin, Heidelberg, 150--169. Google ScholarDigital Library
- Chong Hee Kim and Gildas Avoine. 2009. RFID Distance Bounding Protocol with Mixed Challenges to Prevent Relay Attacks. In Cryptology and Network Security: 8th International Conference, CANS 2009, Kanazawa, Japan, December 12--14, 2009. Proceedings , Springer Berlin Heidelberg, Berlin, Heidelberg, 119--133. Google ScholarDigital Library
- Nirman Kumar, Koushik Sen, José Meseguer, and Gul Agha. 2003. A Rewriting Based Model for Probabilistic Distributed Object Systems.. In Proc. of FMOODS '03 (Lecture Notes in Computer Science), Vol. 2884. Springer, 32--46.Google ScholarCross Ref
- Si Liu, Peter Csaba Ölveczky, Jatin Ganhotra, Indranil Gupta, and José Meseguer. 2017. Exploring Design Alternatives for RAMP Transactions Through Statistical Model Checking. In Formal Methods and Software Engineering: 19th International Conference on Formal Engineering Methods, ICFEM 2017, Xi'an, China, November 13--17, 2017, Proceedings , Springer International Publishing, Cham, 298--314.Google Scholar
- José Meseguer. 1992. Conditional rewriting logic as a unified model of concurrency. Theor. Comput. Sci. , Vol. 96, 1 (1992), 73--155. Google ScholarDigital Library
- José Meseguer. 1998. Membership algebra as a logical framework for equational specification. In Proc. WADT'97 (Lecture Notes in Computer Science), , F. Parisi-Presicce (Ed.), Vol. 1376. Springer, 18--61. Google ScholarDigital Library
- Jorge Munilla and Alberto Peinado. 2008. Distance bounding protocols for RFID enhanced by using void-challenges and analysis in noisy channels. Wireless Communications and Mobile Computing , Vol. 8, 9 (2008), 1227--1232. Google ScholarDigital Library
- Dusko Pavlovic and Catherine Meadows. 2010. Bayesian Authentication: Quantifying Security of the Hancke-Kuhn Protocol. Electronic Notes in Theoretical Computer Science , Vol. 265, Supplement C (2010), 97 -- 122. Proceedings of the 26th Conference on the Mathematical Foundations of Programming Semantics (MFPS 2010). Google ScholarDigital Library
- Eyal Ronen, Adi Shamir, Achi-Or Weingarten, and Colin O'Flynn. 2017. IoT Goes Nuclear: Creating a ZigBee Chain Reaction. In 2017 IEEE Symposium on Security and Privacy (SP). 195--212.Google ScholarCross Ref
- P. Schaller, B. Schmidt, D. Basin, and S. Capkun. 2009. Modeling and Verifying Physical Properties of Security Protocols for Wireless Networks. In 2009 22nd IEEE Computer Security Foundations Symposium . 109--123. Google ScholarDigital Library
- Koushik Sen, Nirman Kumar, Jose Meseguer, and Gul Agha. 2003. Probabilistic Rewrite Theories: Unifying Models, Logics and Tools . Technical Report UIUCDCS-R-2003--2347. University of Illinois at Urbana Champaign.Google Scholar
Index Terms
- Statistical Model Checking of Distance Fraud Attacks on the Hancke-Kuhn Family of Protocols
Recommendations
Security of Distance-Bounding: A Survey
Distance-bounding protocols allow a verifier to both authenticate a prover and evaluate whether the latter is located in his vicinity. These protocols are of particular interest in contactless systems, e.g., electronic payment or access control systems, ...
On the optimal resistance against mafia and distance fraud in distance-bounding protocols
AbstractDistance-bounding protocols are security protocols with a time measurement phase used to detect relay attacks, whose security is typically measured against mafia-fraud and distance-fraud attacks. A prominent subclass of distance-bounding ...
RFID unilateral distance bounding protocols
Distance Bounding (DB) protocol is a lightweight protocol which is used in RFID, NFC and WSN. These protocols enable an entity to determine an upper bound on the physical distance to another entity as well as to authenticate the other entity. This leads ...
Comments