You are looking at a specific version 20130802:053344 of this paper. See the latest version.

Paper 2013/465

Practical & Provably Secure Distance-Bounding

Ioana Boureanu and Aikaterini Mitrokotsa and Serge Vaudenay

Abstract

Distance-bounding is a practical solution to be used in security-sensitive contexts, to prevent relay attacks. Its applied cryptographic role is definitely spreading fast and it is clearly far reaching, extending from contactless payments to remote car unlocking. However, security models for distance-bounding are not well-established and, as far as we know, no existing protocol is proven to resist all classical attacks: distance-fraud, mafia-fraud, and terrorist-fraud. We herein amend the latter, whilst maintaining the lightweight nature that makes these protocols appropriate for concrete applications. Firstly, we develop a general formalism for distance-bounding protocols and their security requirements. In fact, we also propose specifications of generalised frauds, stemming from the (attack-prone) multi-party scenarios. This entails our incorporation of newly advanced threats, e.g., distance-hijacking. Recently, Boureanu et al. proposed the SKI protocol. We herein extend it and prove its security. To attain resistance to terrorist-fraud, we put forward the use of a leakage scheme and of secret sharing, which we specialise and reinforce with additional requirements. In view of resistance to generalised mafia-frauds (and terrorist frauds), we further introduce the notion of circular-keying for pseudorandom functions (PRFs); this notion models the employment of a PRF, with possible linear reuse of the key. We also identify the need of PRF masking to fix common mistakes in existing security proofs/claims of distance-fraud security. We then enhance our design such that we guarantee resistance to terrorist-fraud in the presence of noise. To our knowledge, all this gives rises the first practical and provably secure class of distance-bounding protocols, even when our protocols are run in noisy communications, which is indeed the real-life setting of deployed, time-critical cryptographic protocols.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint. MINOR revision.
Keywords
distance bounding protocol
Contact author(s)
serge vaudenay @ epfl ch
History
2013-08-02: received
Short URL
https://ia.cr/2013/465
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.