Paper 2013/776

Location Leakage in Distance Bounding: Why Location Privacy does not Work

Aikaterini Mitrokotsa, Cristina Onete, and Serge Vaudenay

Abstract

In many cases, we can only have access to a service by proving we are sufficiently close to a particular location (e.g. in automobile or building access control). In these cases, proximity can be guaranteed through signal attenuation. However, by using additional transmitters an attacker can relay signals between the prover and the verifier. Distance-bounding protocols are the main countermeasure against such attacks; however, such protocols may leak information regarding the location of the prover and/or the verifier who run the distance-bounding protocol. In this paper, we consider a formal model for location privacy in the context of distance-bounding. In particular, our contributions are threefold: we first define a security game for location privacy in distance-bounding; secondly, we define an adversarial model for this game, with two adversary classes; finally, we assess the feasibility of attaining location privacy for distance-bounding protocols. Concretely, we prove that for protocols with a beginning or a termination, it is theoretically impossible to achieve location privacy for either of the two adversary classes, in the sense that there always exists a polynomially bounded adversary that wins the security game. However, for so-called limited adversaries, which cannot see the location of arbitrary provers, carefully chosen parameters do, in practice, enable computational location privacy.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Minor revision. submitted for publication in the journal Computers & Security
Keywords
relay attackslocation privacydistance-boundingauthentication
Contact author(s)
mitrokatkm @ gmail com
History
2014-03-01: revised
2013-11-25: received
See all versions
Short URL
https://ia.cr/2013/776
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/776,
      author = {Aikaterini Mitrokotsa and Cristina Onete and Serge Vaudenay},
      title = {Location Leakage in Distance Bounding: Why Location Privacy does not Work},
      howpublished = {Cryptology ePrint Archive, Paper 2013/776},
      year = {2013},
      note = {\url{https://eprint.iacr.org/2013/776}},
      url = {https://eprint.iacr.org/2013/776}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.