One exception is the protocol due to Hermans, Peeters, and Onete developed in 2013, which offers strong privacy guarantees with respect to a Man-in-the-Middle adversary. However, this protocol provides no privacy guarantees for the prover with respect to a malicious verifier, who can fully identify the prover. Having in mind possible verifier corruption or data leakage from verifiers to a centralized server, we suggest that stronger privacy properties are needed.
In this paper, we propose an efficient distance-bounding protocol that gives strong prover privacy guarantees even with respect to the verifier or to a centralized back-end server, storing prover information and managing revocation and registration. Specifically, we formally model and define prover anonymity, a property guaranteeing that verifiers infer only the legitimacy of the prover but not his identity, and deniability, which ensures that the back-end server cannot distinguish prover behavior from malicious verifier behavior (i.e., provers can deny that they authenticated). Finally, we present an efficient protocol that achieves these strong guarantees, give exact bounds for each of its security properties, and prove these statements formally.
Category / Keywords: cryptographic protocols / distance-bounding, deniability, anonymity, privacy, provable security Original Publication (with minor differences): Proceedings of ACM AsiaCCS 2014 Date: received 14 Feb 2014, last revised 15 Oct 2015 Contact author: cristina onete at gmail com Available format(s): PDF | BibTeX Citation Note: Protocol modification, following a comment by Serge Vaudenay, whose input we are grateful for. Version: 20151015:065312 (All versions of this report) Short URL: ia.cr/2014/114