Cryptology ePrint Archive: Report 2018/1243

Implementation-Level Corruptions in Distance Bounding -- Exhibiting Faults and Provably-Secure Fixes in the Electronic Payment Protocol PayPass --

Ioana Boureanu and David Gerault and Pascal Lafourcade

Abstract: In relay attacks,a man-in-the-middle attacker gains access to a service by relaying the messages between two legitimate parties. Distance-bounding protocols are a countermeasure to relay attacks, whereby a verifier measures the round-trip time in exchanges with a prover.

Inspired by application-security definitions, we propose a new security model, OracleDB, distinguishing two prover-corruption types: black-box and white-box.

We use this distinction to settle the long-lasting arguments about terrorist-fraud resistance, by showing that it is irrelevant in both the black-box and white-box corruption models.

We then exhibit a security flaw in the PayPass protocol with relay protection, used in EMV contactless payments. We propose an extension to this industry-standard protocol, with only small modifications, and prove its security in our strongest adversary model.

Finally, we exhibit a new generalised distance-fraud attack strategy that defeats the security claims of at least 12 existing distance-bounding protocols.

Category / Keywords: cryptographic protocols /

Date: received 30 Dec 2018

Contact author: icboureanu at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20181231:121217 (All versions of this report)

Short URL: ia.cr/2018/1243


[ Cryptology ePrint archive ]