Inspired by application-security definitions, we propose a new security model, OracleDB, distinguishing two prover-corruption types: black-box and white-box.
We use this distinction to settle the long-lasting arguments about terrorist-fraud resistance, by showing that it is irrelevant in both the black-box and white-box corruption models.
We then exhibit a security flaw in the PayPass protocol with relay protection, used in EMV contactless payments. We propose an extension to this industry-standard protocol, with only small modifications, and prove its security in our strongest adversary model.
Finally, we exhibit a new generalised distance-fraud attack strategy that defeats the security claims of at least 12 existing distance-bounding protocols.
Category / Keywords: cryptographic protocols / Date: received 30 Dec 2018 Contact author: icboureanu at gmail com Available format(s): PDF | BibTeX Citation Version: 20181231:121217 (All versions of this report) Short URL: ia.cr/2018/1243