Paper 2018/1243
Implementation-Level Corruptions in Distance Bounding -- Exhibiting Faults and Provably-Secure Fixes in the Electronic Payment Protocol PayPass --
Ioana Boureanu and David Gerault and Pascal Lafourcade
Abstract
In relay attacks,a man-in-the-middle attacker gains access to a service by relaying the messages between two legitimate parties. Distance-bounding protocols are a countermeasure to relay attacks, whereby a verifier measures the round-trip time in exchanges with a prover. Inspired by application-security definitions, we propose a new security model, OracleDB, distinguishing two prover-corruption types: black-box and white-box. We use this distinction to settle the long-lasting arguments about terrorist-fraud resistance, by showing that it is irrelevant in both the black-box and white-box corruption models. We then exhibit a security flaw in the PayPass protocol with relay protection, used in EMV contactless payments. We propose an extension to this industry-standard protocol, with only small modifications, and prove its security in our strongest adversary model. Finally, we exhibit a new generalised distance-fraud attack strategy that defeats the security claims of at least 12 existing distance-bounding protocols.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Preprint. MINOR revision.
- Contact author(s)
- icboureanu @ gmail com
- History
- 2020-08-19: withdrawn
- 2018-12-31: received
- See all versions
- Short URL
- https://ia.cr/2018/1243
- License
-
CC BY