Paper 2018/440

Formal Analysis of Distance Bounding with Secure Hardware

Handan Kılınç and Serge Vaudenay

Abstract

A distance bounding (DB) protocol is a two-party authentication protocol between a prover and a verifier which is based on the distance between the prover and the verifier. It aims to defeat threats by malicious provers who try to convince that they are closer to the verifier or adversaries which seek to impersonate a far-away prover. All these threats are covered in several security definitions and it is not possible to have a single definition covering all. In this paper, we describe a new DB model with three parties where the new party is named hardware. In this model, called secure hardware model (SHM), the hardware is held by the prover without being able to tamper with. We define an all-in-one security model which covers all the threats of DB and an appropriate privacy notion for SHM. In the end, we construct the most efficient (in terms of computation by the prover-hardware and number of rounds) and secure DB protocols achieving the optimal security bounds as well as privacy.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Major revision. ACNS 2018
Keywords
distance boundingRFIDNFCrelay attacktamper resistanceterrorist fraud
Contact author(s)
handan kilinc @ epfl ch
History
2018-05-14: received
Short URL
https://ia.cr/2018/440
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/440,
      author = {Handan Kılınç and Serge Vaudenay},
      title = {Formal Analysis of Distance Bounding with Secure Hardware},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/440},
      year = {2018},
      url = {https://eprint.iacr.org/2018/440}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.