research-article

Security Implications of Implementing Multistate Distance-Bounding Protocols

Authors:
Jingyi Zhang

City University of Hong Kong, Hong Kong, Hong Kong

City University of Hong Kong, Hong Kong, Hong Kong
View Profile

,
Anjia Yang

Jinan University, Guangzhou, China

Jinan University, Guangzhou, China
View Profile

,
Qiao Hu

Hunan University, Changsha, China

Hunan University, Changsha, China
View Profile

,
Gerhard P. Hancke

City University of Hong Kong, Hong Kong, Hong Kong

City University of Hong Kong, Hong Kong, Hong Kong
View Profile

CPS-SPC'19: Proceedings of the ACM Workshop on Cyber-Physical Systems Security & PrivacyNovember 2019Pages 99–108https://doi.org/10.1145/3338499.3357359

Published:11 November 2019Publication History

CPS-SPC'19: Proceedings of the ACM Workshop on Cyber-Physical Systems Security & Privacy

Pages 99–108

ABSTRACT

A number of distance-bounding protocols have proposed multistate exchanges. In theory this can potentially improve the security of the protocol when using the same number of exchange rounds, i.e. as there are more than two states the probability of an attacker guessing a response correctly is lower. Similarly, for the same security probability, multistate distance-bounding protocols require less rounds. On the other hand, transmission errors during the timed exchange phase of the distance-bounding protocol also impact on the security of the protocol, as the verifier needs to allow a certain acceptance threshold of incorrect responses. This threshold causes False Acceptance and False Rejection in protocols and further influences the security of the protocol. In this paper, we investigate the security implications of multistate channel implementation and symbol energy considering their effect on the acceptance threshold. We show that implementing multistate responses using simple m- ary modulation methods found in contactless devices, does not necessarily provide the expected security improvement when devices have finite transmission energy to spend on challenge-response exchanges.

References

Musab A Alturki, Max Kanovich, Tajana Ban Kirigin, Vivek Nigam, Andre Scedrov, and Carolyn Talcott. 2018. Statistical Model Checking of Distance Fraud Attacks on the Hancke-Kuhn Family of Protocols. In Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and Privacy. ACM, 60--71.Google ScholarDigital Library
Gildas Avoine, Christian Floerkemeier, and Benjamin Martin. 2009. RFID distance bounding multistate enhancement. In International Conference on Cryptology in India. Springer, 290--307.Google ScholarDigital Library
Stefan Brands and David Chaum. 1993. Distance-bounding protocols. In Workshop on the Theory and Application of of Cryptographic Techniques. Springer, 344--359.Google Scholar
Jolyon Clulow, Gerhard P Hancke, Markus G Kuhn, and Tyler Moore. 2006. So near and yet so far: Distance-bounding attacks in wireless networks. In European Workshop on Security in Ad-hoc and Sensor Networks. Springer, 83--97.Google ScholarDigital Library
Christos Dimitrakakis, Aikaterini Mitrokotsa, and Serge Vaudenay. 2012. Expected loss bounds for authentication in constrained channels. In Proceedings Ieee Infocom. Ieee, 478--485.Google ScholarCross Ref
S. Drimer and S.J. Murdoch. 2007. Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks. In USENIX Security Symposium. Article No. 7.Google Scholar
Rahim Entezari, Hossein Bahramgiri, and Mahnaz Tajamolian. 2015. An RFID unilateral distance bounding protocol and analysis over a noisy channel. International Journal of Mechatronics, Electrical and Computer Technology (2015), 1917--1932.Google Scholar
A. Francillon, B. Danev, and S. Capkun. 2011. Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars. In Network and Distributed System Security (NDSS).Google Scholar
L. Francis, G.P. Hancke, K.E. Mayes, and K. Markantonakis. 2012. Context-Aware Defenses to RFID Unauthorized Reading and Relay Attacks. In Proceedings of Workshop on RFID and IoT Security (RFIDsec Asia). pp. 21--32.Google Scholar
T. Halevi, H. Li, D. Ma, N. Saxena, J. Voris, and T. Xiang. 2013. Context-Aware Defenses to RFID Unauthorized Reading and Relay Attacks. IEEE Transactions on Emerging Topics in Computing, Vol. 1, 2 (Dec 2013), 307--318.Google ScholarCross Ref
G.P. Hancke, K. Mayes, and K. Markantonakis. 2011. Confidence in Smart Token Proximity: Relay Attacks Revisited. Computers and Security, Vol. 28, 7 (2011), pp. 615--627.Google ScholarDigital Library
Gerhard P Hancke and Markus G Kuhn. 2005. An RFID distance bounding protocol. In Security and Privacy for Emerging Areas in Communications Networks. IEEE, 67--73.Google Scholar
Gerhard P Hancke and Markus G Kuhn. 2008. Attacks on time-of-flight distance bounding channels. In Proceedings of the first ACM conference on Wireless network security. ACM, 194--202.Google ScholarDigital Library
Qiao Hu, Jingyi Zhang, Aikaterini Mitrokotsa, and Gerhard Hancke. 2018. Tangible security: Survey of methods supporting secure ad-hoc connects of edge devices with physical context. Computers and Security, Vol. 78 (2018), 281 -- 300.Google ScholarCross Ref
Hoda Jannati and Abolfazl Falahati. 2014. Mutual distance bounding protocol with its implementability over a noisy channel and its utilization for key agreement in peer-to-peer wireless networks. Wireless personal communications(2014), 127--149.Google Scholar
Hoda Jannati and Abolfazl Falahati. 2015. Achieving an appropriate security level for distance bounding protocols over a noisy channel. Telecommunication Systems, Vol. 58, 3 (2015), 219--231.Google ScholarDigital Library
Chong Hee Kim and Gildas Avoine. 2011. RFID distance bounding protocols with mixed challenges. IEEE Transactions on Wireless Communications (2011), 1618--1626.Google Scholar
Chong Hee Kim, Gildas Avoine, Francc ois Koeune, Francc ois-Xavier Standaert, and Olivier Pereira. 2008. The swiss-knife RFID distance bounding protocol. In International Conference on Information Security and Cryptology. Springer, 98--115.Google Scholar
Young-Sik Kim and Sang-Hyo Kim. 2011. RFID distance bounding protocol using m-ary challenges. In Convergence of Information and Communication Technology. IEEE, 782--783.Google Scholar
L. P. I. Ledwaba, G. P. Hancke, H. S. Venter, and S. J. Isaac. 2018. Performance Costs of Software Cryptography in Securing New-Generation Internet of Energy Endpoint Devices. IEEE Access, Vol. 6 (2018), 9303--9323. https://doi.org/10.1109/ACCESS.2018.2793301Google ScholarCross Ref
Sangho Lee, Jin Seok Kim, Sung Je Hong, and Jong Kim. 2012. Distance bounding with delayed responses. IEEE Communications Letters (2012), 1478--1481.Google Scholar
Jorge Munilla, Andres Ortiz, and Alberto Peinado. 2006. Distance bounding protocols with void-challenges for RFID. In Printed handout at the Workshop on RFID Security--RFIDSec.Google Scholar
Jorge Munilla and Alberto Peinado. 2008. Distance bounding protocols for RFID enhanced by using void-challenges and analysis in noisy channels. Wireless communications and mobile computing (2008), 1227--1232.Google Scholar
Long Hoang Nguyen. 2011. Rational distance-bounding protocols over noisy channel. In Proceedings of the 4th international conference on Security of information and networks. ACM, 49--56.Google ScholarDigital Library
Elena Pagnin, Anjia Yang, Gerhard Hancke, and Aikaterini Mitrokotsa. 2015. HB+DB, Mitigating Man-in-the-middle Attacks Against HB+ with Distance Bounding. In Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec '15). ACM, New York, NY, USA, Article 3, bibinfonumpages6 pages. https://doi.org/10.1145/2766498.2766516Google ScholarDigital Library
Elena Pagnin, Anjia Yang, Qiao Hu, Gerhard Hancke, and Aikaterini Mitrokotsa. 2018. HB+DB: Distance bounding meets human based authentication. Future Generation Computer Systems, Vol. 80 (2018), 627--639.Google ScholarDigital Library
A. Ranganathan and S. Capkun. 2017. Are We Really Close? Verifying Proximity in Wireless Systems. IEEE Security Privacy, Vol. 15, 3 (2017), 52--58.Google ScholarDigital Library
Dave Singelée and Bart Preneel. 2007. Distance bounding in noisy environments. In European Workshop on Security in Ad-hoc and Sensor Networks. Springer, 101--115.Google ScholarCross Ref
Dave Singelée and Bart Preneel. 2008. Limitations on the Usage of Noise Resilient Distance Bounding Protocols. Computer Security and Industrial Cryptography internal report (2008).Google Scholar
A. Socievole, A. Ziviani, F. De Rango, A.V. Vasilakos, and E. Yoneki. 2016. Cyber-physical systems for Mobile Opportunistic Networking in Proximity (MNP). Computer Networks, Vol. 111 (2016), 1--5.Google ScholarDigital Library
Y. Wang, A.V. Vasilakos, Q. Jin, and H. Zhu. 2017. Device-to-Device based Proximity Service: Architecture, Issues, and Applications. CRC Press.Google ScholarCross Ref
Anjia Yang, Elena Pagnin, Aikaterini Mitrokotsa, Gerhard P Hancke, and Duncan S Wong. 2017. Two-hop distance-bounding protocols: Keep your friends close. IEEE Transactions on Mobile Computing (2017), 1723--1736.Google Scholar
L. Zhou, K. Yeh, G. Hancke, Z. Liu, and C. Su. 2018. Security and Privacy for the Industrial Internet of Things: An Overview of Approaches to Safeguarding Endpoints. IEEE Signal Processing Magazine, Vol. 35, 5 (Sep. 2018), 76--87. https://doi.org/10.1109/MSP.2018.2846297Google ScholarCross Ref
Yunhui Zhuang, Anjia Yang, Duncan S Wong, Guomin Yang, and Qi Xie. 2013. A highly efficient RFID distance bounding protocol without real-time PRF evaluation. In Conference on Network and System Security. Springer, 451--464.Google ScholarCross Ref

Index Terms

Security Implications of Implementing Multistate Distance-Bounding Protocols
1. Computer systems organization
  1. Embedded and cyber-physical systems
2. Security and privacy
  1. Formal methods and theory of security
    1. Logic and verification

Recommendations

Privacy-Preserving Distance-Bounding Proof-of-Knowledge
Information and Communications Security
Abstract
In distance-bounding protocols a prover wants to prove that it is located within a distance bound $D$ from a verifier. Distance-bounding ( $DB$ ) protocols have numerous applications including authentication and proximity checking. The privacy problem ...
Read More
RFID unilateral distance bounding protocols

Distance Bounding (DB) protocol is a lightweight protocol which is used in RFID, NFC and WSN. These protocols enable an entity to determine an upper bound on the physical distance to another entity as well as to authenticate the other entity. This leads ...
Read More
Reid et al.'s distance bounding protocol and mafia fraud attacks over noisy channels

Distance bounding protocols are an effective countermeasure against relay attacks including distance fraud, mafia fraud and terrorist fraud attacks. Reid et al. proposed the first symmetric key distance bounding protocol against mafia and terrorist ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CPS-SPC'19: Proceedings of the ACM Workshop on Cyber-Physical Systems Security & Privacy
November 2019
115 pages
ISBN:9781450368315
DOI:10.1145/3338499
General Chairs:
Lorenzo Cavallaro
King's College London, United Kingdom
,
Johannes Kinder
Bundeswehr University Munich, Germany
,
Program Chair:
Thorsten Holz
Ruhr-University Bochum, Germany
Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 11 November 2019
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
distance bounding protocols
physical layer security
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate53of66submissions,80%
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 3
  Total Citations
  View Citations
- 138
  Total Downloads
- Downloads (Last 12 months)5
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Security Implications of Implementing Multistate Distance-Bounding Protocols

CPS-SPC'19: Proceedings of the ACM Workshop on Cyber-Physical Systems Security & Privacy

ABSTRACT

References

Cited By

Index Terms

Recommendations

Privacy-Preserving Distance-Bounding Proof-of-Knowledge

RFID unilateral distance bounding protocols

Reid et al.'s distance bounding protocol and mafia fraud attacks over noisy channels