ABSTRACT
A number of distance-bounding protocols have proposed multistate exchanges. In theory this can potentially improve the security of the protocol when using the same number of exchange rounds, i.e. as there are more than two states the probability of an attacker guessing a response correctly is lower. Similarly, for the same security probability, multistate distance-bounding protocols require less rounds. On the other hand, transmission errors during the timed exchange phase of the distance-bounding protocol also impact on the security of the protocol, as the verifier needs to allow a certain acceptance threshold of incorrect responses. This threshold causes False Acceptance and False Rejection in protocols and further influences the security of the protocol. In this paper, we investigate the security implications of multistate channel implementation and symbol energy considering their effect on the acceptance threshold. We show that implementing multistate responses using simple m- ary modulation methods found in contactless devices, does not necessarily provide the expected security improvement when devices have finite transmission energy to spend on challenge-response exchanges.
- Musab A Alturki, Max Kanovich, Tajana Ban Kirigin, Vivek Nigam, Andre Scedrov, and Carolyn Talcott. 2018. Statistical Model Checking of Distance Fraud Attacks on the Hancke-Kuhn Family of Protocols. In Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and Privacy. ACM, 60--71.Google ScholarDigital Library
- Gildas Avoine, Christian Floerkemeier, and Benjamin Martin. 2009. RFID distance bounding multistate enhancement. In International Conference on Cryptology in India. Springer, 290--307.Google ScholarDigital Library
- Stefan Brands and David Chaum. 1993. Distance-bounding protocols. In Workshop on the Theory and Application of of Cryptographic Techniques. Springer, 344--359.Google Scholar
- Jolyon Clulow, Gerhard P Hancke, Markus G Kuhn, and Tyler Moore. 2006. So near and yet so far: Distance-bounding attacks in wireless networks. In European Workshop on Security in Ad-hoc and Sensor Networks. Springer, 83--97.Google ScholarDigital Library
- Christos Dimitrakakis, Aikaterini Mitrokotsa, and Serge Vaudenay. 2012. Expected loss bounds for authentication in constrained channels. In Proceedings Ieee Infocom. Ieee, 478--485.Google ScholarCross Ref
- S. Drimer and S.J. Murdoch. 2007. Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks. In USENIX Security Symposium. Article No. 7.Google Scholar
- Rahim Entezari, Hossein Bahramgiri, and Mahnaz Tajamolian. 2015. An RFID unilateral distance bounding protocol and analysis over a noisy channel. International Journal of Mechatronics, Electrical and Computer Technology (2015), 1917--1932.Google Scholar
- A. Francillon, B. Danev, and S. Capkun. 2011. Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars. In Network and Distributed System Security (NDSS).Google Scholar
- L. Francis, G.P. Hancke, K.E. Mayes, and K. Markantonakis. 2012. Context-Aware Defenses to RFID Unauthorized Reading and Relay Attacks. In Proceedings of Workshop on RFID and IoT Security (RFIDsec Asia). pp. 21--32.Google Scholar
- T. Halevi, H. Li, D. Ma, N. Saxena, J. Voris, and T. Xiang. 2013. Context-Aware Defenses to RFID Unauthorized Reading and Relay Attacks. IEEE Transactions on Emerging Topics in Computing, Vol. 1, 2 (Dec 2013), 307--318.Google ScholarCross Ref
- G.P. Hancke, K. Mayes, and K. Markantonakis. 2011. Confidence in Smart Token Proximity: Relay Attacks Revisited. Computers and Security, Vol. 28, 7 (2011), pp. 615--627.Google ScholarDigital Library
- Gerhard P Hancke and Markus G Kuhn. 2005. An RFID distance bounding protocol. In Security and Privacy for Emerging Areas in Communications Networks. IEEE, 67--73.Google Scholar
- Gerhard P Hancke and Markus G Kuhn. 2008. Attacks on time-of-flight distance bounding channels. In Proceedings of the first ACM conference on Wireless network security. ACM, 194--202.Google ScholarDigital Library
- Qiao Hu, Jingyi Zhang, Aikaterini Mitrokotsa, and Gerhard Hancke. 2018. Tangible security: Survey of methods supporting secure ad-hoc connects of edge devices with physical context. Computers and Security, Vol. 78 (2018), 281 -- 300.Google ScholarCross Ref
- Hoda Jannati and Abolfazl Falahati. 2014. Mutual distance bounding protocol with its implementability over a noisy channel and its utilization for key agreement in peer-to-peer wireless networks. Wireless personal communications(2014), 127--149.Google Scholar
- Hoda Jannati and Abolfazl Falahati. 2015. Achieving an appropriate security level for distance bounding protocols over a noisy channel. Telecommunication Systems, Vol. 58, 3 (2015), 219--231.Google ScholarDigital Library
- Chong Hee Kim and Gildas Avoine. 2011. RFID distance bounding protocols with mixed challenges. IEEE Transactions on Wireless Communications (2011), 1618--1626.Google Scholar
- Chong Hee Kim, Gildas Avoine, Francc ois Koeune, Francc ois-Xavier Standaert, and Olivier Pereira. 2008. The swiss-knife RFID distance bounding protocol. In International Conference on Information Security and Cryptology. Springer, 98--115.Google Scholar
- Young-Sik Kim and Sang-Hyo Kim. 2011. RFID distance bounding protocol using m-ary challenges. In Convergence of Information and Communication Technology. IEEE, 782--783.Google Scholar
- L. P. I. Ledwaba, G. P. Hancke, H. S. Venter, and S. J. Isaac. 2018. Performance Costs of Software Cryptography in Securing New-Generation Internet of Energy Endpoint Devices. IEEE Access, Vol. 6 (2018), 9303--9323. https://doi.org/10.1109/ACCESS.2018.2793301Google ScholarCross Ref
- Sangho Lee, Jin Seok Kim, Sung Je Hong, and Jong Kim. 2012. Distance bounding with delayed responses. IEEE Communications Letters (2012), 1478--1481.Google Scholar
- Jorge Munilla, Andres Ortiz, and Alberto Peinado. 2006. Distance bounding protocols with void-challenges for RFID. In Printed handout at the Workshop on RFID Security--RFIDSec.Google Scholar
- Jorge Munilla and Alberto Peinado. 2008. Distance bounding protocols for RFID enhanced by using void-challenges and analysis in noisy channels. Wireless communications and mobile computing (2008), 1227--1232.Google Scholar
- Long Hoang Nguyen. 2011. Rational distance-bounding protocols over noisy channel. In Proceedings of the 4th international conference on Security of information and networks. ACM, 49--56.Google ScholarDigital Library
- Elena Pagnin, Anjia Yang, Gerhard Hancke, and Aikaterini Mitrokotsa. 2015. HB+DB, Mitigating Man-in-the-middle Attacks Against HB+ with Distance Bounding. In Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec '15). ACM, New York, NY, USA, Article 3, bibinfonumpages6 pages. https://doi.org/10.1145/2766498.2766516Google ScholarDigital Library
- Elena Pagnin, Anjia Yang, Qiao Hu, Gerhard Hancke, and Aikaterini Mitrokotsa. 2018. HB+DB: Distance bounding meets human based authentication. Future Generation Computer Systems, Vol. 80 (2018), 627--639.Google ScholarDigital Library
- A. Ranganathan and S. Capkun. 2017. Are We Really Close? Verifying Proximity in Wireless Systems. IEEE Security Privacy, Vol. 15, 3 (2017), 52--58.Google ScholarDigital Library
- Dave Singelée and Bart Preneel. 2007. Distance bounding in noisy environments. In European Workshop on Security in Ad-hoc and Sensor Networks. Springer, 101--115.Google ScholarCross Ref
- Dave Singelée and Bart Preneel. 2008. Limitations on the Usage of Noise Resilient Distance Bounding Protocols. Computer Security and Industrial Cryptography internal report (2008).Google Scholar
- A. Socievole, A. Ziviani, F. De Rango, A.V. Vasilakos, and E. Yoneki. 2016. Cyber-physical systems for Mobile Opportunistic Networking in Proximity (MNP). Computer Networks, Vol. 111 (2016), 1--5.Google ScholarDigital Library
- Y. Wang, A.V. Vasilakos, Q. Jin, and H. Zhu. 2017. Device-to-Device based Proximity Service: Architecture, Issues, and Applications. CRC Press.Google ScholarCross Ref
- Anjia Yang, Elena Pagnin, Aikaterini Mitrokotsa, Gerhard P Hancke, and Duncan S Wong. 2017. Two-hop distance-bounding protocols: Keep your friends close. IEEE Transactions on Mobile Computing (2017), 1723--1736.Google Scholar
- L. Zhou, K. Yeh, G. Hancke, Z. Liu, and C. Su. 2018. Security and Privacy for the Industrial Internet of Things: An Overview of Approaches to Safeguarding Endpoints. IEEE Signal Processing Magazine, Vol. 35, 5 (Sep. 2018), 76--87. https://doi.org/10.1109/MSP.2018.2846297Google ScholarCross Ref
- Yunhui Zhuang, Anjia Yang, Duncan S Wong, Guomin Yang, and Qi Xie. 2013. A highly efficient RFID distance bounding protocol without real-time PRF evaluation. In Conference on Network and System Security. Springer, 451--464.Google ScholarCross Ref
Index Terms
- Security Implications of Implementing Multistate Distance-Bounding Protocols
Recommendations
RFID unilateral distance bounding protocols
Distance Bounding (DB) protocol is a lightweight protocol which is used in RFID, NFC and WSN. These protocols enable an entity to determine an upper bound on the physical distance to another entity as well as to authenticate the other entity. This leads ...
Reid et al.'s distance bounding protocol and mafia fraud attacks over noisy channels
Distance bounding protocols are an effective countermeasure against relay attacks including distance fraud, mafia fraud and terrorist fraud attacks. Reid et al. proposed the first symmetric key distance bounding protocol against mafia and terrorist ...
Comments