A Terrorist-fraud Resistant and Extractor-free Anonymous Distance-bounding Protocol

Avoine, Gildas; Bultel, Xavier; Gambs, Sébastien; Gerault, David; Lafourcade, Pascal; Onete, Cristina; Robert, Jean‐Marc

doi:10.1145/3052973.3053000

Cited by 29 publications

(32 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is therefore the first fully automated formal verification framework for distance-bounding protocols. With our automated verification, we identified unreported vulnerabilities in two recent protocols: a mafia-fraud and a distancehijacking attack on the TREAD protocol [24], and a distancefraud attack against the EMV-based contactless payment protocol PaySafe [25].…”

Section: Resultsmentioning

confidence: 99%

“…To explain the overall methodology we use to analyse distance-bounding protocols, we perform a comprehensive analysis of the Terrorist-fraud Resistant and Extractor-free Anonymous Distance-bounding (TREAD) protocol [24] in Section 6.1. Later on, in Section 6.2 we show and discuss the results of our automated verification.…”

Section: Automated Verificationmentioning

confidence: 99%

“…Various protocols have been proposed following this characteristic of Brands and Chaum's approach, e.g. [21,22,23,24,25] whilst others employ Hancke and Kuhn's design, such as [26,27,28,29,30].…”

Section: Introductionmentioning

confidence: 99%

“…Originally, a terrorist-fraud attack consisted in a far-away dishonest prover passing the distancebounding protocol with the help of the adversary, but without leaking the prover's long-term key [6]. Many attempts to formalize this intuition have been made in computational models [8,37,38,24]. Yet, there seems to be no agreement on the appropriate definition.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Distance-Bounding Protocols: Verification Without Time and Location

Mauw

Smith

Toro-Pozo

et al. 2018

2018 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

Distance-bounding protocols are cryptographic protocols that securely establish an upper bound on the physical distance between the participants. Existing symbolic verification frameworks for distance-bounding protocols consider timestamps and the location of agents. In this work we introduce a causalitybased characterization of secure distance-bounding that discards the notions of time and location. This allows us to verify the correctness of distance-bounding protocols with standard protocol verification tools. That is to say, we provide the first fully automated verification framework for distance-bounding protocols. By using our framework, we confirmed known vulnerabilities in a number of protocols and discovered unreported attacks against two recently published protocols.Keywords -distance bounding; security; causality; formal verification * This work has been accepted for publication at the proceedings of the 39th IEEE Symposium on Security and Privacy, S&P 2018. This is the authors' preprint version. For reference use published version at IEEE Xplore DL https://ieeexplore.ieee.org/document/8418584. Do not distribute without explicit permission.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Automated Verificationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Distance-Bounding Protocols: Verification Without Time and Location

Mauw

Smith

Toro-Pozo

et al. 2018

2018 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

show abstract

“…Indeed, the threat model for DB is in constant evolution [23], and new attacks appear regularly: [4,11] present more than 40 protocols, most of which are vulnerable to at least one attack. In particular, the notion of terrorist fraud and how to provably resist it lead to numerous publications, e.g., [5,21,24,39].…”

Section: Introductionmentioning

confidence: 99%

Distance bounding under different assumptions

Gerault

Boureanu

2019

Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks

View full text Add to dashboard Cite

Distance-bounding protocols were introduced in 1993 as a countermeasure to relay attacks, in which an adversary fraudulently forwards the communication between a verifier and a distant prover. In the more than 40 different protocols that followed, assumptions were taken on the structure of distance-bounding protocols and their threat models. In this paper, we survey works disrupting these assumptions, and discuss the remaining challenges. CCS CONCEPTS • Security and privacy → Authentication; Security protocols; Formal security models; Cryptanalysis and other attacks; • Networks → Mobile and wireless security.

show abstract