Distance Bounding Protocol for Multiple RFID Tag Authentication

Kapoor, Gaurav; Zhou, Wei; Piramuthu, Selwyn

doi:10.1109/euc.2008.48

Cited by 19 publications

(17 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As we can see in Table 2, many of the listed protocols use a PRF [29,47,33,42,44,5,37,36,7,45,50,4,56,28,34,55,38,41,31,12,25,51,[20][21][22]. It is possible to mount some attacks if the PRF used follows a certain form.…”

Section: Improvements Of Attacksmentioning

confidence: 99%

“…They are in bold in Tables 1 and 2, and are the following: KZP (2008) [33], Hitomi (2010) [45], NUS (2011) [28], SKI pro (2013) [9], FO (2013) [25], DB1 (2014) [12], DB2 (2014) [12], ProProx (2014) [53] and VSSDB (2014) [26]. The security level for impersonation fraud are the same for all these protocols and it is the best security level, i.e., it is equivalent at the security against brute force.…”

Section: Comparison Of Db Protocolsmentioning

confidence: 99%

“…All protocols cited before bear the consequences of this risk. Then it is better to avoid splitting the result of a PRF in order to avoid such kind of attacks like in [47,33,44,37,45,56,28,12,25]. Specifics Responses: -Some protocols [14,56] use two complementary values to respond to the verifier's challenge to prevent DF attack, in other words for a challenge equal to 0 the verifier waits the value r i = v i and for the challenge equal to 1 the verifier waits the value r i =v i .…”

Section: Designmentioning

confidence: 99%

See 2 more Smart Citations

Survey of Distance Bounding Protocols and Threats

Brelurut

Gerault

Lafourcade

2016

Foundations and Practice of Security

View full text Add to dashboard Cite

Abstract. NFC and RFID are technologies that are more and more present in our life. These technologies allow a tag to communicate without contact with a reader. In wireless communication an intruder can always listen and forward a signal, so he can mount a so-called worm hole attack. In the last decades, several Distance Bounding (DB) protocols have been introduced to avoid such attacks. In this context, there exist several threat models: Terrorist Fraud, Mafia Fraud, Distance Fraud etc. We first show the links between the existing threat models. Then we list more than forty DB protocols and give the bounds of the best known attacks for different threat models. In some cases, we explain how we are able to improve existing attacks. Then, we present some advices to the designers of the DB protocols and to the intruders to mount some attacks.

show abstract

Section: Improvements Of Attacksmentioning

confidence: 99%

Section: Comparison Of Db Protocolsmentioning

confidence: 99%

Section: Designmentioning

confidence: 99%

See 1 more Smart Citation

Survey of Distance Bounding Protocols and Threats

Brelurut

Gerault

Lafourcade

2016

Foundations and Practice of Security

View full text Add to dashboard Cite

show abstract

“…Distance-Bounding Protocols. The great majority of distance-bounding protocols [10,12,14,16] consist of a data-agreement phase or initialisation phase and a time-critical, fast computation-based distance-bounding phase. Fig.…”

Section: Distance-bounding Protocols and The Prf Assumptionmentioning

confidence: 99%

“…The tag is often referred to as the prover whereas the reader is referred to as a verifier. In the vast literature covering such protocols (e.g., [10,12,14,16]), three main/classical types of possible attacks have been distinguished. The first is distance-fraud (DF), in which a prover tries to convince that he is closer than what he really is.…”

Section: Introductionmentioning

confidence: 99%

On the Pseudorandom Function Assumption in (Secure) Distance-Bounding Protocols

Boureanu

Mitrokotsa

Vaudenay

2012

Progress in Cryptology – LATINCRYPT 2012

View full text Add to dashboard Cite

Abstract. In this paper, we show that many formal and informal security results on distance-bounding (DB) protocols are incorrect/ incomplete. We identify that this inadequacy stems from the fact that the pseudorandom function (PRF) assumption alone, invoked in many security claims, is insufficient. To this end, we identify two distinct shortcomings of invoking the PRF assumption alone: one leads to distance-fraud attacks, whilst the other opens for man-in-the-middle (MiM) attacks. First, we describe -in a more unitary, formal fashion-why assuming that a family of functions classically used inside DB protocols is solely a PRF is unsatisfactory and what generic security flaws this leads to. Then, we present concrete constructions that disprove the PRF-based claimed security of several DB protocols in the literature; this is achieved by using some PRF programming techniques. Whilst our examples may be considered contrived, the overall message is clear: the PRF assumption should be strengthened in order to attain security against distance-fraud and MiM attacks in distance-bounding protocols!

show abstract