Distance Bounding Protocols on TH-UWB Radios

Benfarah, Ahmed; Miscopein, Benoît; Gorce, Jean‐Marie; Lauradoux, Cédric; Roux, B.

doi:10.1109/glocom.2010.5684000

Cited by 8 publications

(7 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This kind of attacks is first introduced in [8]. By using the idea of [8], we improve some attacks on DF on [42,36,7,50,34,38,51,22,20,21] and one on MiM on [56]. We detail only one attack on DF and the one on MiM, but for the other protocols we give the PRF construction to mount a successful attack.…”

Section: Improvements Of Attacksmentioning

confidence: 99%

“…As we can see in Table 2, many of the listed protocols use a PRF [29,47,33,42,44,5,37,36,7,45,50,4,56,28,34,55,38,41,31,12,25,51,[20][21][22]. It is possible to mount some attacks if the PRF used follows a certain form.…”

Section: Improvements Of Attacksmentioning

confidence: 99%

“…For [5,49,7,50,56,34,38,41,31,51,20], we mount new TF attacks. These attacks all follow the same scheme: the adversary is close to the verifier whereas the prover is far away.…”

Section: Improvements Of Attacksmentioning

confidence: 99%

“…Except the FO protocol [25], because it uses two modes of execution: one verifies the transcript and the other not. PRF Output: From the moment where the output of the PRF is cut into several parts like in [29,42,5,36,7,50,4,34,55,38,51,[20][21][22], it is possible to mount an attack using PRF construction (see Section 3.1) and so an DF attack can be successful. All protocols cited before bear the consequences of this risk.…”

Section: Designmentioning

confidence: 99%

See 3 more Smart Citations

Survey of Distance Bounding Protocols and Threats

Brelurut

Gerault

Lafourcade

2016

Foundations and Practice of Security

View full text Add to dashboard Cite

Abstract. NFC and RFID are technologies that are more and more present in our life. These technologies allow a tag to communicate without contact with a reader. In wireless communication an intruder can always listen and forward a signal, so he can mount a so-called worm hole attack. In the last decades, several Distance Bounding (DB) protocols have been introduced to avoid such attacks. In this context, there exist several threat models: Terrorist Fraud, Mafia Fraud, Distance Fraud etc. We first show the links between the existing threat models. Then we list more than forty DB protocols and give the bounds of the best known attacks for different threat models. In some cases, we explain how we are able to improve existing attacks. Then, we present some advices to the designers of the DB protocols and to the intruders to mount some attacks.

show abstract

Section: Improvements Of Attacksmentioning

confidence: 99%

Section: Improvements Of Attacksmentioning

confidence: 99%

“…For [5,49,7,50,56,34,38,41,31,51,20], we mount new TF attacks. These attacks all follow the same scheme: the adversary is close to the verifier whereas the prover is far away.…”

Section: Improvements Of Attacksmentioning

confidence: 99%

Section: Designmentioning

confidence: 99%

See 2 more Smart Citations

Survey of Distance Bounding Protocols and Threats

Brelurut

Gerault

Lafourcade

2016

Foundations and Practice of Security

View full text Add to dashboard Cite

show abstract

“…An ID-based distance bounding protocol is implemented on proprietary IR radios in [20]. In [21], the authors design a time-hoppingbased IR PHY that is secure against external, but not internal attacks. Beyond IR-UWB, DB PHYs tailored to narrow-band RFID systems are proposed in [12], [22], [23], and a DB PHY for smartcards (wire-line) is introduced in [24].…”

Section: Introductionmentioning

confidence: 99%

On Secure and Precise IR-UWB Ranging

Poturalski

Flury

Papadimitratos

et al. 2012

IEEE Trans. Wireless Commun.

View full text Add to dashboard Cite

Abstract-To provide high ranging precision in multipath environments, a ranging protocol should find the first arriving path, rather than the strongest path. We demonstrate a new attack vector that disrupts such precise Time-of-Arrival (ToA) estimation, and allows an adversary to decrease the measured distance by a value in the order of the channel spread (10-20 meters). This attack vector can be used in previously reported physicalcommunication-layer (PHY) attacks against secure ranging (or distance bounding). Furthermore, it creates a new type of attack based on malicious interference: This attack is much easier to mount than the previously known external PHY attack (distancedecreasing relay) and it can work even if secret preamble codes are used.We evaluate the effectiveness of this attack for a PHY that is particularly well suited for precise ranging in multipath environments: Impulse Radio Ultra-Wideband (IR-UWB). We show, with PHY simulations and experiments, that the attack is effective against a variety of receivers and modulation schemes. Furthermore, we identify and evaluate three types of countermeasures that allow for precise and secure ranging.

show abstract