Cristina Onete

Learn More
Kundu and Bertino (VLDB 2008) recently introduced the idea of structural signatures for trees which support public redaction of subtrees (by third-party distributors) while pertaining the integrity of the remaining parts. An example is given by signed XML documents of which parts should be sanitized before being published by a distributor not holding the(More)
We propose a new distance bounding protocol, which builds upon the private RFID authentication protocol by Peeters and Hermans [25]. In contrast to most distance-bounding protocols in literature, our construction is based on public-key cryptography. Public-key cryptography (specifically Elliptic Curve Cryptography) can, contrary to popular belief, be(More)
Distance-Bounding identification protocols aim at impeding man-in-themiddle attacks by measuring response times. There are three kinds of attacks such protocols could address: (1) Mafia attacks where the adversary relays communication between honest prover and honest verifier in different sessions; (2) Terrorist attacks where the adversary gets limited(More)
Distance-bounding protocols prevent man-in-the-middle attacks by measuring response times. The four attacks such protocols typically address, recently formalized in [10], are: (1) mafia fraud, where the adversary must impersonate to a verifier in the presence of an honest prover; (2) terrorist fraud, where the adversary gets some offline prover support to(More)
In distance-bounding authentication protocols, a verifier assesses that a prover is (1) legitimate and (2) in the verifier's proximity. Proximity checking is done by running time-critical exchanges between both parties. This enables the verifier to detect relay attacks (also called mafia fraud). While most distance-bounding protocols offer resistance to(More)
TLS is one of the most widely deployed cryptographic protocols on the Internet; it is used to protect the confidentiality and integrity of transmitted data in various client-server protocols. Its non-standard use of cryptographic primitives, however, makes it hard to formally assess its security. It is in fact difficult to use traditional (well-understood)(More)
Distance-bounding protocols prevent man-in-the-middle attacks by measuring response times. Recently, Dürholz et al. [10] formalized the four attacks such protocols typically address: (1) mafia attacks, where the adversary must impersonate to a verifier in the presence of an honest prover; (2) terrorist attacks, where the adversary gets some offline prover(More)
At ACM CCS 2008, Rasmussen and Čapkun introduced a distance-bounding protocol [22] (henceforth RČ protocol) where the prover and verifier use simultaneous transmissions and the verifier counts the delay between sending a challenge (starting with a hidden marker) and receiving the response. Thus, the verifier is able to compute an upper bound on the distance(More)
In many cases, we can only have access to a service by proving we are sufficiently close to a particular location (e.g., in automobile or building access control). In these cases, proximity can be guaranteed through signal attenuation. However, by using additional transmitters an attacker can relay signals between the prover and the verifier.(More)