Distance Bounding Facing Both Mafia and Distance Frauds

@article{TrujilloRasua2014DistanceBF,
  title={Distance Bounding Facing Both Mafia and Distance Frauds},
  author={Rolando Trujillo-Rasua and Benjamin Martin and Gildas Avoine},
  journal={IEEE Transactions on Wireless Communications},
  year={2014},
  volume={13},
  pages={5690-5698}
}
Contactless technologies such as radio-frequency identification, near field communication, and sensor networks are vulnerable to mafia and distance fraud. These types of fraud are aimed at successfully passing an authentication protocol by cheating on the actual distance between the prover and the verifier. Distance-bounding protocols have been designed to cope with these security issues, but none of them properly resist these two types of fraud without requiring additional memory and… 

Figures and Tables from this paper

RFID Distance Bounding Protocol Secure Against Mafia and Terrorist Fraud
TLDR
A new protocol is proposed that reduces number of a hash computation and traffic than MP protocol and the experimental results show that the protocol is secure to terrorist and mafia fraud.
Survey of Distance Bounding Protocols and Threats
TLDR
This work lists more than forty Distance Bounding protocols and gives the bounds of the best known attacks for different threat models, and presents some advices to the designers of the DB protocols and to the intruders to mount some attacks.
Security of Distance-Bounding
TLDR
This survey analyzes and compares in a unified manner many existing distance-bounding protocols with respect to several key security and complexity features.
A Class of Precomputation-Based Distance-Bounding Protocols
TLDR
A novel family of protocols in this class of precomputation-based distance-bounding protocols is developed that resists well to mafia fraud attacks.
Comparing distance bounding protocols: A critical mission supported by decision theory
Attacks Formulation and Improvement of an Elliptic Curve-Based RFID/NFC Protocol
TLDR
This paper’s main work is to present the improvement of the UP protocol and make it secure against the mentioned attacks and prove that in both informal and formal form.
Mechanised Models and Proofs for Distance-Bounding
TLDR
FlexiDB is proposed, a new cryptographic model for distance bounding, parameterised by different types of fine-grained corruptions, and used to exhibit a flavour of man-in-the-middle security on a variant of MasterCard’s contactless-payment protocol.
BoxDB : Realistic Adversary Model for Distance Bounding
TLDR
A secure version of the EMV RRP protocol is proposed, called PayPass+, and it is shown that the strongest threat against DB protocols, namely terrorist frauds, need not be considered in formal DB-security models.
Precise and Mechanised Models and Proofs for Distance-Bounding and an Application to Contactless Payments
TLDR
A proof-of-concept mechanisation of FlexiDB is proposed in the interactive cryptographic prover EasyCrypt, and it is used to prove a flavour of man-in-the-middle security on a variant of MasterCard’s contactless-payment protocol.
...
...

References

SHOWING 1-10 OF 34 REFERENCES
The Poulidor Distance-Bounding Protocol
TLDR
This paper introduces the concept of distance-bounding protocols based on graphs while previous proposals rely on linear registers or binary trees and proposes an instance of the graph-based protocol that resists to both mafia and distance frauds without sacrificing memory.
Detecting relay attacks with timing-based protocols
TLDR
This paper presents the first symmetric key based distance-bounding protocol that is also resistant to so-called terrorist fraud, a variant of mafia fraud, and presents experimental results to support the arguments.
Distance Bounding in Noisy Environments
TLDR
An improved distance bounding protocol for noisy channels that offers a substantial reduction in the number of communication rounds compared to the Hancke and Kuhn protocol and uses binary codes to correct bit errors occurring during the fast bit exchanges.
RFID Distance Bounding Protocols with Mixed Challenges
TLDR
New distance bounding protocols, based on binary mixed challenges, that converge toward the expected and optimal (1/2)n bound and which only require little memory are introduced.
Distance-Bounding Proof of Knowledge to Avoid Real-Time Attacks
TLDR
A solution preventing frauds where a malicious prover and an intruder collaborate to cheat a verifier and a solution preventing both types of attacks is provided.
An RFID Distance Bounding Protocol
  • G. Hancke, M. Kuhn
  • Computer Science
    First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05)
  • 2005
TLDR
A new distance-bounding protocol based on ultra-wideband pulse communication is proposed, aimed at being implementable using only simple, asynchronous, low-power hardware in the token, particularly well suited for use in passive low-cost tokens, noisy environments and high-speed applications.
Attacks on time-of-flight distance bounding channels
TLDR
It is concluded that conventional RF channels can be problematic for secure distance- bounding implementations and the merits and weaknesses of special distance-bounding channels that have been proposed for RFID applications are discussed.
RFID Distance Bounding Multistate Enhancement
TLDR
A generic technique called MUltiState Enhancement that is based on a more efficient use of void challenges that significantly improves the performances of the already-published distance bounding protocols and extends the void challenges to p-symbols.
The Swiss-Knife RFID Distance Bounding Protocol
TLDR
It is proved, with respect to the previous protocols, that the proposed protocol is the best one in terms of security, privacy, tag computational overhead, and fault tolerance.
A Distance Bounding Protocol Using Error State and Punishment
TLDR
A modification of distance bounding protocols using `error state' which stands for the number of response bit errors that have already occurred is considered, which sets a maximal error number to prevent adversary from malicious queries and applies a punishment mechanism for error responding.
...
...