access icon free Privacy failure in the public-key distance-bounding protocols

© The Institution of Engineering and Technology
Received 10/12/2014, Accepted 08/10/2015, Revised 23/09/2015, Published 01/07/2016

Public-key distance bounding protocols are well suited to defeat relay attacks in proximity access control systems when the author assume no prior shared key. At AsiaCCS 2014, Gambs, Onete, and Robert designed such a protocol with privacy protection for the prover. That is, the protocol hides the identity of the prover to active adversaries and the prover remains anonymous. In this study the author contradicts the result on this protocol by proving that an active adversary can easily identify one prover out of two possible ones. At WISEC 2013, Hermans, Peeters, and Onete proposed another protocol which is proven to protect the privacy of the prover. In this study the author complete their results and show that the protocol does not protect it in a strong sense. That is, if the adversary can corrupt the provers, then privacy is not guaranteed any more.

Inspec keywords: cryptographic protocols; data protection; authorisation; public key cryptography

Other keywords: relay attacks; privacy protection; WISEC 2013; AsiaCCS 2014; public-key distance-bounding protocols; privacy failure; proximity access control systems

Subjects: Data security; Cryptography

References

    1. 1)
      • 4. Hermans, J., Pashalidis, A., Vercauteren, F., et al: ‘A new RFID privacy model’. Computer Security – ESORICS'11, Leuven, Belgium, 2011 (Springer-Verlag) (LNCS6879), pp. 568587.
    2. 2)
      • 7. Avoine, G., Dysli, E., Oechslin, P.: ‘Reducing time complexity in RFID systems’. Selected Areas in Cryptography'05, Kingston, Ontario, Canada, 2006 (Springer-Verlag) (LNCS3897), pp. 291306.
    3. 3)
      • 12. Vaudenay, S.: ‘On Privacy for RFID’. To appear in the proceedings of ProvSec'15..
    4. 4)
      • 6. Gambs, S., Onete, C., Robert, J.-M.: ‘Prover anonymous and deniable distance-bounding authentication’. ACM Symp. on Information, Computer and Communications Security (ASIACCS'14), Kyoto, Japan, 2014 (ACM Press), pp. 501506.
    5. 5)
      • 2. Hermans, J., Peeters, R., Onete, C.: ‘Efficient, secure, private distance bounding without key updates’. ACM Conference on Security and Privacy in Wireless and Mobile Networks WISEC'13, Budapest, Hungary, 2013, (ACM), pp. 195206.
    6. 6)
      • 9. Vaudenay, S.: ‘Private and secure public-key distance bounding: application to NFC payment’. Financial Cryptography and Data Security (FC'15), San Juan, Puerto Rico, 2015 (Springer-Verlag) (LNCS8975), pp. 207216.
    7. 7)
      • 11. Vaudenay, S.: ‘Sound Proof of Proximity of Knowledge’. To appear in the proceedings of ProvSec'15.
    8. 8)
      • 8. Juels, A., Weis, S.: ‘Defining Strong Privacy for RFID’. Technical Report 2006/137, IACR, 2006, http://eprint.iacr.org/2006/137.
    9. 9)
      • 5. Ouafi, K., Vaudenay, S.: ‘Strong privacy for RFID systems from plaintext-aware encryption’. Cryptology and Network Security, 8th Int. Conf. CANS'12, Darmstadt, Germany, 2012 (Springer-Verlag) (LNCS7712), pp. 247262.
    10. 10)
      • 10. Vaudenay, S.: Proof of Proximity of Knowledge. IACR Eprint 2014/695 report, 2014.
    11. 11)
      • 3. Vaudenay, S.: ‘On privacy models for RFID’. Advances in Cryptology ASIACRYPT'07, Kuching, Malaysia, 2007 (LNCS4833), (Springer-Verlag), pp. 6887.
    12. 12)
      • 1. Brands, S., Chaum, D.: ‘Distance-bounding protocols (extended abstract)’. Advances in Cryptology EUROCRYPT'93, Lofthus, Norway, 1994 (LNCS765), Springer-Verlag, pp. 344359.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2014.0616
Loading

Related content

content/journals/10.1049/iet-ifs.2014.0616
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading