Authentication in conventional networks (like the Internet) is usually based upon something you know (e.g., a password), something you have (e.g., a smartcard) or something you are (biometrics). In mobile ad-hoc networks, location information can also be used to authenticate devices and users. We will focus on how a prover can securely show that (s)he is within a certain distance to a verifier. Brands and Chaum proposed the distance bounding protocol as a secure solution for this problem. However, this protocol is vulnerable to a socalled "terrorist fraud attack". In this paper, we will explain how to modify the distance bounding protocol to make it resistant to this kind of attacks. Recently, two other secure distance bounding protocols were published. We will discuss the properties of these protocols and show how to use it as a building block in a location verification scheme.
Implantable Medical Devices (IMDs) typically use proprietary protocols with no or limited security to wirelessly communicate with a device programmer. These protocols enable doctors to carry out critical functions, such as changing the IMD's therapy or collecting telemetry data, without having to perform surgery on the patient. In this paper, we fully reverse-engineer the proprietary communication protocol between a device programmer and the latest generation of a widely used Implantable Cardioverter Defibrillator (ICD) which communicate over a long-range RF channel (from two to five meters). For this we follow a black-box reverse-engineering approach and use inexpensive Commercial Off-The-Shelf (COTS) equipment. We demonstrate that reverse-engineering is feasible by a weak adversary who has limited resources and capabilities without physical access to the devices. Our analysis of the proprietary protocol results in the identification of several protocol and implementation weaknesses. Unlike previous studies, which found no security measures, this article discovers the first known attempt to obfuscate the data that is transmitted over the air. Furthermore, we conduct privacy and Denial-of-Service (DoS) attacks and give evidence of other attacks that can compromise the patient's safety. All these attacks can be performed without needing to be in close proximity to the patient. We validate that our findings apply to (at least) 10 types of ICDs that are currently on the market. Finally, we propose several practical short-and long-term countermeasures to mitigate or prevent existing vulnerabilities.
Abstract. Location information can be used to enhance mutual entity authentication protocols in wireless ad-hoc networks. More specifically, distance bounding protocols have been introduced by Brands and Chaum at Eurocrypt'93 to preclude distance fraud and mafia fraud attacks, in which a local impersonator exploits a remote honest user. Hancke and Kuhn have extended these protocols to cope with noisy channels. This paper presents an improved distance bounding protocol for noisy channels that offers a substantial reduction in the number of communication rounds compared to the Hancke and Kuhn protocol. The main idea is to use binary codes to correct bit errors occurring during the fast bit exchanges. Our protocol is perfectly suitable to be employed in noisy wireless environments such as RFID.
The emergence of pervasive computing devices has raised several privacy issues. In this paper, we address the risk of tracking attacks in RFID networks. Our contribution is threefold: (1) We repair three revised EC-RAC protocols of Lee, Batina and Verbauwhede and show that two of the improved authentication protocols are wide-strong privacypreserving and one wide-weak privacy-preserving; (2) We present the search protocol, a novel scheme which allows for privately querying a particular tag, and proof its security properties; and (3) We design a hardware architecture to demonstrate the implementation feasibility of our proposed solutions for a passive RFID tag. Due to the specific design of our authentication protocols, they can be realized with an area significantly smaller than other RFID schemes proposed in the literature, while still achieving the required security and privacy properties.
Physical-layer ngerprinting investigates how features extracted from radio signals can be used to uniquely identify devices. is paper proposes and analyses a novel methodology to ngerprint LoRa devices, which is inspired by recent advances in supervised machine learning and zero-shot image classi cation. Contrary to previous works, our methodology does not rely on localized and low-dimensional features, such as those extracted from the signal transient or preamble, but uses the entire signal. We have performed our experiments using 22 LoRa devices with 3 di erent chipsets. Our results show that identical chipsets can be distinguished with 59% to 99% accuracy per symbol, whereas chipsets from di erent vendors can be ngerprinted with 99% to 100% accuracy per symbol. e ngerprinting can be performed using only inexpensive commercial o-the-shelf so ware de ned radios, and a low sample rate of 1 Msps. Finally, we release all datasets and code pertaining to these experiments to the public domain.
Distance-bounding protocols allow a verifier to both authenticate a prover and evaluate whether the latter is located in his vicinity. These protocols are of particular interest in contactless systems, e.g., electronic payment or access control systems, which are vulnerable to distance-based frauds. This survey analyzes and compares in a unified manner many existing distance-bounding protocols with respect to several key security and complexity features.
Since the introduction of the concept of grouping proofs by Juels, which permit RFID tags to generate evidence that they have been scanned simultaneously, various new schemes have been proposed. Their common property is the use of symmetric-key primitives. However, it has been shown that such schemes often entail scalability, security and/or privacy problems. In this article, we extend the notion of public-key RFID authentication protocols and propose a privacy-preserving multi-party grouping-proof protocol which relies exclusively on the use of elliptic curve cryptography (ECC). It allows to generate a proof which is verifiable by a trusted verifier in an offline setting, even when readers or tags are potentially untrusted, and it is privacy-preserving in the setting of a narrowstrong attacker. We also demonstrate that our RFID grouping-proof protocol can easily be extended to use cases with more than two tags, without any additional cost for an RFID tag. To illustrate the implementation feasibility of our proposed solutions, we present a novel ECC hardware architecture designed for RFID.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.