Mafia fraud attack against the R&amp;#x010C; Distance-Bounding Protocol

Mitrokotsa, Aikaterini; Onete, Cristina; Vaudenay, Serge

doi:10.1109/rfid-ta.2012.6404571

Cited by 14 publications

(25 citation statements)

References 17 publications

(28 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…People already suggested to protect location privacy [33], but this suffers from severe limitations as shown in [1,27]. Anonymity could also be considered in a way similar to RFID protocols [37,32,23].…”

Section: Resultsmentioning

confidence: 99%

Towards Secure Distance Bounding

Boureanu

Mitrokotsa

Vaudenay

2014

Fast Software Encryption

Self Cite

View full text Add to dashboard Cite

Abstract. Relay attacks (and, more generally, man-in-the-middle attacks) are a serious threat against many access control and payment schemes. In this work, we present distance-bounding protocols, how these can deter relay attacks, and the security models formalizing these protocols. We show several pitfalls making existing protocols insecure (or at least, vulnerable, in some cases). Then, we introduce the SKI protocol which enjoys resistance to all popular attack-models and features provable security. As far as we know, this is the first protocol with such all-encompassing security guarantees. Why Distance-Bounding?It is well known that a chess beginner can win against a chess grand-master easily by defeating two grand-masters concurrently, taking different colors in both games, and relaying the move of one master to the other. This is a pure relay attack where two masters play against each other while each of them thinks he is playing against a beginner.In real life, relay attacks find applications in access control. For instance, a car with a wireless key can be opened by relaying the communication between the key (the token) and the car. RFID-based access control to buildings can also be subject to relay attacks [21]. The same goes for (contactless) credit-card payments: a customer may try to pay for something on a malicious terminal which relays to a fake card paying for something more expensive [15].To defeat relay attacks, Brands and Chaum [9] introduced the notion of distance bounding protocol. This relies on the fact that information is local and it cannot travel faster than light. So, an RFID reader can identify when participants are close enough because the round-trip communication time has been small enough. The idea is that a prover holding a key x proves to a verifier that he is close to him. Ideally, this notion should behave like a traditional interactive proof system in the sense that it must satisfy:-completeness (i.e., an honest prover close to the verifier will pass the protocol with high probability)This invited paper summarizes results from [4,5,6,7,8].

show abstract

Section: Resultsmentioning

confidence: 99%

Towards Secure Distance Bounding

Boureanu

Mitrokotsa

Vaudenay

2014

Fast Software Encryption

Self Cite

View full text Add to dashboard Cite

show abstract

“…For [5,49,7,50,56,34,38,41,31,51,20], we mount new TF attacks. These attacks all follow the same scheme: the adversary is close to the verifier whereas the prover is far away.…”

Section: Improvements Of Attacksmentioning

confidence: 99%

“…As we can see in Table 2, many of the listed protocols use a PRF [29,47,33,42,44,5,37,36,7,45,50,4,56,28,34,55,38,41,31,12,25,51,[20][21][22]. It is possible to mount some attacks if the PRF used follows a certain form.…”

Section: Improvements Of Attacksmentioning

confidence: 99%

See 1 more Smart Citation

Survey of Distance Bounding Protocols and Threats

Brelurut

Gerault

Lafourcade

2016

Foundations and Practice of Security

View full text Add to dashboard Cite

Abstract. NFC and RFID are technologies that are more and more present in our life. These technologies allow a tag to communicate without contact with a reader. In wireless communication an intruder can always listen and forward a signal, so he can mount a so-called worm hole attack. In the last decades, several Distance Bounding (DB) protocols have been introduced to avoid such attacks. In this context, there exist several threat models: Terrorist Fraud, Mafia Fraud, Distance Fraud etc. We first show the links between the existing threat models. Then we list more than forty DB protocols and give the bounds of the best known attacks for different threat models. In some cases, we explain how we are able to improve existing attacks. Then, we present some advices to the designers of the DB protocols and to the intruders to mount some attacks.

show abstract

“…Though the protocol in [26] claims to preserve location privacy, we note that location privacy has never been formalised in the literature. Additionally, the RČ protocol has been shown to be susceptible to a non-polynomial dictionary attack which may reveal the prover's and verifier's locations [1] as well as to a mafia fraud attack [24]. Mitrokotsa et al [24] have proposed a new distance bounding protocol called Location-Private Distance Bounding (LPDB) that improves the basic construction of the RČ protocol and renders it secure against the latter attack.…”

Section: Introductionmentioning

confidence: 99%

Location leakage in distance bounding: Why location privacy does not work

Mitrokotsa

Onete

Vaudenay

2014

Computers & Security

Self Cite

View full text Add to dashboard Cite

Abstract. In many cases, we can only have access to a service by proving we are sufficiently close to a particular location (e.g. in automobile or building access control). In these cases, proximity can be guaranteed through signal attenuation. However, by using additional transmitters an attacker can relay signals between the prover and the verifier. Distancebounding protocols are the main countermeasure against such attacks; however, such protocols may leak information regarding the location of the prover and/or the verifier who run the distance-bounding protocol. In this paper, we consider a formal model for location privacy in the context of distance-bounding. In particular, our contributions are threefold: we first define a security game for location privacy in distance-bounding; secondly, we define an adversarial model for this game, with two adversary classes; finally, we assess the feasibility of attaining location privacy for distance-bounding protocols. Concretely, we prove that for protocols with a beginning or a termination, it is theoretically impossible to achieve location privacy for either of the two adversary classes, in the sense that there always exists a polynomially bounded adversary that wins the security game. However, for so-called limited adversaries, which cannot see the location of arbitrary provers, carefully chosen parameters do, in practice, enable computational location privacy.

show abstract

Mafia fraud attack against the RČ Distance-Bounding Protocol

Cited by 14 publications

References 17 publications

Towards Secure Distance Bounding

Towards Secure Distance Bounding

Survey of Distance Bounding Protocols and Threats

Location leakage in distance bounding: Why location privacy does not work

Contact Info

Product

Resources

About