Symbolic Analysis of Terrorist Fraud Resistance

Abstract: Distance-bounding protocols aim at preventing several kinds of attacks, amongst which terrorist fraud, where a far away malicious prover colludes with an attacker to authenticate once, without giving him any advantage for future authentication. In this paper, we consider a symbolic setting and propose a formal definition of terrorist fraud, as well as two reduction results. When looking for an attack, we can first restrict ourselves to consider a particular (and quite simple) topology. Moreover, under some mil… Show more

“…We now apply coalition-cast vCGS to the modelling of secure systems and their threats. We start by recalling the setting of Terrorist-Fraud Attacks [19] and the distance-bounding protocol by Hancke and Kuhn [31], then give an A-cast vCGS model for this protocol and an ATL formula expressing the existence of an attack against the protocol, and finally we argue why the results from Section 4 are relevant for this case study.…”

“…terrorist fraud (see description below), it can be easily proven that if there is an attack on the version of protocol presented in Figure 1, then there is an attack in the original protocol in [31] and vice-versa. Formal symbolic verification methodologies [16] such as the recent [18,40,19] are only able to capture the HK version presented in Figure 1 (i.e., modelling 1-bitstring challenge and not m 1-bit challenges); and this is true w.r.t. checking for all attacks/properties, not just terrorist frauds.…”

“…Symbolic security verification of distance bounding (DB) as opposed to computational analysis [16] has emerged only in the last two years [40,18,19]. As the most recent line of this type [19] shows, TF attacks can be expressed therein only as a simple approximation by imposing sequence of events.…”

“…Symbolic security verification of distance bounding (DB) as opposed to computational analysis [16] has emerged only in the last two years [40,18,19]. As the most recent line of this type [19] shows, TF attacks can be expressed therein only as a simple approximation by imposing sequence of events. That is because in the processalgebraic [15] or rewriting-based approaches [41] used therein, collusions cannot be expressed either the system-modelling level or at the property-encoding level.…”

“…That said, verifying security against collusions-based attacks such as terrorist-frauds [10] in identification schemes is a notoriously difficult problem in security verification [17]. And, even the most recent formalisms attempting this [19] fall short of encapsulating the strategic nature of this property or of the threat-model it views; instead, [19] looks at correspondence of events in applied π-calculus (i.e., if agents did a series of actions with one result, then later another fact must be the case). Instead, they use arguably crude approximations (based on causalities/correspondence of events in process calculi [15]) of what a collusive attack would be.…”

Model Checking Strategic Abilities in Information-sharing Systems

“…We now apply coalition-cast vCGS to the modelling of secure systems and their threats. We start by recalling the setting of Terrorist-Fraud Attacks [19] and the distance-bounding protocol by Hancke and Kuhn [31], then give an A-cast vCGS model for this protocol and an ATL formula expressing the existence of an attack against the protocol, and finally we argue why the results from Section 4 are relevant for this case study.…”

“…terrorist fraud (see description below), it can be easily proven that if there is an attack on the version of protocol presented in Figure 1, then there is an attack in the original protocol in [31] and vice-versa. Formal symbolic verification methodologies [16] such as the recent [18,40,19] are only able to capture the HK version presented in Figure 1 (i.e., modelling 1-bitstring challenge and not m 1-bit challenges); and this is true w.r.t. checking for all attacks/properties, not just terrorist frauds.…”

“…Symbolic security verification of distance bounding (DB) as opposed to computational analysis [16] has emerged only in the last two years [40,18,19]. As the most recent line of this type [19] shows, TF attacks can be expressed therein only as a simple approximation by imposing sequence of events.…”

“…Symbolic security verification of distance bounding (DB) as opposed to computational analysis [16] has emerged only in the last two years [40,18,19]. As the most recent line of this type [19] shows, TF attacks can be expressed therein only as a simple approximation by imposing sequence of events. That is because in the processalgebraic [15] or rewriting-based approaches [41] used therein, collusions cannot be expressed either the system-modelling level or at the property-encoding level.…”

“…That said, verifying security against collusions-based attacks such as terrorist-frauds [10] in identification schemes is a notoriously difficult problem in security verification [17]. And, even the most recent formalisms attempting this [19] fall short of encapsulating the strategic nature of this property or of the threat-model it views; instead, [19] looks at correspondence of events in applied π-calculus (i.e., if agents did a series of actions with one result, then later another fact must be the case). Instead, they use arguably crude approximations (based on causalities/correspondence of events in process calculi [15]) of what a collusive attack would be.…”

Model Checking Strategic Abilities in Information-sharing Systems

Symbolic Analysis of Terrorist Fraud Resistance

Mechanised Models and Proofs for Distance-Bounding