TY - GEN
T1 - A terrorist-fraud resistant and extractor-free anonymous distance-bounding protocol
AU - Avoine, Gildas
AU - Bultel, Xavier
AU - Gambs, Sébastien
AU - Gérault, David
AU - Lafourcade, Pascal
AU - Onete, Cristina
AU - Robert, Jean Marc
N1 - Publisher Copyright:
© 2017 ACM.
PY - 2017/4/2
Y1 - 2017/4/2
N2 - Distance-bounding protocols have been introduced to thwart relay attacks against contactless authentication protocols. In this context, verifiers have to authenticate the credentials of untrusted provers. Unfortunately, these protocols are themselves subject to complex threats such as terroristfraud attacks, in which a malicious prover helps an accomplice to authenticate. Provably guaranteeing the resistance of distance-bounding protocols to these attacks is complex. The classical solutions assume that rational provers want to protect their long-term authentication credentials, even with respect to their accomplices. Thus, terrorist-fraud resistant protocols generally rely on artificial extraction mechanisms, ensuring that an accomplice can retrieve the credential of his partnering prover, if he is able to authenticate. We propose a novel approach to obtain provable terroristfraud resistant protocols that does not rely on an accomplice being able to extract any long-term key. Instead, we simply assume that he can replay the information received from the prover. Thus, rational provers should refuse to cooperate with third parties if they can impersonate them freely afterwards. We introduce a generic construction for provably secure distance-bounding protocols, and give three instances of this construction: (1) an efficient symmetric-key protocol, (2) a public-key protocol protecting the identities of provers against external eavesdroppers, and finally (3) a fully anonymous protocol protecting the identities of provers even against malicious verifiers that try to profile them.
AB - Distance-bounding protocols have been introduced to thwart relay attacks against contactless authentication protocols. In this context, verifiers have to authenticate the credentials of untrusted provers. Unfortunately, these protocols are themselves subject to complex threats such as terroristfraud attacks, in which a malicious prover helps an accomplice to authenticate. Provably guaranteeing the resistance of distance-bounding protocols to these attacks is complex. The classical solutions assume that rational provers want to protect their long-term authentication credentials, even with respect to their accomplices. Thus, terrorist-fraud resistant protocols generally rely on artificial extraction mechanisms, ensuring that an accomplice can retrieve the credential of his partnering prover, if he is able to authenticate. We propose a novel approach to obtain provable terroristfraud resistant protocols that does not rely on an accomplice being able to extract any long-term key. Instead, we simply assume that he can replay the information received from the prover. Thus, rational provers should refuse to cooperate with third parties if they can impersonate them freely afterwards. We introduce a generic construction for provably secure distance-bounding protocols, and give three instances of this construction: (1) an efficient symmetric-key protocol, (2) a public-key protocol protecting the identities of provers against external eavesdroppers, and finally (3) a fully anonymous protocol protecting the identities of provers even against malicious verifiers that try to profile them.
UR - https://www.scopus.com/pages/publications/85021867865
U2 - 10.1145/3052973.3053000
DO - 10.1145/3052973.3053000
M3 - Contribution to conference proceedings
AN - SCOPUS:85021867865
T3 - ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security
SP - 800
EP - 814
BT - ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer and Communications Security
PB - Association for Computing Machinery, Inc
T2 - 2017 ACM Asia Conference on Computer and Communications Security, ASIA CCS 2017
Y2 - 2 April 2017 through 6 April 2017
ER -