Distance-bounding Identification

Ahmad Ahmadi, Reihaneh Safavi-Naini

2017

Abstract

Distance bounding (DB) protocols allow a prover to convince a verifier that they are within a distance bound. We propose a new approach to formalizing the security of DB protocols that we call distance-bounding identification (DBID), and is inspired by the security definition of cryptographic identification protocols. Our model provides a natural way of modeling the strongest man-in-the-middle attack, making security of DB protocols in line with identification protocols. We compare our model with other existing models, and give a construction that is secure in the proposed model.

References

  1. Ahmadi, A. and Safavi-Naini, R. (2014). Privacypreserving distance-bounding proof-of-knowledge. In 16th International Conference on Information and Communications Security.
  2. Avoine, G., Bing öl, M. A., Kardas¸, S., Lauradoux, C., and Martin, B. (2011). A framework for analyzing RFID distance bounding protocols. Journal of Computer Security, pages 289-317.
  3. Bellare, M. and Palacio, A. (2002). Gq and schnorr identification schemes: Proofs of security against impersonation under active and concurrent attacks. In Annual International Cryptology Conference, pages 162-177. Springer.
  4. Boureanu, I., Mitrokotsa, A., and Vaudenay, S. (2013). Practical & provably secure distance-bounding. In The 16th Information Security Conference.
  5. Brands, S. and Chaum, D. (1994). Distance-bounding protocols. In Advances in Cryptology-EUROCRYPT'93 , pages 344-359. Springer.
  6. Chernoff, H. (1952). A measure of asymptotic efficiency for tests of a hypothesis based on the sum of observations. The Annals of Mathematical Statistics, 23(4):493-507.
  7. Cremers, C., Rasmussen, K. B., Schmidt, B., and Capkun, S. (2012). Distance hijacking attacks on distance bounding protocols. In Security and Privacy, pages 113-127.
  8. Desmedt, Y. (1988). Major security problems with the ünforgeablë(feige-)fiat-shamir proofs of identity and how to overcome them. In Congress on Computer and Communication Security and Protection Securicom'88, pages 147-159.
  9. Dürholz, U., Fischlin, M., Kasper, M., and Onete, C. (2011). A formal approach to distance-bounding RFID protocols. In Information Security, pages 47- 62. Springer.
  10. Gambs, S., Killijian, M.-O., Lauradoux, C., Onete, C., Roy, M., and Traoré, M. (2014). Vssdb: A verifiable secretsharing and distance-bounding protocol. In International Conference on Cryptography and Information security (BalkanCryptSec'14).
  11. Goldwasser, S. and Micali, S. (1984). Probabilistic encryption. Journal of computer and system sciences, 28(2):270-299.
  12. Hermans, J., Peeters, R., and Onete, C. (2013). Efficient, secure, private distance bounding without key updates. In Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks, pages 207-218. ACM.
  13. Hoeffding, W. (1963). Probability inequalities for sums of bounded random variables. Journal of the American statistical association, 58(301):13-30.
  14. Kurosawa, K. and Heng, S.-H. (2006). The power of identification schemes. InPublic Key Cryptography-PKC 2006, pages 364-377. Springer.
  15. Lyubashevsky, V. and Masny, D. (2013). Man-in-themiddle secure authentication schemes from lpn and weak prfs. In Advances in Cryptology - CRYPTO'13 , pages 308-325. Springer.
  16. Vaudenay, S. (2014). Proof of proximity of knowledge. IACR Eprint, 695.
  17. Definition 7. (One-way Function). By considering ? as the security parameter, an efficiently computable function OU T ? FUNC(IN), is oneway if there is no PPT algorithm that takes OU T as input and returns IN with non-negligible probability in terms of ?.
  18. Definition 8. (Zero-Knowledge Protocol).
  19. A pair of protocols (P(a),V (z)) is ?-zeroknowledge for P(a), if for any PPT interactive machine V *(z, aux) there is a PPT simulator S(z, aux) such that for any PPT distinguisher, any (a : z) ? L, and any aux ? {0, 1}*, the distinguishing advantage between the final view of V *, in the interaction P(a) ? V *(z, aux), and output of the simulator S(z, aux) is bounded by ?.
  20. Lemma 5. (Chernoff-Hoeffding Bound (Chernoff, 1952), (Hoeffding, 1963)). For any (e, n, t, q), we have the following inequalities n
  21. about the function Tail(n, t, ?) = i?=t ni ?i(1 -
Download


Paper Citation


in Harvard Style

Ahmadi A. and Safavi-Naini R. (2017). Distance-bounding Identification . In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-209-7, pages 202-212. DOI: 10.5220/0006211102020212


in Bibtex Style

@conference{icissp17,
author={Ahmad Ahmadi and Reihaneh Safavi-Naini},
title={Distance-bounding Identification},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2017},
pages={202-212},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006211102020212},
isbn={978-989-758-209-7},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Distance-bounding Identification
SN - 978-989-758-209-7
AU - Ahmadi A.
AU - Safavi-Naini R.
PY - 2017
SP - 202
EP - 212
DO - 10.5220/0006211102020212