Abstract
The continuous adoption of Near Field Communication (NFC) tags offers many new applications whose security is essential (e.g., contactless payments). In order to prevent flaws and attacks, we develop in this article a framework allowing us to analyse the underlying security protocols, taking into account the location of the agents and the transmission delay when exchanging messages. We propose two reduction results to render automatic verification possible relying on the existing verification tool
- [1] . 2001. Mobile values, new names, and secure communication. In Proceedings of the 28th Symposium on Principles of Programming Languages (POPL’01). ACM Press, London, UK, 104–115.Google Scholar
Digital Library
- [2] . 2019. Security of distance-bounding: A survey. Comput. Surveys 51, 5 (2019), 94:1–94:33.Google Scholar
- [3] . 2011. A framework for analyzing RFID distance bounding protocols. Journal of Computer Security 19, 2 (2011), 289–317.Google Scholar
Cross Ref
- [4] . 2017. A terrorist-fraud resistant and extractor-free anonymous distance-bounding protocol. In Proceedings of the 12th ACM Asia Conference on Computer and Communications Security (AsiaCCS’17). ACM Press, Abu Dhabi, United Arab Emirates, 800–814.Google Scholar
Digital Library
- [5] . 2009. An efficient distance bounding RFID authentication protocol: Balancing false-acceptance rate and memory requirement. In Proceedings of the 12th International Conference on Information Security (ISC’09), vol. 5735. Springer, Pisa, Italy. 250–261.Google Scholar
Digital Library
- [6] . 2011. Formal reasoning about physical properties of security protocols. ACM Transactions on Information and System Security 14, 2 (2011), 16.Google Scholar
Digital Library
- [7] . 2018. A formal analysis of 5G authentication. In Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS’18) ACM, Toronto, ON, Canada, 1383–1396.Google Scholar
Digital Library
- [8] . 2017. Verified models and reference implementations for the TLS 1.3 Standard Candidate. In Proceedings of the 38th IEEE Symposium on Security and Privacy (S&P’17). IEEE Computer Society, San Jose, CA, USA, 483–503.Google Scholar
Cross Ref
- [9] . 2001. An efficient cryptographic protocol verifier based on Prolog rules. In Proceedings of the 4th IEEE Computer Security Foundations Workshop (CSFW’01). IEEE Computer Society, Cape Breton, Nova Scotia, Canada, 82–96.Google Scholar
Cross Ref
- [10] . 2016. Modeling and verifying security protocols with the applied pi calculus and ProVerif. Foundations and Trends in Privacy and Security 1, 1–2 (2016), 1–135.Google Scholar
Digital Library
- [11] . 2017. Symbolic and computational mechanized verification of the ARINC823 avionic protocols. In Proceedings of the 30th IEEE Computer Security Foundations Symposium (CSF’17). IEEE Computer Society. 68–82.Google Scholar
Cross Ref
- [12] . 2020. Security analysis and implementation of relay-resistant contactless payments. In Proceedings of the 27th ACM Conference on Computer and Communications Security (CCS’20). AC. 879–898.Google Scholar
Digital Library
- [13] . 2013. Secure and lightweight distance-bounding. In Proceedings of the 2nd International Workshop on Lightweight Cryptography for Security and Privacy (LightSec’13),
Lecture Notes in Computer Science , Vol. 8162. Springer, Berlin, 97–113.Google ScholarCross Ref
- [14] . 1993. Distance-bounding protocols. In Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques (EUROCRYPT’93). Springer, Lofthus, Norway, 344–359.Google Scholar
- [15] . 2016. A prover-anonymous and terrorist-fraud resistant distance-bounding protocol. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks (WISEC’16). ACM Press, Darmstadt, Germany, 121–133.Google Scholar
Digital Library
- [16] . 2003. SECTOR: Secure tracking of node encounters in multi-hop wireless networks. In Proceedings of the 1st ACM Workshop on Security of Ad Hoc and Sensor Networks. ACM, Fairfax, Virginia, 21–32.Google Scholar
Digital Library
- [17] . 2017. Verification of randomized security protocols. In Proceedings of the 32nd Annual IEEE Symposium on Logic in Computer Science (LICS’17). IEEE, Reykjavik, Iceland, 1–12.Google Scholar
Cross Ref
- [18] . 2018. Modelling and analysis of a hierarchy of distance bounding attacks. In Proceedings of the 27th USENIX Security Symposium (USENIX’18). USENIX Association, Baltimore, MD, USA, 1563–1580.Google Scholar
- [19] . 2015. Relay cost bounding for contactless EMV payments. In Proceedings of the 19th International Conference on Financial Cryptography and Data Security (FC’15)
L ecture Notes in Computer Science, Vol. 8975, Springer, Berlin, 189–206.Google ScholarCross Ref
- [20] . 2019. BeleniosVS: Secrecy and verifiability against a corrupted voting device. In Proceedings of the 32nd Computer Security Foundations Symposium (CSF’19). Hoboken, NJ, USA. 367–381.Google Scholar
Cross Ref
- [21] . 2018. A formal analysis of the Neuchâtel e-voting protocol. In Proceedings of the 3rd IEEE European Symposium on Security and Privacy (EuroS&P’18). London, United Kingdom. 430–442.Google Scholar
Cross Ref
- [22] . 2012. Distance hijacking attacks on distance bounding protocols. In Proceedings of the 33rd IEEE Symposium on Security and Privacy (S&P’12). San Francisco, California, USA, 113–127.Google Scholar
Digital Library
- [23] . 2019. Symbolic verification of distance bounding protocols. In Proceedings of the 8th International Conference on Principles of Security and Trust (POST’19),
L ecture Notes in Computer Science, Vol. 11426. Springer, Prague, Czech Republic, 149–174.Google ScholarCross Ref
- [24] 2020. So near and yet so far - Symbolic verification of distance-bounding protocols.
Research Report . Univ Rennes, CNRS, IRISA, France. Retrieved December 21, 2021 from https://hal.inria.fr/hal-02965322.Google Scholar - [25] . 2018. A symbolic framework to analyse physical proximity in security protocols. In Proceedings of the 38th IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS’18) (LIPIcs), Vol. 122. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik.Google Scholar
- [26] . 2019. Symbolic analysis of terrorist fraud resistance. In Proceedings of the 24th European Symposium on Research in Computer Security (ESORICS’19),Lecture Notes in Computer Science, Vol. 11735. Springer, Berlin, 383–403.Google Scholar
Digital Library
- [27] . Major security problems with the ‘unforgeable’ (Feige)-Fiat-Shamir proofs of identity and how to overcome them. In Proceedings of SECURICOM’88.Google Scholar
- [28] . 1987. Special uses and abuses of the Fiat-Shamir passport protocol. In Proceedings of the 7th Conference on the Theory and Applications of Cryptographic Techniques (CRYPTO’87). Springer, Santa Barbara, California, 21–39.Google Scholar
- [29] . 1981. On the security of public key protocols. In Proceedings of the 22nd Symposium on Foundations of Computer Science (FOCS’81). IEEE Computer Society, Nashville, Tennessee, USA. 350–357.Google Scholar
Digital Library
- [30] . 2018. Automated unbounded verification of stateful cryptographic protocols with exclusive OR. In Proceedings of the 31st IEEE Computer Security Foundations Symposium (CSF’18). IEEE Computer Society, Oxford, United Kingdom, 359–373.Google Scholar
Cross Ref
- [31] . 2007. Keep your enemies close: Distance bounding against smartcard relay attacks. In Proceedings of the 16th USENIX Security Symposium (USENIX’07), Vol. 312. USENIX Association, Boston, MA, USA.Google Scholar
- [32] . 2011. A formal approach to distance-bounding RFID protocols. In Proceedings of the 14th International Conference on Information Security (ISC’11),Lecture Notes in Computer Science, Vol. 7001. Springer, Berlin, 47–62.Google Scholar
Cross Ref
- [33] 2016. EMV Contactless Specifications for Payment Systems, version 2.6. (2016).Google Scholar
- [34] . 2013. Subtle kinks in distance-bounding: An analysis of prominent protocols. In Proceedings of the 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks. 195–206.Google Scholar
Digital Library
- [35] . 2011. Relay attacks on passive keyless entry and start systems in modern cars. In Proceedings of the Network and Distributed System Security Symposium (NDSS’11). The Internet Society.Google Scholar
- [36] . 2018. Security Analysis of Contactless Communication Protocols. Ph.D. Dissertation. Université Clermont Auvergne.Google Scholar
- [37] . 2020. A spectral analysis of noise: A comprehensive, automated, formal analysis of Diffie-Hellman protocols. In Proceedings of the 29th USENIX Security Symposium (USENIX’20). USENIX Association, 1857–1874.Google Scholar
- [38] . 2019. Improving automated symbolic analysis of ballot secrecy for e-voting protocols: A method based on sufficient conditions. In Proceedings of the 4th IEEE European Symposium on Security and Privacy (EuroS&P’19). IEEE, Stockholm, Sweden, 635–650.Google Scholar
Cross Ref
- [39] . 2017. Proximity check for communication devices. (
Oct. 31 , 2017).US Patent 9,805,228. Google Scholar - [40] . 2016. Efficient public-key distance bounding protocol. In Proceedings of the 22nd International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT’16), Lecture Notes in Computer Science, Vol. 10032. Springer, Berlin, 873–901.Google Scholar
- [41] . 2008. The Swiss-Knife RFID distance bounding protocol. In Proceedings of the 11th International Conference on Information Security and Cryptology (ICISC’08), Lecture Notes in Computer Science., Vol. 5461. Springer, Berlin, 98–115.Google Scholar
- [42] . 2017. Automated verification for secure messaging protocols and their implementations: A symbolic and computational approach. In Proceedings of the 2nd IEEE European Symposium on Security and Privacy (EuroS&P’17). 435–450.Google Scholar
Cross Ref
- [43] . 2018. Distance-bounding protocols: Verification without time and location. In Proceedings of the 39th IEEE Symposium on Security and Privacy (S&P’18). 152–169.Google Scholar
Cross Ref
- [44] . 2019. Post-collusion security and distance bounding. In Proceedings of the 26th ACM Conference on Computer and Communications Security (CCS’19). ACM, London, UK, 941–958.Google Scholar
Digital Library
- [45] . 2016. A class of precomputation-based distance-bounding protocols. In Proceedings of the 1st IEEE European Symposium on Security and Privacy (EuroS&P’16). IEEE, Saarbrücken, Germany, 97–111.Google Scholar
Cross Ref
- [46] . 2007. Distance bounding protocols: Authentication logic analysis and collusion attacks. In Proceedings of the Secure Localization and Time Synchronization for Wireless Sensor and Ad Hoc Networks. Springer, 279–298.Google Scholar
Cross Ref
- [47] . 2013. The Tamarin prover for the symbolic analysis of security protocols. In Proceedings of the 25th International Conference on Computer Aided Verification (CAV’13), Lecture Notes in Computer Science, Vol. 8044. Springer, Berlin, 696–701.Google Scholar
Cross Ref
- [48] . 1999. Undecidability of bounded security protocols. In Proceedings of the Workshop on Formal Methods and Security Protocols.Google Scholar
- [49] . 2008. Distance bounding protocols for RFID enhanced by using void-challenges and analysis in noisy channels. Wireless Communications and Mobile Computing 8, 9 (2008), 1227–1232.Google Scholar
Cross Ref
- [50] . 2016. Towards the automated verification of cyber-physical security protocols: Bounding the number of timed intruders. In Proceedings of the 21st European Symposium on Research in Computer Security (ESORICS’16), Vol. 9879. Springer, Heraklion, Greece. 450–470.Google Scholar
Cross Ref
- [51] . 2002. Isabelle/HOL: A proof assistant for higher-order logic. Vol. 2283. Springer Science & Business Media.Google Scholar
Cross Ref
- [52] . 2010. Realization of RF distance bounding. In Proceedings of the 19th USENIX Security Symposium (USENIX’10). 389–402.Google Scholar
- [53] . 2014. Automated verification of group key agreement protocols. In Proceedings of the 35th IEEE Symposium on Security and Privacy (S&P’14), Berkeley, CA, USA, 179–194.Google Scholar
Digital Library
- [54] . 2010. The Poulidor distance-bounding protocol. In Proceedings of the International Workshop on Radio Frequency Identification: Security and Privacy Issues. Springer, 239–257.Google Scholar
Digital Library
Index Terms
So Near and Yet So Far – Symbolic Verification of Distance-Bounding Protocols
Recommendations
Distance Hijacking Attacks on Distance Bounding Protocols
SP '12: Proceedings of the 2012 IEEE Symposium on Security and PrivacyAfter several years of theoretical research on distance bounding protocols, the first implementations of such protocols have recently started to appear. These protocols are typically analyzed with respect to three types of attacks, which are ...
Post-Collusion Security and Distance Bounding
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications SecurityVerification of cryptographic protocols is traditionally built upon the assumption that participants have not revealed their long-term keys. However, in some cases, participants might collude to defeat some security goals, without revealing their long-...
Verification of security protocols with lists: From length one to unbounded length
Security and Trust PrinciplesWe present a novel, simple technique for proving secrecy properties for security protocols that manipulate lists of unbounded length, for an unbounded number of sessions. More specifically, our technique relies on the Horn clause approach used in the ...






Comments