skip to main content
research-article

So Near and Yet So Far – Symbolic Verification of Distance-Bounding Protocols

Published:01 July 2022Publication History
Skip Abstract Section

Abstract

The continuous adoption of Near Field Communication (NFC) tags offers many new applications whose security is essential (e.g., contactless payments). In order to prevent flaws and attacks, we develop in this article a framework allowing us to analyse the underlying security protocols, taking into account the location of the agents and the transmission delay when exchanging messages. We propose two reduction results to render automatic verification possible relying on the existing verification tool ProVerif. Our first result allows one to consider a unique topology to catch all possible attacks. The second result simplifies the security analysis when considering Terrorist fraud. Then, based on these results, we perform a comprehensive case study analysis (27 protocols), in which we obtain new proofs of security for some protocols and detect attacks on some others.

REFERENCES

  1. [1] Abadi M. and Fournet C.. 2001. Mobile values, new names, and secure communication. In Proceedings of the 28th Symposium on Principles of Programming Languages (POPL’01). ACM Press, London, UK, 104115.Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. [2] Vaudenay Gildas Avoine, Muhammed Ali Bingöl, Ioana Boureanu, Srdjan Capkun, Gerhard P. Hancke, Süleyman Kardas, Chong Hee Kim, Cédric Lauradoux, Benjamin Martin, Jorge Munilla, Alberto Peinado, Kasper Bonne Rasmussen, Dave Singelée, Aslan Tchamkerten, Rolando Trujillo-Rasua, and Serge. 2019. Security of distance-bounding: A survey. Comput. Surveys 51, 5 (2019), 94:1–94:33.Google ScholarGoogle Scholar
  3. [3] Avoine G., Bingöl M. Ali, Kardas S., Lauradoux C., and Martin B.. 2011. A framework for analyzing RFID distance bounding protocols. Journal of Computer Security 19, 2 (2011), 289317.Google ScholarGoogle ScholarCross RefCross Ref
  4. [4] Avoine G., Bultel X., Gambs S., Gérault D., Lafourcade P., Onete C., and Robert J.-M.. 2017. A terrorist-fraud resistant and extractor-free anonymous distance-bounding protocol. In Proceedings of the 12th ACM Asia Conference on Computer and Communications Security (AsiaCCS’17). ACM Press, Abu Dhabi, United Arab Emirates, 800814.Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. [5] Avoine G. and Tchamkerten A.. 2009. An efficient distance bounding RFID authentication protocol: Balancing false-acceptance rate and memory requirement. In Proceedings of the 12th International Conference on Information Security (ISC’09), vol. 5735. Springer, Pisa, Italy. 250261.Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. [6] Basin D., Capkun S., Schaller P., and Schmidt B.. 2011. Formal reasoning about physical properties of security protocols. ACM Transactions on Information and System Security 14, 2 (2011), 16.Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. [7] Basin D., Dreier J., Hirschi L., Radomirovic S., Sasse R., and Stettler V.. 2018. A formal analysis of 5G authentication. In Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS’18) ACM, Toronto, ON, Canada, 13831396.Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. [8] Bhargavan K., Blanchet B., and Kobeissi N.. 2017. Verified models and reference implementations for the TLS 1.3 Standard Candidate. In Proceedings of the 38th IEEE Symposium on Security and Privacy (S&P’17). IEEE Computer Society, San Jose, CA, USA, 483503.Google ScholarGoogle ScholarCross RefCross Ref
  9. [9] Blanchet B.. 2001. An efficient cryptographic protocol verifier based on Prolog rules. In Proceedings of the 4th IEEE Computer Security Foundations Workshop (CSFW’01). IEEE Computer Society, Cape Breton, Nova Scotia, Canada, 8296.Google ScholarGoogle ScholarCross RefCross Ref
  10. [10] Blanchet B.. 2016. Modeling and verifying security protocols with the applied pi calculus and ProVerif. Foundations and Trends in Privacy and Security 1, 1–2 (2016), 1135.Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. [11] Blanchet B.. 2017. Symbolic and computational mechanized verification of the ARINC823 avionic protocols. In Proceedings of the 30th IEEE Computer Security Foundations Symposium (CSF’17). IEEE Computer Society. 6882.Google ScholarGoogle ScholarCross RefCross Ref
  12. [12] Boureanu I., Chothia T., Debant A., and Delaune S.. 2020. Security analysis and implementation of relay-resistant contactless payments. In Proceedings of the 27th ACM Conference on Computer and Communications Security (CCS’20). AC. 879898.Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. [13] Boureanu I., Mitrokotsa A., and Vaudenay S.. 2013. Secure and lightweight distance-bounding. In Proceedings of the 2nd International Workshop on Lightweight Cryptography for Security and Privacy (LightSec’13),Lecture Notes in Computer Science, Vol. 8162. Springer, Berlin, 97–113.Google ScholarGoogle ScholarCross RefCross Ref
  14. [14] Brands S. and Chaum D.. 1993. Distance-bounding protocols. In Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques (EUROCRYPT’93). Springer, Lofthus, Norway, 344359.Google ScholarGoogle Scholar
  15. [15] Bultel X., Gambs S., Gérault D., Lafourcade P., Onete C., and Robert J.-M.. 2016. A prover-anonymous and terrorist-fraud resistant distance-bounding protocol. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks (WISEC’16). ACM Press, Darmstadt, Germany, 121133.Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. [16] Čapkun S., Buttyán L., and Hubaux J.-P.. 2003. SECTOR: Secure tracking of node encounters in multi-hop wireless networks. In Proceedings of the 1st ACM Workshop on Security of Ad Hoc and Sensor Networks. ACM, Fairfax, Virginia, 2132.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. [17] Chadha R., Sistla A. Prasad, and Viswanathan M.. 2017. Verification of randomized security protocols. In Proceedings of the 32nd Annual IEEE Symposium on Logic in Computer Science (LICS’17). IEEE, Reykjavik, Iceland, 112.Google ScholarGoogle ScholarCross RefCross Ref
  18. [18] Chothia T., Ruiter J. de, and Smyth B.. 2018. Modelling and analysis of a hierarchy of distance bounding attacks. In Proceedings of the 27th USENIX Security Symposium (USENIX’18). USENIX Association, Baltimore, MD, USA, 1563–1580.Google ScholarGoogle Scholar
  19. [19] Chothia T., Garcia F. D., Ruiter J. de, Breekel J. van den, and Thompson M.. 2015. Relay cost bounding for contactless EMV payments. In Proceedings of the 19th International Conference on Financial Cryptography and Data Security (FC’15)Lecture Notes in Computer Science, Vol. 8975, Springer, Berlin, 189–206.Google ScholarGoogle ScholarCross RefCross Ref
  20. [20] Cortier V., Filipiak A., and Lallemand J.. 2019. BeleniosVS: Secrecy and verifiability against a corrupted voting device. In Proceedings of the 32nd Computer Security Foundations Symposium (CSF’19). Hoboken, NJ, USA. 367381.Google ScholarGoogle ScholarCross RefCross Ref
  21. [21] Cortier V., Galindo D., and Turuani M.. 2018. A formal analysis of the Neuchâtel e-voting protocol. In Proceedings of the 3rd IEEE European Symposium on Security and Privacy (EuroS&P’18). London, United Kingdom. 430442.Google ScholarGoogle ScholarCross RefCross Ref
  22. [22] Cremers C., Rasmussen K., Schmidt B., and Capkun S.. 2012. Distance hijacking attacks on distance bounding protocols. In Proceedings of the 33rd IEEE Symposium on Security and Privacy (S&P’12). San Francisco, California, USA, 113127.Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. [23] Debant A. and Delaune S.. 2019. Symbolic verification of distance bounding protocols. In Proceedings of the 8th International Conference on Principles of Security and Trust (POST’19),Lecture Notes in Computer Science, Vol. 11426. Springer, Prague, Czech Republic, 149–174.Google ScholarGoogle ScholarCross RefCross Ref
  24. [24] Debant A., Delaune S., and Wiedling. C.2020. So near and yet so far - Symbolic verification of distance-bounding protocols. Research Report. Univ Rennes, CNRS, IRISA, France. Retrieved December 21, 2021 from https://hal.inria.fr/hal-02965322.Google ScholarGoogle Scholar
  25. [25] Debant A., Delaune S., and Wiedling C.. 2018. A symbolic framework to analyse physical proximity in security protocols. In Proceedings of the 38th IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS’18) (LIPIcs), Vol. 122. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik.Google ScholarGoogle Scholar
  26. [26] Debant A., Delaune S., and Wiedling C.. 2019. Symbolic analysis of terrorist fraud resistance. In Proceedings of the 24th European Symposium on Research in Computer Security (ESORICS’19),Lecture Notes in Computer Science, Vol. 11735. Springer, Berlin, 383–403.Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. [27] Desmedt Y.. Major security problems with the ‘unforgeable’ (Feige)-Fiat-Shamir proofs of identity and how to overcome them. In Proceedings of SECURICOM’88.Google ScholarGoogle Scholar
  28. [28] Desmedt Y., Goutier C., and Bengio S.. 1987. Special uses and abuses of the Fiat-Shamir passport protocol. In Proceedings of the 7th Conference on the Theory and Applications of Cryptographic Techniques (CRYPTO’87). Springer, Santa Barbara, California, 2139.Google ScholarGoogle Scholar
  29. [29] Dolev D. and Yao A. C.. 1981. On the security of public key protocols. In Proceedings of the 22nd Symposium on Foundations of Computer Science (FOCS’81). IEEE Computer Society, Nashville, Tennessee, USA. 350357.Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. [30] Dreier J., Hirschi L., Radomirovic S., and Sasse R.. 2018. Automated unbounded verification of stateful cryptographic protocols with exclusive OR. In Proceedings of the 31st IEEE Computer Security Foundations Symposium (CSF’18). IEEE Computer Society, Oxford, United Kingdom, 359–373.Google ScholarGoogle ScholarCross RefCross Ref
  31. [31] Drimer S., Murdoch S. J., et al. 2007. Keep your enemies close: Distance bounding against smartcard relay attacks. In Proceedings of the 16th USENIX Security Symposium (USENIX’07), Vol. 312. USENIX Association, Boston, MA, USA.Google ScholarGoogle Scholar
  32. [32] Dürholz Ulrich, Fischlin Marc, Kasper Michael, and Onete Cristina. 2011. A formal approach to distance-bounding RFID protocols. In Proceedings of the 14th International Conference on Information Security (ISC’11),Lecture Notes in Computer Science, Vol. 7001. Springer, Berlin, 47–62.Google ScholarGoogle ScholarCross RefCross Ref
  33. [33] EMVCo.2016. EMV Contactless Specifications for Payment Systems, version 2.6. (2016).Google ScholarGoogle Scholar
  34. [34] Fischlin M. and Onete C.. 2013. Subtle kinks in distance-bounding: An analysis of prominent protocols. In Proceedings of the 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks. 195206.Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. [35] Francillon A., Danev B., and Capkun S.. 2011. Relay attacks on passive keyless entry and start systems in modern cars. In Proceedings of the Network and Distributed System Security Symposium (NDSS’11). The Internet Society.Google ScholarGoogle Scholar
  36. [36] Gérault D.. 2018. Security Analysis of Contactless Communication Protocols. Ph.D. Dissertation. Université Clermont Auvergne.Google ScholarGoogle Scholar
  37. [37] Girol G., Hirschi L., Sasse R., Jackson D., Cremers C., and Basin D.. 2020. A spectral analysis of noise: A comprehensive, automated, formal analysis of Diffie-Hellman protocols. In Proceedings of the 29th USENIX Security Symposium (USENIX’20). USENIX Association, 1857–1874.Google ScholarGoogle Scholar
  38. [38] Hirschi L. and Cremers C.. 2019. Improving automated symbolic analysis of ballot secrecy for e-voting protocols: A method based on sufficient conditions. In Proceedings of the 4th IEEE European Symposium on Security and Privacy (EuroS&P’19). IEEE, Stockholm, Sweden, 635650.Google ScholarGoogle ScholarCross RefCross Ref
  39. [39] Janssens P.. 2017. Proximity check for communication devices. (Oct. 31, 2017). US Patent 9,805,228.Google ScholarGoogle Scholar
  40. [40] Kilinç H. and Vaudenay S.. 2016. Efficient public-key distance bounding protocol. In Proceedings of the 22nd International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT’16), Lecture Notes in Computer Science, Vol. 10032. Springer, Berlin, 873–901.Google ScholarGoogle Scholar
  41. [41] Kim Chong Hee, Avoine G., Koeune F., Standaert F.-X., and Pereira O.. 2008. The Swiss-Knife RFID distance bounding protocol. In Proceedings of the 11th International Conference on Information Security and Cryptology (ICISC’08), Lecture Notes in Computer Science., Vol. 5461. Springer, Berlin, 98–115.Google ScholarGoogle Scholar
  42. [42] Kobeissi N., Bhargavan K., and Blanchet B.. 2017. Automated verification for secure messaging protocols and their implementations: A symbolic and computational approach. In Proceedings of the 2nd IEEE European Symposium on Security and Privacy (EuroS&P’17). 435450.Google ScholarGoogle ScholarCross RefCross Ref
  43. [43] Mauw S., Smith Z., Toro-Pozo J., and Trujillo-Rasua R.. 2018. Distance-bounding protocols: Verification without time and location. In Proceedings of the 39th IEEE Symposium on Security and Privacy (S&P’18). 152169.Google ScholarGoogle ScholarCross RefCross Ref
  44. [44] Mauw S., Smith Z., Toro-Pozo J., and Trujillo-Rasua R.. 2019. Post-collusion security and distance bounding. In Proceedings of the 26th ACM Conference on Computer and Communications Security (CCS’19). ACM, London, UK, 941958.Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. [45] Mauw S., Toro-Pozo J., and Trujillo-Rasua R.. 2016. A class of precomputation-based distance-bounding protocols. In Proceedings of the 1st IEEE European Symposium on Security and Privacy (EuroS&P’16). IEEE, Saarbrücken, Germany, 97–111.Google ScholarGoogle ScholarCross RefCross Ref
  46. [46] Meadows C., Poovendran R., Pavlovic D., Chang L., and Syverson P.. 2007. Distance bounding protocols: Authentication logic analysis and collusion attacks. In Proceedings of the Secure Localization and Time Synchronization for Wireless Sensor and Ad Hoc Networks. Springer, 279298.Google ScholarGoogle ScholarCross RefCross Ref
  47. [47] Meier S., Schmidt B., Cremers C., and Basin D.. 2013. The Tamarin prover for the symbolic analysis of security protocols. In Proceedings of the 25th International Conference on Computer Aided Verification (CAV’13), Lecture Notes in Computer Science, Vol. 8044. Springer, Berlin, 696–701.Google ScholarGoogle ScholarCross RefCross Ref
  48. [48] Mitchell J., Scedrov A., Durgin N., and Lincoln P.. 1999. Undecidability of bounded security protocols. In Proceedings of the Workshop on Formal Methods and Security Protocols.Google ScholarGoogle Scholar
  49. [49] Munilla J. and Peinado A.. 2008. Distance bounding protocols for RFID enhanced by using void-challenges and analysis in noisy channels. Wireless Communications and Mobile Computing 8, 9 (2008), 12271232.Google ScholarGoogle ScholarCross RefCross Ref
  50. [50] Nigam V., Talcott C., and Urquiza A. A.. 2016. Towards the automated verification of cyber-physical security protocols: Bounding the number of timed intruders. In Proceedings of the 21st European Symposium on Research in Computer Security (ESORICS’16), Vol. 9879. Springer, Heraklion, Greece. 450470.Google ScholarGoogle ScholarCross RefCross Ref
  51. [51] Nipkow T., Paulson L. C., and Wenzel M.. 2002. Isabelle/HOL: A proof assistant for higher-order logic. Vol. 2283. Springer Science & Business Media.Google ScholarGoogle ScholarCross RefCross Ref
  52. [52] Rasmussen K. B. and Capkun S.. 2010. Realization of RF distance bounding. In Proceedings of the 19th USENIX Security Symposium (USENIX’10). 389402.Google ScholarGoogle Scholar
  53. [53] Schmidt B., Sasse R., Cremers C., and Basin D.. 2014. Automated verification of group key agreement protocols. In Proceedings of the 35th IEEE Symposium on Security and Privacy (S&P’14), Berkeley, CA, USA, 179194.Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. [54] Trujillo-Rasua R., Martin B., and Avoine G.. 2010. The Poulidor distance-bounding protocol. In Proceedings of the International Workshop on Radio Frequency Identification: Security and Privacy Issues. Springer, 239257.Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. So Near and Yet So Far – Symbolic Verification of Distance-Bounding Protocols

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM Transactions on Privacy and Security
      ACM Transactions on Privacy and Security  Volume 25, Issue 2
      May 2022
      263 pages
      ISSN:2471-2566
      EISSN:2471-2574
      DOI:10.1145/3505216
      Issue’s Table of Contents

      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 1 July 2022
      • Accepted: 1 November 2021
      • Revised: 1 October 2021
      • Received: 1 October 2020
      Published in tops Volume 25, Issue 2

      Permissions

      Request permissions about this article.

      Request Permissions

      Check for updates

      Qualifiers

      • research-article
      • Refereed
    • Article Metrics

      • Downloads (Last 12 months)76
      • Downloads (Last 6 weeks)11

      Other Metrics

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Full Text

    View this article in Full Text.

    View Full Text

    HTML Format

    View this article in HTML Format .

    View HTML Format
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!