针对RČ距离绑定协议的黑手党欺诈攻击

2012 IEEE International Conference on RFID-Technologies and Applications (RFID-TA) Pub Date : 2012-11-01 DOI:10.1109/RFID-TA.2012.6404571

Aikaterini Mitrokotsa, Cristina Onete, S. Vaudenay

{"title":"针对RČ距离绑定协议的黑手党欺诈攻击","authors":"Aikaterini Mitrokotsa, Cristina Onete, S. Vaudenay","doi":"10.1109/RFID-TA.2012.6404571","DOIUrl":null,"url":null,"abstract":"At ACM CCS 2008, Rasmussen and Čapkun introduced a distance-bounding protocol [22] (henceforth RČ protocol) where the prover and verifier use simultaneous transmissions and the verifier counts the delay between sending a challenge (starting with a hidden marker) and receiving the response. Thus, the verifier is able to compute an upper bound on the distance separating it and the prover. Distance bounding protocols should resist to the most classical types of attacks such as distance fraud and mafia fraud. In mafia fraud, a man-in-the-middle adversary attempts to prove to a legitimate verifier that the prover is in the verifier's proximity, even though the prover is in reality far away and does not wish to run the protocol. The RČ protocol was only claiming to resist distance fraud attacks. In this paper, we show a concrete mafia fraud attack against the RČ protocol, which relies on replaying the prover nonce which was used in a previous session between a legitimate prover and the verifier. This attack has a large probability of success. We propose a new protocol called LPDB that is not vulnerable to the presented attack. It offers state-of-the-art security in addition to the notion of location privacy achieved by the RČ protocol.","PeriodicalId":232862,"journal":{"name":"2012 IEEE International Conference on RFID-Technologies and Applications (RFID-TA)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"28","resultStr":"{\"title\":\"Mafia fraud attack against the RČ Distance-Bounding Protocol\",\"authors\":\"Aikaterini Mitrokotsa, Cristina Onete, S. Vaudenay\",\"doi\":\"10.1109/RFID-TA.2012.6404571\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"At ACM CCS 2008, Rasmussen and Čapkun introduced a distance-bounding protocol [22] (henceforth RČ protocol) where the prover and verifier use simultaneous transmissions and the verifier counts the delay between sending a challenge (starting with a hidden marker) and receiving the response. Thus, the verifier is able to compute an upper bound on the distance separating it and the prover. Distance bounding protocols should resist to the most classical types of attacks such as distance fraud and mafia fraud. In mafia fraud, a man-in-the-middle adversary attempts to prove to a legitimate verifier that the prover is in the verifier's proximity, even though the prover is in reality far away and does not wish to run the protocol. The RČ protocol was only claiming to resist distance fraud attacks. In this paper, we show a concrete mafia fraud attack against the RČ protocol, which relies on replaying the prover nonce which was used in a previous session between a legitimate prover and the verifier. This attack has a large probability of success. We propose a new protocol called LPDB that is not vulnerable to the presented attack. It offers state-of-the-art security in addition to the notion of location privacy achieved by the RČ protocol.\",\"PeriodicalId\":232862,\"journal\":{\"name\":\"2012 IEEE International Conference on RFID-Technologies and Applications (RFID-TA)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"28\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 IEEE International Conference on RFID-Technologies and Applications (RFID-TA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/RFID-TA.2012.6404571\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE International Conference on RFID-Technologies and Applications (RFID-TA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RFID-TA.2012.6404571","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 28

摘要

在ACM CCS 2008上，Rasmussen和Čapkun引入了一个距离边界协议[22](以下简称RČ协议)，其中证明者和验证者使用同步传输，验证者计算发送挑战(从隐藏标记开始)和接收响应之间的延迟。因此，验证者能够计算出它与证明者之间距离的上界。距离边界协议应该抵御最经典的攻击类型，如距离欺诈和黑手党欺诈。在黑手党欺诈中，中间人试图向合法的验证者证明证明者在验证者附近，即使证明者实际上离得很远，并且不希望运行协议。RČ协议只是声称可以抵抗远程欺诈攻击。在本文中，我们展示了针对RČ协议的具体黑手党欺诈攻击，该攻击依赖于重播在合法证明者和验证者之间的前一次会话中使用的证明者nonce。这次攻击成功的可能性很大。我们提出了一种名为ldb的新协议，该协议不容易受到所提出的攻击。除了通过RČ协议实现位置隐私的概念之外，它还提供了最先进的安全性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Mafia fraud attack against the RČ Distance-Bounding Protocol

At ACM CCS 2008, Rasmussen and Čapkun introduced a distance-bounding protocol [22] (henceforth RČ protocol) where the prover and verifier use simultaneous transmissions and the verifier counts the delay between sending a challenge (starting with a hidden marker) and receiving the response. Thus, the verifier is able to compute an upper bound on the distance separating it and the prover. Distance bounding protocols should resist to the most classical types of attacks such as distance fraud and mafia fraud. In mafia fraud, a man-in-the-middle adversary attempts to prove to a legitimate verifier that the prover is in the verifier's proximity, even though the prover is in reality far away and does not wish to run the protocol. The RČ protocol was only claiming to resist distance fraud attacks. In this paper, we show a concrete mafia fraud attack against the RČ protocol, which relies on replaying the prover nonce which was used in a previous session between a legitimate prover and the verifier. This attack has a large probability of success. We propose a new protocol called LPDB that is not vulnerable to the presented attack. It offers state-of-the-art security in addition to the notion of location privacy achieved by the RČ protocol.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2012 IEEE International Conference on RFID-Technologies and Applications (RFID-TA)

自引率

0.00%

发文量