Timed Analysis of RFID Distance Bounding Protocols

Lecture Notes in Computer Science, 2011

Distance-Bounding identification protocols aim at impeding man-in-themiddle attacks by measuring response times. There are three kinds of attacks such protocols could address: (1) Mafia attacks where the adversary relays communication between honest prover and honest verifier in different sessions; (2) Terrorist attacks where the adversary gets limited active support from the prover to impersonate. (3) Distance attacks where a malicious prover claims to be closer to the verifier than it actually is. Many protocols in the literature address one or two such threats, but no rigorous cryptographic security models -nor clean security proofs-exist so far. For resource-constrained RFID tags, distance-bounding is more difficult to achieve. Our contribution here is to formally define security against the above-mentioned attacks and to relate the properties. We thus refute previous beliefs about relations between the notions, showing instead that they are independent. Finally we use our new framework to assess the security of the RFID distance-bounding scheme due to Kim and Avoine, and enhance it to include impersonation security and allow for errors due to noisy channel transmissions.

Journal of Computer …, 2011

Many distance bounding protocols appropriate for the RFID technology have been proposed recently. Unfortunately, they are commonly designed without any formal approach, which leads to inaccurate analyzes and unfair comparisons. Motivated by this need, we introduce a unified framework that aims to improve analysis and design of distance bounding protocols. Our framework includes a thorough terminology about the frauds, adversary, and prover, thus disambiguating many misleading terms. It also explores the adversary's capabilities and strategies, and addresses the impact of the prover's ability to tamper with his device. It thus introduces some new concepts in the distance bounding domain as the black-box and white-box models, and the relation between the frauds with respect to these models. The relevancy and impact of the framework is finally demonstrated on a study case: Munilla-Peinado distance bounding protocol. through the accomplice and the adversary. The communication between the adversary and her accomplice can be set up, for example, using mobile phones. One may argue that the merchant will detect the attack. However, some payment systems are based on the NFC-friendly cellphones and this still facilitates the masquerade because the merchant is not able to see that the cell-phone performs a mafia fraud.

Lecture Notes in Computer Science, 2009

Relay attacks are one of the most challenging threats RFID will have to face in the close future. They consist in making the verifier believe that the prover is in its close vicinity by surreptitiously forwarding the signal between the verifier and an out-of-field prover. Distance bounding protocols represent a promising way to thwart relay attacks, by measuring the round trip time of short authenticated messages. Several such protocols have been designed during the last years but none of them combine all the features one may expect in a RFID system. We introduce in this paper the first solution that compounds in a single protocol all these desirable features. We prove, with respect to the previous protocols, that our proposal is the best one in terms of security, privacy, tag computational overhead, and fault tolerance. We also point out a weakness in Tu and Piramuthu's protocol, which was considered up to now as one of the most efficient distance bounding protocol.

2014

Many security protocols rely on the assumptions on the physical properties in which its protocol sessions will be carried out. For instance, Distance Bounding Protocols take into account the round trip time of messages and the transmission velocity to infer an upper bound of the distance between two agents. We classify such security protocols as cyber-physical. The key elements of such protocols are the use of cryptographic keys, nonces and time. This paper investigates timed models for the verification of such protocols. Firstly, we introduce a multiset rewriting framework with continuous time and fresh values. We demonstrate that in this framework one can specify distance bounding protocols and intruder models for cyberphysical security protocols that take into account the physical properties of the environment. We then investigate how the models with continuous time relate to models with discrete time in protocol verification and show that there is a difference between these mode...

2011

2010

In this paper, we classify the RFID distance bounding protocols having bitwise fast phases and no final signature. We also give the theoretical security bounds for two specific classes, leaving the security bounds for the general case as an open problem. As for the classification, we introduce the notion of k-previous challenge dependent (k-PCD) protocols where each response bit depends on the current and k-previous challenges and there is no final signature. We treat the case k = 0, which means each response bit depends only on the current challenge, as a special case and define such protocols as current challenge dependent (CCD) protocols. In general, we construct a trade-off curve between the security levels of mafia and distance frauds by introducing two generic attack algorithms. This leads to the conclusion that CCD protocols cannot attain the ideal security against distance fraud, i.e. 1/2, for each challenge-response bit, without totally losing the security against mafia fraud. We extend the generic attacks to 1-PCD protocols and obtain a trade-off curve for 1-PCD protocols pointing out that 1-PCD protocols can provide better security than CCD protocols. Thereby, we propose a natural extension of a CCD protocol to a 1-PCD protocol in order to improve its security. As a study case, we give two natural extensions of Hancke and Kuhn protocol to show how to enhance the security against either mafia fraud or distance fraud without extra cost.

2012 9th International ISC Conference on Information Security and Cryptology, 2012

Distance bounding protocols are launched based upon the round trip time measurements of the carried out messages to defend RFID systems against the relay attack. In such protocols, the reader authenticates tags and also estimates an upper bound for the physical distance between the tag and itself. Distance bounding protocols are vulnerable to mafia fraud and distance fraud attacks. In this paper, a new distance bounding protocol is proposed based on mutual utilization of binary predefined and random challenges. Moreover, this protocol is analyzed to compute the attacker's success probability due to mafia fraud and distance fraud attacks. In this case, the analysis and simulation results show that the proposed protocol obtains the desirable attackers' success probabilities, with minimum system memory requirement and minimum number of rounds compared with other distance bounding protocols employed by RFID systems.

Arxiv preprint arXiv:1004.1237, 2010

Almost all existing RFID authentication schemes (tag/reader) are vulnerable to relay attacks, because of their inability to estimate the distance to the tag. These attacks are very serious since it can be mounted without the notice of neither the reader nor the tag and cannot be prevented by cryptographic protocols that operate at the application layer. Distance bounding protocols represent a promising way to thwart relay attacks, by measuring the round trip time of short authenticated messages. All the existing distance bounding protocols use random number generator and hash functions at the tag side which make them inapplicable at low cost RFID tags. This paper proposes a lightweight distance bound protocol for low cost RFID tags. The proposed protocol based on modified version of Gossamer mutual authentication protocol. The implementation of the proposed protocol meets the limited abilities of l RFID tags.

Journal of Chinese Religions, 2015

Chan 禪Buddhism’s rise to popularity in the Song dynasty produced far-reaching effects within Chinese religious culture. This paper examines the ways in which doctrinal, literary, and mythological elements, drawn from Chan sources, were utilized within literary works associated with internal alchemy (neidan 內丹), a form of Daoist self-cultivation that emerged in the late Tang and became increasingly widespread during the Song. I examine the works of the influential neidan practitioner Zhang Boduan 張伯端, who wrote favorably of Chan Buddhism and incorporated elements of its practice within his own tradition. Following this, I turn to an analysis of the writings of other authors and commentators within Zhang’s tradition. These authors held more critical views of Chan and of Buddhism in general; drawing upon long-standing polemical arguments, they attempted to present Chan as an inferior form of Daoist practice and claimed that well-known Chan practitioners were, in fact, engaged in neidan practice. With this study, I hope to contribute to the growing body of scholarship focused on the analysis of Buddho-Daoist relations and polemics in the Song period.

Có nhiều bạn inbox hỏi mình rằng "Mình học xong quyển ABC, xong luôn bộ XYZ, cũng luyện xong bộ QWT rồi luôn nữa... thì mình sẽ thi được bao nhiêu điểm?". Thật tình mà nói, rất khó để xác định được bạn sẽ được bao nhiêu điểm sau khi bạn đã ôn nhiều bộ sách. Người duy nhất đánh giá được năng lực, khả năng tiếng anh của bạn chính là bản thân bạn. Điểm số trong bài thi Toeic hay ngay cả những bài thi mang tính chất học thuật hơn như Ielts hay Toefl cũng chỉ mang tính chất tương đối chứ không thể xác định một cách chính xác được.