a class of precomputation based distance bounding
play

A class of precomputation-based distance-bounding protocols Jorge - PowerPoint PPT Presentation

Nov 28, 2022 •130 likes •685 views

Introduction Lookup-based protocols Properties and security analysis Conclusions A class of precomputation-based distance-bounding protocols Jorge Toro-Pozo University of Luxembourg (joint work with Sjouke Mauw and Rolando Trujillo-Rasua,

  1. Introduction Lookup-based protocols Properties and security analysis Conclusions A class of precomputation-based distance-bounding protocols Jorge Toro-Pozo University of Luxembourg (joint work with Sjouke Mauw and Rolando Trujillo-Rasua, to appear at Euro S&P 2016) Nancy, France. March 16, 2016 Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  2. Introduction Lookup-based protocols Properties and security analysis Conclusions Relay attack: how to beat a grand master White Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  3. Introduction Lookup-based protocols Properties and security analysis Conclusions Relay attack: how to beat a grand master White Black Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  4. Introduction Lookup-based protocols Properties and security analysis Conclusions Relay attack: how to beat a grand master White Black d4 Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  5. Introduction Lookup-based protocols Properties and security analysis Conclusions Relay attack: how to beat a grand master White Black d4 d4 Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  6. Introduction Lookup-based protocols Properties and security analysis Conclusions Relay attack: how to beat a grand master White Black d4 d4 d5 Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  7. Introduction Lookup-based protocols Properties and security analysis Conclusions Relay attack: how to beat a grand master White Black d4 d4 d5 d5 Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  8. Introduction Lookup-based protocols Properties and security analysis Conclusions Relay attack: how to beat a grand master White Black d4 d4 d5 d5 Definition (Relay attack) A relay attack is a man-in-the-middle attack where the adversary manipulates the communication by only relaying the verbatim messages between reader and the tag. Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  9. Introduction Lookup-based protocols Properties and security analysis Conclusions Relay attack: how to beat a grand master White Black d4 d4 d5 d5 Definition (Relay attack) A relay attack is a man-in-the-middle attack where the adversary manipulates the communication by only relaying the verbatim messages between reader and the tag. Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  10. Introduction Lookup-based protocols Properties and security analysis Conclusions Solution: distance bounding protocols Definition (Distance Bounding) A distance bounding protocol is an authentication protocol that in addition checks the distance between tag and reader. The computed distance is an upper-bound on their actual distance. Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  11. Introduction Lookup-based protocols Properties and security analysis Conclusions Radio Frequency Identification - RFID Communication is contactless. Line-of-sight is not necessary. Messages are broadcast. Limited resources (memory, processor speed, energy, interaction time). Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  12. Introduction Lookup-based protocols Properties and security analysis Conclusions Radio Frequency Identification - RFID Communication is contactless. Line-of-sight is not necessary. Messages are broadcast. Limited resources (memory, processor speed, energy, interaction time). Tags respond to the reader’s requests without explicit agreement of their holder Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  13. Introduction Lookup-based protocols Properties and security analysis Conclusions Radio Frequency Identification - RFID Communication is contactless. Line-of-sight is not necessary. Messages are broadcast. Limited resources (memory, processor speed, energy, interaction time). Tags respond to the reader’s requests without explicit agreement of their holder Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  14. Introduction Lookup-based protocols Properties and security analysis Conclusions Distance bounding protocols are vulnerable Mafia-fraud attacks ... and also to other attacks, e.g. distance fraud terrorist fraud distance hijacking Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  15. Introduction Lookup-based protocols Properties and security analysis Conclusions Distance bounding protocols are vulnerable Mafia-fraud attacks ... and also to other attacks, e.g. distance fraud terrorist fraud distance hijacking Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  16. Introduction Lookup-based protocols Properties and security analysis Conclusions A few distance bounding protocols Brands and Chaum (Fiat-Shamir) Brands and Chaum (Schnorr) Brands and Chaum (signature) Bussard and Bagga CRCS Hancke and Kuhn Hitomi KA2 Kuhn, Luecken, Tippenhauer MAD Meadows et al. for F ( · · · ) = � NV , NP ⊕ P � Munilla and Peinado Noise resilient MAD Poulidor Reid et al. Swiss-Knife Tree WSBC+DB WSBC+DB Noent Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  17. Introduction Lookup-based protocols Properties and security analysis Conclusions Many of them have been broken Brands and Chaum (Fiat-Shamir) Brands and Chaum (Schnorr) Brands and Chaum (signature) Bussard and Bagga CRCS Hancke and Kuhn Hitomi KA2 Kuhn, Luecken, Tippenhauer MAD Meadows et al. for F ( · · · ) = � NV , NP ⊕ P � Munilla and Peinado Noise resilient MAD Poulidor Reid et al. Swiss-Knife Tree WSBC+DB WSBC+DB Noent Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  18. Introduction Lookup-based protocols Properties and security analysis Conclusions Some common principles Are composed by two phases: Slow phase: generation of random values, exchange of parameters, preparation of data structures. Fast phase: 1-bit messages, tag performs at most lookup/and/xor/. . . ; repeat this n times. Need very short processing time at the tag (otherwise the adversary could overclock the tag). Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  19. Introduction Lookup-based protocols Properties and security analysis Conclusions Some common principles Are composed by two phases: Slow phase: generation of random values, exchange of parameters, preparation of data structures. Fast phase: 1-bit messages, tag performs at most lookup/and/xor/. . . ; repeat this n times. Need very short processing time at the tag (otherwise the adversary could overclock the tag). Perform the authentication during the fast phase. Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  20. Introduction Lookup-based protocols Properties and security analysis Conclusions Some common principles Are composed by two phases: Slow phase: generation of random values, exchange of parameters, preparation of data structures. Fast phase: 1-bit messages, tag performs at most lookup/and/xor/. . . ; repeat this n times. Need very short processing time at the tag (otherwise the adversary could overclock the tag). Perform the authentication during the fast phase. Do not have a final slow phase. Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  21. Introduction Lookup-based protocols Properties and security analysis Conclusions Some common principles Are composed by two phases: Slow phase: generation of random values, exchange of parameters, preparation of data structures. Fast phase: 1-bit messages, tag performs at most lookup/and/xor/. . . ; repeat this n times. Need very short processing time at the tag (otherwise the adversary could overclock the tag). Perform the authentication during the fast phase. Do not have a final slow phase. We call them Lookup-based protocols Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  22. Introduction Lookup-based protocols Properties and security analysis Conclusions Some common principles Are composed by two phases: Slow phase: generation of random values, exchange of parameters, preparation of data structures. Fast phase: 1-bit messages, tag performs at most lookup/and/xor/. . . ; repeat this n times. Need very short processing time at the tag (otherwise the adversary could overclock the tag). Perform the authentication during the fast phase. Do not have a final slow phase. We call them Lookup-based protocols Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

On the Need for Provably Secure Distance Bounding Serge Vaudenay COLE POLYTECHNIQUE

On the Need for Provably Secure Distance Bounding Serge Vaudenay COLE POLYTECHNIQUE

On the Need for Provably Secure Distance Bounding Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE LAUSANNE http://lasec.epfl.ch/ SV 2012 distance bounding CIoT 2012 1 / 39 Introduction to Distance-Bounding 1 Some Insecurity Case

600 views • 39 slides
Towards Secure Distance Bounding Ioana Boureanu, Katerina Mitrokotsa, Serge Vaudenay COLE

Towards Secure Distance Bounding Ioana Boureanu, Katerina Mitrokotsa, Serge Vaudenay COLE

Towards Secure Distance Bounding Ioana Boureanu, Katerina Mitrokotsa, Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE LAUSANNE http://lasec.epfl.ch/ SV 2013 distance bounding FSE 2013 1 / 48 1 Why Distance-Bounding? Towards a Secure

663 views • 48 slides
An optimal distance-bounding protocol Rolando Trujillo-Rasua University of luxembourg (joint

An optimal distance-bounding protocol Rolando Trujillo-Rasua University of luxembourg (joint

An optimal distance-bounding protocol Rolando Trujillo-Rasua University of luxembourg (joint work with Sjouke Mauw and Jorge Toro-Pozo) Euro S&P and RFIDSec, 2016 Distance Bounding protocols 1 Beating a grand master: is this a relay

926 views • 67 slides
Distance Bounding for RFID Prof. Gildas Avoine Universit e catholique de Louvain, Belgium

Distance Bounding for RFID Prof. Gildas Avoine Universit e catholique de Louvain, Belgium

Distance Bounding for RFID Prof. Gildas Avoine Universit e catholique de Louvain, Belgium Information Security Group SUMMARY Relay Attacks Distance Bounding Protocols Discussion RELAY ATTACKS Relay Attacks Distance Bounding Protocols

330 views • 28 slides
Markov Chains and Coupling In this class we will consider the problem of bounding the time taken

Markov Chains and Coupling In this class we will consider the problem of bounding the time taken

Markov Chains and Coupling In this class we will consider the problem of bounding the time taken by a Markov chain to reach the stationary distribution. We will do so using the coupling technique , which helps bound the distance between two

315 views • 4 slides
Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine Universit e catholique de Louvain, Belgium Information Security Group SUMMARY RFID Background Relay Attacks Distance Bounding Protocols Conclusion

666 views • 53 slides
Relay Attacks and Distance Bounding Protocols Gildas Avoine Universit e catholique de Louvain,

Relay Attacks and Distance Bounding Protocols Gildas Avoine Universit e catholique de Louvain,

Relay Attacks and Distance Bounding Protocols Gildas Avoine Universit e catholique de Louvain, Belgium Workshop on Cryptography for the Internet of Things November 20 21, 2012, Antwerp, Belgium SUMMARY Relay Attacks Distance Bounding

349 views • 21 slides
Distance Hijacking Attacks on Distance Bounding Protocols Cas Cremers ETH Zurich Joint work

Distance Hijacking Attacks on Distance Bounding Protocols Cas Cremers ETH Zurich Joint work

Distance Hijacking Attacks on Distance Bounding Protocols Cas Cremers ETH Zurich Joint work with: Joint work with: Kasper Rasmussen, Benedikt Schmidt, Srdjan Capkun Kasper Rasmussen, Benedikt Schmidt, Srdjan Capkun Distance Bounding 2

370 views • 16 slides
Security Analysis of Distance Bounding Protocols Agnes BRELURUT, Pascal LAFOURCADE, David GERAULT

Security Analysis of Distance Bounding Protocols Agnes BRELURUT, Pascal LAFOURCADE, David GERAULT

Security Analysis of Distance Bounding Protocols Agnes BRELURUT, Pascal LAFOURCADE, David GERAULT LIMOS, Universit dAuvergne, France September 17th 2015 BRELURUT, LAFOURCADE, GERAULT (LIMOS, France) Security Analysis of Distance Bounding

704 views • 42 slides
An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and

An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and

An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and Memory Requirement Gildas Avoine 1 and Aslan Tchamkerten 2 1 Universit e catholique de Louvain, Louvain-la-Neuve, Belgium 2 Telecom ParisTech,

335 views • 31 slides
Accelerating Relative-error Bounded Lossy Compression for HPC datasets with Precomputation-Based

Accelerating Relative-error Bounded Lossy Compression for HPC datasets with Precomputation-Based

Accelerating Relative-error Bounded Lossy Compression for HPC datasets with Precomputation-Based Mechanisms Xiangyu Zou, Tao Lu, Wen Xia, Xuan Wang, Weizhe Zhang, Sheng Di, Dingwen Tao and Franck Cappello Harbin Institute of Technology, Shenzhen

724 views • 22 slides
Symbolic verification of distance bounding protocols Stphanie Delaune Univ Rennes, CNRS,

Symbolic verification of distance bounding protocols Stphanie Delaune Univ Rennes, CNRS,

Symbolic verification of distance bounding protocols Stphanie Delaune Univ Rennes, CNRS, IRISA, France joint work with Alexandre Debant and Cyrille Wiedling 1/29 Security protocols everywhere ! Cryptographic protocols small

1.04k views • 56 slides
Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine Universit e catholique de Louvain, Belgium Information Security Group SUMMARY RFID Background Relay Attacks Countermeasures and Evolved Frauds

633 views • 40 slides
Defeating Relay Attacks in NFC Payments Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE

Defeating Relay Attacks in NFC Payments Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE

Defeating Relay Attacks in NFC Payments Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE LAUSANNE http://lasec.epfl.ch/ SV 2014 distance-bounding SDTA 14 1 / 42 Relay Attacks 1 Distance-Bounding Protocols 2 3 Asymmetric DB Protocols

1.02k views • 42 slides
Architectural Support for Speculative Precomputation Dean Tullsen UCSD on sabbatical at UPC

Architectural Support for Speculative Precomputation Dean Tullsen UCSD on sabbatical at UPC

Architectural Support for Speculative Precomputation Dean Tullsen UCSD on sabbatical at UPC Background -- Three Types of Helper Threads Cache Prefetching Branch Precomputation Other What architectural support you need/want

742 views • 63 slides
Selective Restructuring of Bo nding Vol me Hierarchies for Bounding Volume Hierarchies for

Selective Restructuring of Bo nding Vol me Hierarchies for Bounding Volume Hierarchies for

Selective Restructuring of Bo nding Vol me Hierarchies for Bounding Volume Hierarchies for Dynamic Models y Sung-Eui Yoon KAIST (Korea Advanced Institute of Science and Technology) and Technology) At Previous Class At Previous Class

471 views • 34 slides
Integration of Textural and Material Information Into Existing BIM Using IR Sensing A research

Integration of Textural and Material Information Into Existing BIM Using IR Sensing A research

Integration of Textural and Material Information Into Existing BIM Using IR Sensing A research by: Asem Zabin Baha Khalil Asem Zabin Senior BIM Engineer at iTech Management Consultancy Master of Science in Civil Engineering (MSCE)

591 views • 35 slides
ASSET MANAGEMENT DRIVING DELIVERY THROUGH OPTIMISATION & EFFICIENCY PENNONS APPROACH

ASSET MANAGEMENT DRIVING DELIVERY THROUGH OPTIMISATION & EFFICIENCY PENNONS APPROACH

ASSET MANAGEMENT DRIVING DELIVERY THROUGH OPTIMISATION & EFFICIENCY PENNONS APPROACH ASSET MANAGEMENT THE RIGHT PEOPLE PROCESSES WITH THE RIGHT DELIVERING RELIABLE, EXPERIENCE, EXPERTS PREDICTABLE IN MANAGING LARGE PERFORMANCE

582 views • 13 slides
TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &

TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &

TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown & Blaine McDonnell Using RFID for Model Railroad Operations What is RFID? How does RFID Work? RFID Frequencies and Type of Tags

853 views • 25 slides
Kirsi Viskari Technical paper + 7604 Takeaways from this presentation What is item-level

Kirsi Viskari Technical paper + 7604 Takeaways from this presentation What is item-level

Protecting the Brand While Gaining Operational Efficiencies with Item Level Identification Kirsi Viskari Technical paper + 7604 Takeaways from this presentation What is item-level identification? Why should it be used? How could

442 views • 19 slides
Library and Heritage Plan Overview SC(CV) Meeting 1 May 2017 Kathy Wilkinson Coordinator

Library and Heritage Plan Overview SC(CV) Meeting 1 May 2017 Kathy Wilkinson Coordinator

TA41 Library and Heritage Plan Overview SC(CV) Meeting 1 May 2017 Kathy Wilkinson Coordinator Library and Heritage Services TA42 Overview Library and Heritage Plan 2013-2017 in final stages. An interim plan will be developed

278 views • 8 slides
Page: 1 CONFIDENTIAL: All Information Is The Property of Topgolf International, Inc. And May Be

Page: 1 CONFIDENTIAL: All Information Is The Property of Topgolf International, Inc. And May Be

Page: 1 CONFIDENTIAL: All Information Is The Property of Topgolf International, Inc. And May Be Used Only With Consent. CONFIDENTIAL: All Information Is The Property of Topgolf International, Inc. And May Be Used Only With Consent. Topgolf is

513 views • 35 slides
RFID Methodologies in PFE and Rotable asset management Safe (Europe) Symposium 30 th March 2010

RFID Methodologies in PFE and Rotable asset management Safe (Europe) Symposium 30 th March 2010

RFID Methodologies in PFE and Rotable asset management Safe (Europe) Symposium 30 th March 2010 Clive Marshall Wildfire Information Systems Ltd Who are we? Wildfire Information Systems Ltd Microsoft Certified Partners based in Daresbury

547 views • 23 slides
T HE T RUSTED M EDICAL C ARD S YSTEM Pilot Report Presentation JANUARY 25, 2012 What is a

T HE T RUSTED M EDICAL C ARD S YSTEM Pilot Report Presentation JANUARY 25, 2012 What is a

T HE T RUSTED M EDICAL C ARD S YSTEM Pilot Report Presentation JANUARY 25, 2012 What is a Smart Card? A smart card is a device that includes an embedded integrated circuit that can be either a secure microcontroller or equivalent

494 views • 12 slides

More recommend