Time, computational complexity, and probability in the analysis of distance-bounding protocols

نویسندگان

  • Max I. Kanovich
  • Tajana Ban Kirigin
  • Vivek Nigam
  • Andre Scedrov
  • Carolyn L. Talcott
چکیده

Many security protocols rely on the assumptions on the physical properties in which its protocol sessions will be carried out. For instance, Distance Bounding Protocols take into account the round trip time of messages and the transmission velocity to infer an upper bound of the distance between two agents. We classify such security protocols as Cyber-Physical. Time plays a key role in design and analysis of many of these protocols. This paper investigates the foundational differences and the impacts on the analysis when using models with discrete time and models with dense time. We show that there are attacks that can be found by models using dense time, but not when using discrete time. We illustrate this with a novel attack that can be carried out on most Distance Bounding Protocols. In this attack, one exploits the execution delay of instructions during one clock cycle to convince a verifier that he is in a location different from his actual position. We additionally present a probabilistic analysis of this novel attack. As a formal model for representing and analyzing Cyber-Physical properties, we propose a Multiset Rewriting model with dense time suitable for specifying cyber-physical security protocols. We introduce Circle-Configurations and show that they can be used to symbolically solve the reachability problem for our model, and show that for the important class of balanced theories the reachability problem is PSPACE-complete. We also show how our model can be implemented using the computational rewriting tool Maude, the machinery that automatically searches for such attacks.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Security Analysis of the Distance Bounding Protocol Proposed by Jannati and Falahati

In this paper, the security of a distance bounding protocol is analyzed which has been recently proposed by Jannati and Falahati (so-called JF). We prove that an adversary can recover key bits of JF protocol with probability of “1” while the complexity of attack is “2n” runs of protocol. In addition, we propose an improved protocol and prove that the improved protocol is resistant to mafia frau...

متن کامل

Security Analysis of Two Distance-Bounding Protocols

In this paper, we analyze the security of two recently proposed distance bounding protocols called the “Hitomi” and the “NUS” protocols. Our results show that the claimed security of both protocols has been overestimated. Namely, we show that the Hitomi protocol is susceptible to a full secret key disclosure attack which not only results in violating the privacy of the protocol but also can be ...

متن کامل

Timed Analysis of RFID Distance Bounding Protocols

Modelling real time is fundamental to reason about pervasive systems. The formal analysis of some time sensitive security protocols, such as distance bounding protocols, could lead to a more formal approach to time dependent properties formalisation and verification of pervasive systems.

متن کامل

Distance Bounding Protocols: Authentication Logic Analysis and Collusion Attacks

In this paper we consider the problem of securely measuring distance between two nodes in a wireless sensor network. The problem of measuring distance has fundamental applications in both localization and time synchronization, and thus would be a prime candidate for subversion by hostile attackers. We give a brief overview and history of protocols for secure distance bounding. We also give the ...

متن کامل

Secure Distance Bounding Verification using Physical-Channel Properties

We consider the problem of distance bounding verification (DBV), where a proving party claims a distance and a verifying party ensures that the prover is within the claimed distance. Current approaches to “secure” distance estimation use signal’s time of flight, which requires the verifier to have an accurate clock. We study secure DBV using physical channel properties as an alternative to time...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • Journal of Computer Security

دوره 25  شماره 

صفحات  -

تاریخ انتشار 2017