All-or-Nothing Approach to Protect a Distance Bounding Protocol against Terrorist Fraud Attack School of Computer Science Institute for Research in Fundamental

All-or-Nothing Approach to Protect a Distance Bounding Protocol against

Terrorist Fraud Attack

School of Computer Science Institute for Research in Fundamental Sciences (IPM)

November 10, 2015

Hoda Jannati

Outline

RFID Systems and Relay AttackHow to Protect RFID Systems against Relay AttackDistance Bounding Protocol

Mafia fraud attack Distance fraud attack Terrorist fraud attack

All-or-Nothing Approach based Distance Bounding Protocol

2 of 44

Hoda [email protected]

RFID Systems

Radio-frequency identification (RFID) is the wireless

use of electromagnetic fields to transfer data, for the

purposes of automatically identifying and tracking

tags attached to objects.

3 of 44


RFID Systems

4 of 44


RFID Systems

5 of 44


RFID Systems

6 of 44


Security in RFID Systems

Tag Authentication Multi-Tag Authentication Tag Searching Ownership Transfer Data Confidentiality

7 of 44


Relay Attack

In a relay attack, an attacker convinces a legitimate reader

that a legitimate tag is executing a security protocol with the

reader, and vice versa, indeed this is not the case. Such an attack is possible even if no one knows the security

parameters utilized within the protocol, because the

attacker just relays the messages between the legitimate

reader and the legitimate tag, without the two

communication parties being aware of its cheating.

8 of 44


Relay Attack

9 of 44


Relay Attack

10 of 44


Relay Attack

11 of 44


Relay Attack

12 of 44


Relay Attack

13 of 44


Relay Attack

14 of 44


Relay Attack

15 of 44


Relay Attack

16 of 44


Protection against Relay Attack

Distance Bounding Protocol

authenticates the tag establishes an upper bound on its physical distance

between the tag and the reader.

17 of 44



18 of 44


2 1( )

2r s dt t t

d v

Cpr ttt 01

ReaderTag

Rdps tttt 02

dpr tttt 202

01 tts

0 1|| ( , )V V H K N0

1

0

1

R V if C

R V if C


Distance Bounding Protocols are Vulnerable to

Three Attacks:

Mafia Fraud Attack

Distance Fraud Attack

Terrorist Fraud Attack

19 of 44



Mafia Fraud AttackAn attacker executes a man-in-the-middle attack between a reader R and a tag T to ensure R that T (is located far from the reader) is in a close proximity of R without both R and T being aware of its attack.

20 of 44



21 of 44


Mafia Fraud Attack


Distance Fraud AttackAn attacker, which is a dishonest tag T, wants to ensure the reader R that it is nearer than the actual location from the reader R.

22 of 44


Distance Bounding Protocol Terrorist Fraud Attack

A dishonest tag T colludes with a terrorist attacker At (but it does not provide At with the secret information shared between itself and R) in order to make it possible for At to convince R that T is in a close proximity of the reader R.

23 of 44


Distance Bounding Protocol Terrorist Fraud Attack

A dishonest tag T colludes with a terrorist attacker At (but it does not provide At with the secret information shared between itself and R) in order to make it possible for At to convince R that T is in a close proximity of the reader R.

24 of 44



25 of 44



26 of 44


2

1

2

1, ,

0

( ) (1 ) P[( ) ]P[ ]s

tN ee

PV PV t e k n de

dN

Be

FA

1 2 2

11

2

1 2 2 2

1

1

1 1, ,

0 0 0

1 1

11 0 0 0

1P[ ] ( ) P[( ) ] P[( ) | ] 1 P[( ) | ]

2

1 1 1 1( )2

s

t t tN lN l

m t k n m i m i i m il

N t t tN t

q t

l N l NFA B a e a e

l

q t q t N q

t

1 11 P[( ) | ] 1 P[( ) | ]q t

i m i i m ia e a e

1 2 2

1 1

2

1 2 2 2

1

1

1 1, ,

0 0 0

1 1

11 0 0 0

1P[ ] 1 ( ) P[( ) ] ( ) 1 ( ) 1

2

1 1 1 1( )2

s

t t tN l N ll l

t k n r PV PV VP VPl

N t t tN q t

q t

l N l NFR B

l

q t q t N q

t

1 1 11 1 11 1 1q t t q t

PV PV VP VP


27 of 44



28 of 44



29 of 44



30 of 44


حافظه مورد نیاز

احتمال رد کاربر مجاز

احتمال موفقیت

حمله جعل مسافت

احتمال موفقیت

حمله جعل مافیا

افزایش خطی

افزایش کاهش کاهش Nافزایش

افزایش خطی

افزایش افزایش کاهش pdافزایش

افزایشنمایی

افزایش کاهش کاهش kافزایش

- کاهش افزایش افزایش tافزایش

- افزایش کاهش کاهش افزایش احتمال خطای کانال


31 of 44



32 of 44


22( )

0

1(1 ) for

2

N p t

t i N i Ni

Np p e t Np

i

نامساوی Hoeffding:

0, 0, 0,( ) 1 ln(2 ) (1 max( , )) ln(2min( , ))2 2

P[( ) ] P[( ) ] P[( ) ]m dFR FA FAj r mj j d

N NN T t N T TA A A

0, 0, 0,1

ln(2min( , )) ln(2 ) 2 ( max( , ))P[( ) ] P[( ) ] P[( ) ]m dFA FA FR j r mj j dT T T N

NA A A


The protocol resists the terrorist fraud attack if the tag is forced to give the secret key to the terrorist attacker for the execution of the protocol.

The terrorist attacker without knowing the secret key of the tag cannot succeed in performing the protocol.

33 of 44



Security Analysis against Terrorist Fraud Attack:

34 of 44


We showed that the terrorist attacker can succeed in the execution of a distance bounding protocol with a high false-accept probability by assisting the dishonest tag T even if the terrorist attacker does not know some bits of the secret key shared between the tag T and the reader R.


35 of 44


RGTS protocol

The success probability of the attacker due to a terrorist fraud attack:

the number of states that the terrorist attacker must search to find the secret key K with N bits:


To protect a distance bounding protocol against terrorist fraud attack, an all-or-nothing approach is introduced for the computation of the response bits.

The terrorist attacker must have access to all bits of the secret key correctly to be able to compute each response bit. In other words, even if one of the secret key bits is incorrect, all response bits are computed randomly by the terrorist attacker.

36 of 44


37 of 44


Comparison of Distance Bounding Protocols

38 of 44

False-accept probability due to a mafia fraud attack



39 of 44

False-accept probability due to a distance fraud attack



40 of 44



41 of 44


Conclusion and Future Work

Future Work The security and performance analysis for the proposed

protocol over a noisy environment Measuring power consumption

A distance bounding protocol to protect the terrorist fraud attack for the others parameters k and pd

A distance bounding protocol to protect enlargement attacks Relay attack on RFID systems

Hoda [email protected] 42 of 44

References

1. H. Jannati, A. Falahati, "Achieving an appropriate security level for distance bounding protocols over a noisy channel, " Telecommunication Systems, 2014

2. A. Falahati, H. Jannati, "All-or-nothing approach to protect a distance bounding protocol against terrorist fraud attack for low cost devices," Electronic Commerce Research, 2015.

3. H. Jannati, A. Falahati, "Distance bounding-based RFID binding proof protocol to protect inpatient medication safety against relay attack," International Journal of Ad-Hoc and Ubiquitous Computing, 2014.

4. G. Avoine, C. H. Kim, "Mutual distance bounding protocols," IEEE Transactions on Mobile Computing, vol. 12, 2014.

5. A. Abu-Mahfouz, G. P. Hancke, "Distance bounding: a practical security solution for real-time location systems," IEEE Transactions on Industrial Informatics, vol. 9, 2014.

6. R. Trujillo-Rasua, B. Martin, G. Avoine, "Distance bounding facing both mafia and distance frauds," IEEE Transactions on Wireless Communications, vol. 13, 2014.

Hoda [email protected] 43 of 44

Thank you for your attention


Documents

All-or-Nothing Approach to Protect a Distance Bounding Protocol against Terrorist Fraud Attack School of Computer Science Institute for Research in Fundamental