Error-Correcting Response Functions for Distance-Bounding Protocols
DescriptionAuthentication decisions often need to be based on physical proximity to a location. For instance, a contactless payment card must be physically presented to a payment terminal before payment is taken. Linking the physical proximity of a device to a cryptographic authentication protocol is however a challenging problem.One of the most prominent approaches to addressing this challenge is distancebounding protocols. In theory, these protocols simply work on the basis of measuring the round-trip time of carefully defined cryptographic challenge-response exchanges, which it uses to estimate the upper distance bound between the devices. In practice, the security of these protocols depends on the device’s communication channel as its characteristics effects the round-trip time measurement and the correctness of the bounding exchanges. Only if the full protocol implementation is both secure and reliable can we have confidence in the distance bound.Traditionally, RFID/contactless card systems would benefit from distance bounding but such devices have simple and limited bit-rate communication channels. In practice, if such channels are to be made more resistant to known distance-bounding channel threats it would reduce the reliability of the channel and introduce channel errors. Some distance-bounding protocols do not allow for errors during the bounding phase, while most simply set an acceptance threshold for total incorrect exchanges. When a protocol is made tolerant to incorrect responses, we need to consider the protocol’s false accept (which sees an adversary’s incorrect response as a channel error) and false reject probability (which rejects an honest device as there were too many channel errors). Current proposals for resilient distance-bounding require additional communication, either additional challenge-response exchanges or verification messages, to reach similar levels of false reject and false accept rates as error-free channels. Although transmitting some additional bits seem trivial it is a valid performance issues if there is a time limit on protocol execution and we are using slow channels for exchanging protocol data and challenge-response exchanges.In this project we investigate response functions that incorporate error-correcting codes to tolerate channel errors during the bounding stage, with the goal of achieving acceptable security performance in terms of false accept and false reject rates, but while reducing the amount of additional challenge-response exchanges and verification message data. We also consider response function implementation that have short, consistent computation time and prevents early leakage of the response(s). This improves protocol reliability and execution time, and contributes to distance-bounding becoming a practical security mechanism.
|Effective start/end date||1/01/21 → …|