Security Models for Distance-Bounding Channels
DescriptionAuthentication decisions often need to be based on physical proximity to a location. For instance, a wireless car key first has to be close to the car before the doors unlock or a contactless payment card must first be presented to a payment terminal before payment is taken. Linking the physical proximity of a device to a cryptographic authentication protocol is however a challenging problem.One of the most prominent approaches to addressing this challenge is distance-bounding protocols. These protocols work on the basis of measuring the round-trip time of carefully defined cryptographic challenge-response exchanges. In theory, the roundtrip time is simply used to estimate an upper bound on the distance to the authenticated device. In practice, the security of these protocols very much depends on the device’s communication channel as its characteristics directly influence the round-trip time measurement and secure transmission of the challenges. Only if the protocol and the channel implementation are both secure can we have confidence in the distance bound determined.Progress is being made on protocol analysis frameworks and provably secure protocols, and there are a number of implementation proposals for secure channels, but there is currently no unified approach to do security analysis of the channel implementation.This proposal sets out to provide a reference framework for the design and comparison of distance-bounding channels, which will define consistent notions of the channel requirements, adversaries and attack strategies. We will also propose a security model for distance-bounding channels, whereby the security properties of the channel could be reliably quantified. Finally, we also study the impact of the channel implementation on the protocol security in noisy environments for both binary and multi-state signals, and determine whether the channel design could be optimised to reduce the security impact of using a large acceptance threshold allowing for channel bit errors.We hope this this will serve as the first step towards a situation where academics and system engineers will have a set of reliable tools to determine the security properties of any given channel design and to obtain an accurate comparison between different designs.
|Effective start/end date
|1/01/17 → 28/12/21
- Distance Bounding , Relay Attack , , ,