So near and yet so far: Distance-bounding attacks in wireless networks

Jolyon Clulow; Gerhard P. Hancke; Markus G. Kuhn; Tyler Moore

doi:10.1007/11964254_9

So near and yet so far: Distance-bounding attacks in wireless networks

Jolyon Clulow, Gerhard P. Hancke, Markus G. Kuhn, Tyler Moore

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

125 Citations (Scopus)

Abstract

Distance-bounding protocols aim to prevent an adversary from pretending that two parties are physically closer than they really are. We show that proposed distance-bounding protocols of Hu, Perrig and Johnson (2003), Sastry, Shankar and Wagner (2003), and Čapkun and Hubaux (2005, 2006) are vulnerable to a guessing attack where the malicious prover preemptively transmits guessed values for a number of response bits. We also show that communication channels not optimized for minimal latency imperil the security of distance-bounding protocols. The attacker can exploit this to appear closer himself or to perform a relaying attack against other nodes. We describe attack strategies to achieve this, including optimizing the communication protocol stack, taking early decisions as to the value of received bits and modifying the waveform of transmitted bits. We consider applying distance-bounding protocols to constrained devices and evaluate existing proposals for distance bounding in ad hoc networks. © 2006 Springer-Verlag Berlin Heidelberg.

Original language	English
Title of host publication	Security and Privacy in Ad-Hoc and Sensor Networks
Subtitle of host publication	Third European Workshop, ESAS 2006, Revised Selected Papers
Publisher	Springer Verlag
Pages	83-97
Volume	4357 LNCS
ISBN (Print)	9783540691723
DOIs	https://doi.org/10.1007/11964254_9
Publication status	Published - 2006
Externally published	Yes
Event	3rd European Workshop on Security and Privacy in Ad Hoc and Sensor Networks, ESAS 2006 - Hamburg, Germany Duration: 20 Sept 2006 → 21 Sept 2006

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4357 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	3rd European Workshop on Security and Privacy in Ad Hoc and Sensor Networks, ESAS 2006
Place	Germany
City	Hamburg
Period	20/09/06 → 21/09/06

Access Output

10.1007/11964254_9

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

Clulow, J., Hancke, G. P., Kuhn, M. G., & Moore, T. (2006). So near and yet so far: Distance-bounding attacks in wireless networks. In Security and Privacy in Ad-Hoc and Sensor Networks: Third European Workshop, ESAS 2006, Revised Selected Papers (Vol. 4357 LNCS, pp. 83-97). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4357 LNCS). Springer Verlag. https://doi.org/10.1007/11964254_9

Clulow, Jolyon ; Hancke, Gerhard P. ; Kuhn, Markus G. et al. / So near and yet so far : Distance-bounding attacks in wireless networks. Security and Privacy in Ad-Hoc and Sensor Networks: Third European Workshop, ESAS 2006, Revised Selected Papers. Vol. 4357 LNCS Springer Verlag, 2006. pp. 83-97 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{ab712a0a7c474a48ba5c19265b207256,

title = "So near and yet so far: Distance-bounding attacks in wireless networks",

abstract = "Distance-bounding protocols aim to prevent an adversary from pretending that two parties are physically closer than they really are. We show that proposed distance-bounding protocols of Hu, Perrig and Johnson (2003), Sastry, Shankar and Wagner (2003), and {\v C}apkun and Hubaux (2005, 2006) are vulnerable to a guessing attack where the malicious prover preemptively transmits guessed values for a number of response bits. We also show that communication channels not optimized for minimal latency imperil the security of distance-bounding protocols. The attacker can exploit this to appear closer himself or to perform a relaying attack against other nodes. We describe attack strategies to achieve this, including optimizing the communication protocol stack, taking early decisions as to the value of received bits and modifying the waveform of transmitted bits. We consider applying distance-bounding protocols to constrained devices and evaluate existing proposals for distance bounding in ad hoc networks. {\textcopyright} 2006 Springer-Verlag Berlin Heidelberg.",

author = "Jolyon Clulow and Hancke, {Gerhard P.} and Kuhn, {Markus G.} and Tyler Moore",

year = "2006",

doi = "10.1007/11964254_9",

language = "English",

isbn = "9783540691723",

volume = "4357 LNCS",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "83--97",

booktitle = "Security and Privacy in Ad-Hoc and Sensor Networks",

address = "Germany",

note = "3rd European Workshop on Security and Privacy in Ad Hoc and Sensor Networks, ESAS 2006 ; Conference date: 20-09-2006 Through 21-09-2006",

}

Clulow, J, Hancke, GP, Kuhn, MG & Moore, T 2006, So near and yet so far: Distance-bounding attacks in wireless networks. in Security and Privacy in Ad-Hoc and Sensor Networks: Third European Workshop, ESAS 2006, Revised Selected Papers. vol. 4357 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4357 LNCS, Springer Verlag, pp. 83-97, 3rd European Workshop on Security and Privacy in Ad Hoc and Sensor Networks, ESAS 2006, Hamburg, Germany, 20/09/06. https://doi.org/10.1007/11964254_9

So near and yet so far: Distance-bounding attacks in wireless networks. / Clulow, Jolyon; Hancke, Gerhard P.; Kuhn, Markus G. et al.
Security and Privacy in Ad-Hoc and Sensor Networks: Third European Workshop, ESAS 2006, Revised Selected Papers. Vol. 4357 LNCS Springer Verlag, 2006. p. 83-97 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4357 LNCS).

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

TY - GEN

T1 - So near and yet so far

T2 - 3rd European Workshop on Security and Privacy in Ad Hoc and Sensor Networks, ESAS 2006

AU - Clulow, Jolyon

AU - Hancke, Gerhard P.

AU - Kuhn, Markus G.

AU - Moore, Tyler

PY - 2006

Y1 - 2006

N2 - Distance-bounding protocols aim to prevent an adversary from pretending that two parties are physically closer than they really are. We show that proposed distance-bounding protocols of Hu, Perrig and Johnson (2003), Sastry, Shankar and Wagner (2003), and Čapkun and Hubaux (2005, 2006) are vulnerable to a guessing attack where the malicious prover preemptively transmits guessed values for a number of response bits. We also show that communication channels not optimized for minimal latency imperil the security of distance-bounding protocols. The attacker can exploit this to appear closer himself or to perform a relaying attack against other nodes. We describe attack strategies to achieve this, including optimizing the communication protocol stack, taking early decisions as to the value of received bits and modifying the waveform of transmitted bits. We consider applying distance-bounding protocols to constrained devices and evaluate existing proposals for distance bounding in ad hoc networks. © 2006 Springer-Verlag Berlin Heidelberg.

AB - Distance-bounding protocols aim to prevent an adversary from pretending that two parties are physically closer than they really are. We show that proposed distance-bounding protocols of Hu, Perrig and Johnson (2003), Sastry, Shankar and Wagner (2003), and Čapkun and Hubaux (2005, 2006) are vulnerable to a guessing attack where the malicious prover preemptively transmits guessed values for a number of response bits. We also show that communication channels not optimized for minimal latency imperil the security of distance-bounding protocols. The attacker can exploit this to appear closer himself or to perform a relaying attack against other nodes. We describe attack strategies to achieve this, including optimizing the communication protocol stack, taking early decisions as to the value of received bits and modifying the waveform of transmitted bits. We consider applying distance-bounding protocols to constrained devices and evaluate existing proposals for distance bounding in ad hoc networks. © 2006 Springer-Verlag Berlin Heidelberg.

UR - http://www.scopus.com/inward/record.url?scp=84876367662&partnerID=8YFLogxK

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-84876367662&origin=recordpage

U2 - 10.1007/11964254_9

DO - 10.1007/11964254_9

M3 - RGC 32 - Refereed conference paper (with host publication)

SN - 9783540691723

VL - 4357 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 83

EP - 97

BT - Security and Privacy in Ad-Hoc and Sensor Networks

PB - Springer Verlag

Y2 - 20 September 2006 through 21 September 2006

ER -

Clulow J, Hancke GP, Kuhn MG, Moore T. So near and yet so far: Distance-bounding attacks in wireless networks. In Security and Privacy in Ad-Hoc and Sensor Networks: Third European Workshop, ESAS 2006, Revised Selected Papers. Vol. 4357 LNCS. Springer Verlag. 2006. p. 83-97. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/11964254_9

So near and yet so far: Distance-bounding attacks in wireless networks

Abstract

Publication series

Conference

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Cite this