Proof of Presence: Security and Privacy of Proximity-based Authentication Protocols

存在證明:近距離認證協議的安全與私隱

Student thesis: Doctoral Thesis

View graph of relations

Author(s)

  • Yun Hui ZHUANG

Related Research Unit(s)

Detail(s)

Awarding Institution
Supervisors/Advisors
Award date8 Dec 2015

Abstract

The recent hot debate on sharing economy has been an emergence in a dynamic ownership economy, which attracts a lot of attentions in the news media. People share their assets to friends, or even strangers via the platforms on mobile apps. The concept and practice of resource sharing have been fast becoming a mainstream phenomenon across the world. Meanwhile, researchers from various areas are working closely to weigh in with deeper analysis in terms of security and privacy, which turn out to be one critical area of argument in many security sensitive mobile applications. In light of multiple mobile applications rely heavily on the notion of device proximity, it is desirable to securely track the location of the items and gently preserve the privacy. Ensuring that an item is located within a specified distance of the Verifier without disclosing its identity is therefore an important requirement. Radio Frequency IDentification (RFID) technology is the prominent solution for implementing proximity identification systems. It is often used not only to prove the presence of an item, but also to demonstrate it is in close proximity to the Verifier. This thesis presents a number of new techniques and methodologies on constructing different types of proximity-based authentication protocols in the context of proximity identification systems, which are a central piece for building secure near-field communication channels.

The first part of this thesis discusses two types of authentication protocols that support the proof of presence. In particular, the grouping-proof protocols can establish the proof of presence for a set of Provers at the same time but not a Prover's physical proximity to the Verifier. The distance-bounding protocols can cryptographically determine an upper bound on the physical distance between a Prover and the Verifier so as to create the proof of proximity. It is practically shown that an adversary can deceive the distance bound by implementing location-based attacks in the conventional communication channel. An investigation on current proposals with respect to their merits and weaknesses is discussed, then the design principles of such protocols in the context of proximity identification are elaborated, and new solutions with rigorous security analyses and proofs are provided. Finally, a forward-private grouping-proof protocol and a new residual-energy based distance-bounding protocol with near-optimal security bounds are proposed, along with the experimental setups and practical results are also provided.

The second part of this thesis studies the privacy-preserving techniques in proximity identification systems. In addition to securely and precisely determining an item's location, it is also desirable to preserve the privacy and untraceability of the item. It is important to investigate existing RFID privacy models and explore the weaknesses in existing models, and solutions for these problems and issues. In particular, an explanation on why forward privacy should be a concern in practice is addressed. Then a new privacy model that captures forward privacy is proposed, along with a design of an RFID authentication protocol which can be proved forward private under proposed model. Finally, in order to prove the presence of having all Provers simultaneously and being in the close proximity of a Verifier, a new concept of combining both distance-bounding and grouping-proof together to propose a new type of proximity-based authentication protocols that supports mutual authentication and forward privacy is proposed. Furthermore, the protocol retains the untraceability of a token and prevents de-synchronization attacks.