a class of precomputation based distance bounding
play

A class of precomputation-based distance-bounding protocols Jorge - PowerPoint PPT Presentation

Nov 28, 2022 •130 likes •685 views

Introduction Lookup-based protocols Properties and security analysis Conclusions A class of precomputation-based distance-bounding protocols Jorge Toro-Pozo University of Luxembourg (joint work with Sjouke Mauw and Rolando Trujillo-Rasua,

  1. Introduction Lookup-based protocols Properties and security analysis Conclusions A class of precomputation-based distance-bounding protocols Jorge Toro-Pozo University of Luxembourg (joint work with Sjouke Mauw and Rolando Trujillo-Rasua, to appear at Euro S&P 2016) Nancy, France. March 16, 2016 Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  2. Introduction Lookup-based protocols Properties and security analysis Conclusions Relay attack: how to beat a grand master White Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  3. Introduction Lookup-based protocols Properties and security analysis Conclusions Relay attack: how to beat a grand master White Black Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  4. Introduction Lookup-based protocols Properties and security analysis Conclusions Relay attack: how to beat a grand master White Black d4 Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  5. Introduction Lookup-based protocols Properties and security analysis Conclusions Relay attack: how to beat a grand master White Black d4 d4 Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  6. Introduction Lookup-based protocols Properties and security analysis Conclusions Relay attack: how to beat a grand master White Black d4 d4 d5 Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  7. Introduction Lookup-based protocols Properties and security analysis Conclusions Relay attack: how to beat a grand master White Black d4 d4 d5 d5 Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  8. Introduction Lookup-based protocols Properties and security analysis Conclusions Relay attack: how to beat a grand master White Black d4 d4 d5 d5 Definition (Relay attack) A relay attack is a man-in-the-middle attack where the adversary manipulates the communication by only relaying the verbatim messages between reader and the tag. Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  9. Introduction Lookup-based protocols Properties and security analysis Conclusions Relay attack: how to beat a grand master White Black d4 d4 d5 d5 Definition (Relay attack) A relay attack is a man-in-the-middle attack where the adversary manipulates the communication by only relaying the verbatim messages between reader and the tag. Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  10. Introduction Lookup-based protocols Properties and security analysis Conclusions Solution: distance bounding protocols Definition (Distance Bounding) A distance bounding protocol is an authentication protocol that in addition checks the distance between tag and reader. The computed distance is an upper-bound on their actual distance. Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  11. Introduction Lookup-based protocols Properties and security analysis Conclusions Radio Frequency Identification - RFID Communication is contactless. Line-of-sight is not necessary. Messages are broadcast. Limited resources (memory, processor speed, energy, interaction time). Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  12. Introduction Lookup-based protocols Properties and security analysis Conclusions Radio Frequency Identification - RFID Communication is contactless. Line-of-sight is not necessary. Messages are broadcast. Limited resources (memory, processor speed, energy, interaction time). Tags respond to the reader’s requests without explicit agreement of their holder Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  13. Introduction Lookup-based protocols Properties and security analysis Conclusions Radio Frequency Identification - RFID Communication is contactless. Line-of-sight is not necessary. Messages are broadcast. Limited resources (memory, processor speed, energy, interaction time). Tags respond to the reader’s requests without explicit agreement of their holder Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  14. Introduction Lookup-based protocols Properties and security analysis Conclusions Distance bounding protocols are vulnerable Mafia-fraud attacks ... and also to other attacks, e.g. distance fraud terrorist fraud distance hijacking Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  15. Introduction Lookup-based protocols Properties and security analysis Conclusions Distance bounding protocols are vulnerable Mafia-fraud attacks ... and also to other attacks, e.g. distance fraud terrorist fraud distance hijacking Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  16. Introduction Lookup-based protocols Properties and security analysis Conclusions A few distance bounding protocols Brands and Chaum (Fiat-Shamir) Brands and Chaum (Schnorr) Brands and Chaum (signature) Bussard and Bagga CRCS Hancke and Kuhn Hitomi KA2 Kuhn, Luecken, Tippenhauer MAD Meadows et al. for F ( · · · ) = � NV , NP ⊕ P � Munilla and Peinado Noise resilient MAD Poulidor Reid et al. Swiss-Knife Tree WSBC+DB WSBC+DB Noent Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  17. Introduction Lookup-based protocols Properties and security analysis Conclusions Many of them have been broken Brands and Chaum (Fiat-Shamir) Brands and Chaum (Schnorr) Brands and Chaum (signature) Bussard and Bagga CRCS Hancke and Kuhn Hitomi KA2 Kuhn, Luecken, Tippenhauer MAD Meadows et al. for F ( · · · ) = � NV , NP ⊕ P � Munilla and Peinado Noise resilient MAD Poulidor Reid et al. Swiss-Knife Tree WSBC+DB WSBC+DB Noent Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  18. Introduction Lookup-based protocols Properties and security analysis Conclusions Some common principles Are composed by two phases: Slow phase: generation of random values, exchange of parameters, preparation of data structures. Fast phase: 1-bit messages, tag performs at most lookup/and/xor/. . . ; repeat this n times. Need very short processing time at the tag (otherwise the adversary could overclock the tag). Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  19. Introduction Lookup-based protocols Properties and security analysis Conclusions Some common principles Are composed by two phases: Slow phase: generation of random values, exchange of parameters, preparation of data structures. Fast phase: 1-bit messages, tag performs at most lookup/and/xor/. . . ; repeat this n times. Need very short processing time at the tag (otherwise the adversary could overclock the tag). Perform the authentication during the fast phase. Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  20. Introduction Lookup-based protocols Properties and security analysis Conclusions Some common principles Are composed by two phases: Slow phase: generation of random values, exchange of parameters, preparation of data structures. Fast phase: 1-bit messages, tag performs at most lookup/and/xor/. . . ; repeat this n times. Need very short processing time at the tag (otherwise the adversary could overclock the tag). Perform the authentication during the fast phase. Do not have a final slow phase. Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  21. Introduction Lookup-based protocols Properties and security analysis Conclusions Some common principles Are composed by two phases: Slow phase: generation of random values, exchange of parameters, preparation of data structures. Fast phase: 1-bit messages, tag performs at most lookup/and/xor/. . . ; repeat this n times. Need very short processing time at the tag (otherwise the adversary could overclock the tag). Perform the authentication during the fast phase. Do not have a final slow phase. We call them Lookup-based protocols Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

  22. Introduction Lookup-based protocols Properties and security analysis Conclusions Some common principles Are composed by two phases: Slow phase: generation of random values, exchange of parameters, preparation of data structures. Fast phase: 1-bit messages, tag performs at most lookup/and/xor/. . . ; repeat this n times. Need very short processing time at the tag (otherwise the adversary could overclock the tag). Perform the authentication during the fast phase. Do not have a final slow phase. We call them Lookup-based protocols Jorge Toro-Pozo University of Luxembourg A class of precomputation-based distance-bounding protocols

Recommend

On the Need for Provably Secure Distance Bounding Serge Vaudenay COLE POLYTECHNIQUE

On the Need for Provably Secure Distance Bounding Serge Vaudenay COLE POLYTECHNIQUE

On the Need for Provably Secure Distance Bounding Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE LAUSANNE http://lasec.epfl.ch/ SV 2012 distance bounding CIoT 2012 1 / 39 Introduction to Distance-Bounding 1 Some Insecurity Case

600 views • 39 slides
Towards Secure Distance Bounding Ioana Boureanu, Katerina Mitrokotsa, Serge Vaudenay COLE

Towards Secure Distance Bounding Ioana Boureanu, Katerina Mitrokotsa, Serge Vaudenay COLE

Towards Secure Distance Bounding Ioana Boureanu, Katerina Mitrokotsa, Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE LAUSANNE http://lasec.epfl.ch/ SV 2013 distance bounding FSE 2013 1 / 48 1 Why Distance-Bounding? Towards a Secure

663 views • 48 slides
An optimal distance-bounding protocol Rolando Trujillo-Rasua University of luxembourg (joint

An optimal distance-bounding protocol Rolando Trujillo-Rasua University of luxembourg (joint

An optimal distance-bounding protocol Rolando Trujillo-Rasua University of luxembourg (joint work with Sjouke Mauw and Jorge Toro-Pozo) Euro S&P and RFIDSec, 2016 Distance Bounding protocols 1 Beating a grand master: is this a relay

926 views • 67 slides
Distance Bounding for RFID Prof. Gildas Avoine Universit e catholique de Louvain, Belgium

Distance Bounding for RFID Prof. Gildas Avoine Universit e catholique de Louvain, Belgium

Distance Bounding for RFID Prof. Gildas Avoine Universit e catholique de Louvain, Belgium Information Security Group SUMMARY Relay Attacks Distance Bounding Protocols Discussion RELAY ATTACKS Relay Attacks Distance Bounding Protocols

330 views • 28 slides
Markov Chains and Coupling In this class we will consider the problem of bounding the time taken

Markov Chains and Coupling In this class we will consider the problem of bounding the time taken

Markov Chains and Coupling In this class we will consider the problem of bounding the time taken by a Markov chain to reach the stationary distribution. We will do so using the coupling technique , which helps bound the distance between two

315 views • 4 slides
Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine Universit e catholique de Louvain, Belgium Information Security Group SUMMARY RFID Background Relay Attacks Distance Bounding Protocols Conclusion

666 views • 53 slides
Relay Attacks and Distance Bounding Protocols Gildas Avoine Universit e catholique de Louvain,

Relay Attacks and Distance Bounding Protocols Gildas Avoine Universit e catholique de Louvain,

Relay Attacks and Distance Bounding Protocols Gildas Avoine Universit e catholique de Louvain, Belgium Workshop on Cryptography for the Internet of Things November 20 21, 2012, Antwerp, Belgium SUMMARY Relay Attacks Distance Bounding

349 views • 21 slides
Distance Hijacking Attacks on Distance Bounding Protocols Cas Cremers ETH Zurich Joint work

Distance Hijacking Attacks on Distance Bounding Protocols Cas Cremers ETH Zurich Joint work

Distance Hijacking Attacks on Distance Bounding Protocols Cas Cremers ETH Zurich Joint work with: Joint work with: Kasper Rasmussen, Benedikt Schmidt, Srdjan Capkun Kasper Rasmussen, Benedikt Schmidt, Srdjan Capkun Distance Bounding 2

370 views • 16 slides
Security Analysis of Distance Bounding Protocols Agnes BRELURUT, Pascal LAFOURCADE, David GERAULT

Security Analysis of Distance Bounding Protocols Agnes BRELURUT, Pascal LAFOURCADE, David GERAULT

Security Analysis of Distance Bounding Protocols Agnes BRELURUT, Pascal LAFOURCADE, David GERAULT LIMOS, Universit dAuvergne, France September 17th 2015 BRELURUT, LAFOURCADE, GERAULT (LIMOS, France) Security Analysis of Distance Bounding

704 views • 42 slides
An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and

An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and

An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and Memory Requirement Gildas Avoine 1 and Aslan Tchamkerten 2 1 Universit e catholique de Louvain, Louvain-la-Neuve, Belgium 2 Telecom ParisTech,

335 views • 31 slides
Accelerating Relative-error Bounded Lossy Compression for HPC datasets with Precomputation-Based

Accelerating Relative-error Bounded Lossy Compression for HPC datasets with Precomputation-Based

Accelerating Relative-error Bounded Lossy Compression for HPC datasets with Precomputation-Based Mechanisms Xiangyu Zou, Tao Lu, Wen Xia, Xuan Wang, Weizhe Zhang, Sheng Di, Dingwen Tao and Franck Cappello Harbin Institute of Technology, Shenzhen

724 views • 22 slides
Symbolic verification of distance bounding protocols Stphanie Delaune Univ Rennes, CNRS,

Symbolic verification of distance bounding protocols Stphanie Delaune Univ Rennes, CNRS,

Symbolic verification of distance bounding protocols Stphanie Delaune Univ Rennes, CNRS, IRISA, France joint work with Alexandre Debant and Cyrille Wiedling 1/29 Security protocols everywhere ! Cryptographic protocols small

1.04k views • 56 slides
Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine Universit e catholique de Louvain, Belgium Information Security Group SUMMARY RFID Background Relay Attacks Countermeasures and Evolved Frauds

633 views • 40 slides
Defeating Relay Attacks in NFC Payments Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE

Defeating Relay Attacks in NFC Payments Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE

Defeating Relay Attacks in NFC Payments Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE LAUSANNE http://lasec.epfl.ch/ SV 2014 distance-bounding SDTA 14 1 / 42 Relay Attacks 1 Distance-Bounding Protocols 2 3 Asymmetric DB Protocols

1.02k views • 42 slides
Architectural Support for Speculative Precomputation Dean Tullsen UCSD on sabbatical at UPC

Architectural Support for Speculative Precomputation Dean Tullsen UCSD on sabbatical at UPC

Architectural Support for Speculative Precomputation Dean Tullsen UCSD on sabbatical at UPC Background -- Three Types of Helper Threads Cache Prefetching Branch Precomputation Other What architectural support you need/want

742 views • 63 slides
Selective Restructuring of Bo nding Vol me Hierarchies for Bounding Volume Hierarchies for

Selective Restructuring of Bo nding Vol me Hierarchies for Bounding Volume Hierarchies for

Selective Restructuring of Bo nding Vol me Hierarchies for Bounding Volume Hierarchies for Dynamic Models y Sung-Eui Yoon KAIST (Korea Advanced Institute of Science and Technology) and Technology) At Previous Class At Previous Class

471 views • 34 slides
1 View Materialization (Precomputation) Suppose we precompute RegionalSales and store it

1 View Materialization (Precomputation) Suppose we precompute RegionalSales and store it

Data Warehousing and Decision Support Chapter 23, Part B Database Management Systems, 2 nd Edition. R. Ramakrishnan and J. Gehrke 1 Views and Decision Support OLAP queries are typically aggregate queries. Precomputation is essential for

313 views • 6 slides
Likelihood Based Uncertainty Bounding in Prediction Error Identification using ARX models A

Likelihood Based Uncertainty Bounding in Prediction Error Identification using ARX models A

Likelihood Based Uncertainty Bounding in Prediction Error Identification using ARX models A Simulation Study ECC 2007, Kos, Greece Arjan den Dekker, Xavier Bombois and Paul Van den Hof July 4, 2007 1 Delft Center for Systems and Control

518 views • 17 slides
Hierarchical Bounding Volume October 11, 2005 () Hierarchical Bounding Volume October 11, 2005

Hierarchical Bounding Volume October 11, 2005 () Hierarchical Bounding Volume October 11, 2005

Hierarchical Bounding Volume October 11, 2005 () Hierarchical Bounding Volume October 11, 2005 1 / 15 Outline Introduction to hierarchical bounding volume (HBV) Tree generation Other optimization issues () Hierarchical Bounding Volume

350 views • 16 slides
Bounding parameters in the web of swampland conjectures Niccol` o Cribiori Cortona Young, May

Bounding parameters in the web of swampland conjectures Niccol` o Cribiori Cortona Young, May

Bounding parameters in the web of swampland conjectures Niccol` o Cribiori Cortona Young, May 27th, 2020 Based on 2004.00030, with D. Andriot and D. Erkinger Introduction Niccol` o Cribiori Bounding parameters in the web of swampland

206 views • 20 slides
Computer Graphics MTAT.03.015 Raimond Tunnel The Road So Far... Bounding Box With bounding

Computer Graphics MTAT.03.015 Raimond Tunnel The Road So Far... Bounding Box With bounding

Computer Graphics MTAT.03.015 Raimond Tunnel The Road So Far... Bounding Box With bounding boxes you can detect collisions between boxes. Our hangar just happens to be a box. The chopper is not a box, but the collision

718 views • 25 slides
Learning From Data Lecture 6 Bounding The Growth Function Bounding the Growth Function Models

Learning From Data Lecture 6 Bounding The Growth Function Bounding the Growth Function Models

Learning From Data Lecture 6 Bounding The Growth Function Bounding the Growth Function Models are either Good or Bad The VC Bound - replacing |H| with m H ( N ) M. Magdon-Ismail CSCI 4100/6100 recap: The Growth Function m H ( N ) A new

316 views • 31 slides
Mixtures of Weighted Distance-Based Models for Ranking Data Paul H. Lee Philip L. H. Yu The

Mixtures of Weighted Distance-Based Models for Ranking Data Paul H. Lee Philip L. H. Yu The

Mixtures of Weighted Distance-Based Models for Ranking Data Paul H. Lee Philip L. H. Yu The University of Hong Kong 1 / 38 Outline of presentation Introduction Introduction Distance-Based Models for Ranking Data Distance-Based

677 views • 38 slides
Near-exhaustive Precomputation of Secondary Cloth Effects Doyub Kim 1,3 , Woojong Koh 2 , Rahul

Near-exhaustive Precomputation of Secondary Cloth Effects Doyub Kim 1,3 , Woojong Koh 2 , Rahul

Near-exhaustive Precomputation of Secondary Cloth Effects Doyub Kim 1,3 , Woojong Koh 2 , Rahul Narain 2 , Kayvon Fatahalian 1 , Adrien Treuille 1 , and James F . OBrien 2 1 Carnegie Mellon University, 2 UC Berkeley, 3 Microsoft Real-time Cloth

734 views • 44 slides

More recommend