Security of Distance-Bounding
Avoine, G et al. “Security of Distance-Bounding: A Survey.” ACM Computing Surveys, Vol. 51, No. 5, Article 94. Publication date: September 2018
Distance-Bounding (DB) protocols are authentication protocols that aim at thwarting distance-based attacks by enabling a verifier entity to establish an upper bound on the physical distance to a prover entity. The protocols are based on timing the delay between sending challenge bits from the verifier and receiving back the corresponding response bits from the prover. DB protocols can be used in different applications. For instance, building access control systems where an identification protocol is used to ensure that the person, who is interacting with the system, is no more than a few meters away from the entrance of the building.
This survey provides comprehensive analysis and comparison of the existing distance-bounding protocols, with more focus on their evolution over the years and some key security and complexity features. The survey gives more details on the topic and, as part of the comparison framework, describes four main frauds against the reviewed DB protocols:
- Impersonation: an adversary acting alone who purports to be a legitimate prover.
- distance Fraud: a dishonest prover who purports to be in the neighbourhood of the verifier.
- Mafia Fraud: an adversary that defeats a distance-bounding protocol using man-in-the-middle between the verifier and an honest prover located outside the neighbourhood.
- Terrorist Fraud: mafia fraud with dishonest prover who actively helps the adversary to maximize the attack success probability.
DB protocols are closely linked to aspects of the physical communication channel. The channel on which the challenges and responses messages are to be transmitted must be chosen in such a way that it does not adversary affect the security of the protocol or accuracy of the estimated distance. There are four principles for implementing a secure channel for timed challenge-response exchange:
- communication medium propagation: the propagation speed of the communication medium should be as close as possible to the physical limit, i.e., speed of light.
- communication format: use communication format in which only a single symbol is transmitted as challenges of response.
- Minimize the length of this symbol or the time taken to decide the value of the symbol.
- Design the protocol such that it copes with error during the challenge-response exchange.
In summary, the survey provides comprehensive state of the art of the existing protocols and introduces refined security analysis method. The comparison provides a new framework to evaluate the performance of the protocols in a unified manner with respect to several security resources parameters. Given the large number of parameters, the comparison task was not trivial. However, it helps to identify and summarize the important properties of the protocols. The method clusters the protocols with similar features and highlights the clusters with properties that are not present in others. As future work, more attacks other than those reviewed in the survey will be investigated.