Repository logo

Infoscience

  • English
  • French
Log In
Logo EPFL, École polytechnique fédérale de Lausanne

Infoscience

  • English
  • French
Log In
  1. Home
  2. Academic and Research Output
  3. Conferences, Workshops, Symposiums, and Seminars
  4. On the Pseudorandom Function Assumption in (Secure) Distance-Bounding Protocols
 
conference paper

On the Pseudorandom Function Assumption in (Secure) Distance-Bounding Protocols

Boureanu, Ioana Cristina  
•
Mitrokotsa, Aikaterini  
•
Vaudenay, Serge  
Hevia, Alejandro
•
Neven, Gregory
2012
Progress in Cryptology – LATINCRYPT 2012
International Conference on Cryptology and Information Security in Latin America Latincrypt 2012

In this paper, we show that many formal and informal security results on distance-bounding (DB) protocols are incorrect/incomplete. We identify that this inadequacy stems from the fact that the pseudorandom function (PRF) assumption alone, invoked in many security claims, is insufficient. To this end, we identify two distinct shortcomings of invoking the PRF assumption alone: one leads to distance-fraud attacks, whilst the other opens for man-in-the-middle (MiM) attacks. First, we describe –in a more unitary, formal fashion– why assuming that a family of functions classically used inside DB protocols is solely a PRF is unsatisfactory and what generic security flaws this leads to. Then, we present concrete constructions that disprove the PRF-based claimed security of several DB protocols in the literature; this is achieved by using some PRF programming techniques. Whilst our examples may be considered contrived, the overall message is clear: the PRF assumption should be strengthened in order to attain security against distance-fraud and MiM attacks in distance-bounding protocols!

  • Files
  • Details
  • Metrics
Type
conference paper
DOI
10.1007/978-3-642-33481-8_6
Author(s)
Boureanu, Ioana Cristina  
Mitrokotsa, Aikaterini  
Vaudenay, Serge  
Editors
Hevia, Alejandro
•
Neven, Gregory
Date Issued

2012

Publisher

Springer

Published in
Progress in Cryptology – LATINCRYPT 2012
Series title/Series vol.

Lecture Notes in Computer Science; 7533

Start page

100

End page

120

Subjects

NCCR-MICS

•

NCCR-MICS/Secu

Editorial or Peer reviewed

REVIEWED

Written at

EPFL

EPFL units
LASEC  
Event nameEvent placeEvent date
International Conference on Cryptology and Information Security in Latin America Latincrypt 2012

Santiago, Chile

October 7-10, 2012

Available on Infoscience
July 24, 2012
Use this identifier to reference this record
https://infoscience.epfl.ch/handle/20.500.14299/84165
Logo EPFL, École polytechnique fédérale de Lausanne
  • Contact
  • infoscience@epfl.ch

  • Follow us on Facebook
  • Follow us on Instagram
  • Follow us on LinkedIn
  • Follow us on X
  • Follow us on Youtube
AccessibilityLegal noticePrivacy policyCookie settingsEnd User AgreementGet helpFeedback

Infoscience is a service managed and provided by the Library and IT Services of EPFL. © EPFL, tous droits réservés