On Modeling Terrorist Frauds

Quite recently, distance-bounding protocols received a lot of attention as they offer a good solution to thwart relay attacks. Their security models at still unstable, especially when considering terrorist fraud. This considers the case where a malicious prover would try to bypass the protocol by colluding with an adversary without leaking his credentials. Two formal models appeared recently: one due to Fischlin and Onete and another one by Boureanu, Mitrokotsa, and Vaudenay. Both were proposed with a provably secure distance-bounding protocols (FO and SKI, respectively) providing security against all state-of-the-art threat models. So far, these two protocols are the only such ones. In this paper we compare both notions and protocols. We identify some errors in the Fischlin-Onete results. We also show that the design of the FO protocol lowers security against mafia frauds while the SKI protocol makes non-standard PRF assumptions and has lower security due to not using post-authentication. None of these protocols provide reasonable parameters to be used in practice with a good security. The next open challenge consists in providing a protocol combining both approaches and good practical parameters. Finally, we provide a new security definition against terrorist frauds which naturally inspires from the soundness notion for proof-of-knowledge protocols.

Published in:
Provable Security, 8209, 1-20
Presented at:
7th International Conference on Provable Security (ProvSec), Melaka, Malaysia, October 23-25, 2013

 Record created 2013-10-28, last modified 2018-03-17

Download fulltext

Rate this document:

Rate this document:
(Not yet reviewed)