The Not-so-distant Future: Distance-Bounding Protocols on Smartphones

Sébastien Gambs 1 Carlos Eduardo Rosar Kos Lassance 2 Cristina Onete 3
1 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
IRISA-D1 - SYSTÈMES LARGE ÉCHELLE, Inria Rennes – Bretagne Atlantique , CentraleSupélec
3 EMSEC - EMbedded SEcurity and Cryptography
IRISA-D1 - SYSTÈMES LARGE ÉCHELLE
Abstract : In authentication protocols, a relay attack allows an adversary to impersonate a legitimate prover, possibly located far away from a veri fier, by simply forwarding messages between these two entities. The e ffectiveness of such attacks has been demonstrated in practice in many environments, such as ISO 14443-compliant smartcards and carlocking mechanisms. Distance-bounding (DB) protocols, which enable the verifi er to check his proximity to the prover, are a promising countermeasure against relay attacks. In such protocols, the veri fier measures the time elapsed between sending a challenge and receiving the associated response of the prover to estimate their proximity. So far, distance bounding has remained mainly a theoretical concept. Indeed in practice, only three ISO 14443-compliant implementations exist: two proprietary smartcard ones and one on highly-customized hardware. In this paper, we demonstrate a proof-of-concept implementation of the Swiss-Knife DB protocol on smartphones running in RFID-emulation mode. To our best knowledge, this is the fi rst time that such an implementation has been performed. Our experimental results are encouraging as they show that relay attacks introducing more than 1:5 ms are directly detectable (in general off -the-shelf relay attacks introduce at least 10 ms of delay). We also leverage on the full power of the ISO-DEP speci cation to implement the same protocol with 8-bit challenges and responses, thus reaching a better security level per execution without increasing the possibility of relay attacks. The analysis of our results leads to new promising research directions in the area of distance bounding.
Type de document :
Communication dans un congrès
14th Smart Card Research and Advanced Application Conference, Nov 2015, Bochum, Germany
Liste complète des métadonnées

https://hal.inria.fr/hal-01244606
Contributeur : Sébastien Gambs <>
Soumis le : mercredi 16 décembre 2015 - 08:26:06
Dernière modification le : vendredi 16 novembre 2018 - 01:39:36

Identifiants

  • HAL Id : hal-01244606, version 1

Citation

Sébastien Gambs, Carlos Eduardo Rosar Kos Lassance, Cristina Onete. The Not-so-distant Future: Distance-Bounding Protocols on Smartphones. 14th Smart Card Research and Advanced Application Conference, Nov 2015, Bochum, Germany. 〈hal-01244606〉

Partager

Métriques

Consultations de la notice

3897