Security of distance-bounding: A survey

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI linkDistance-bounding protocols allow a verifier to both authenticate a prover and evaluate whether the latter is located in his vicinity. These protocols are of particular interest in contactless systems, e.g., electronic payment or access control systems, which are vulnerable to distance-based frauds. This survey analyzes and compares in a unified manner many existing distance-bounding protocols with respect to several key security and complexity features

On selecting the nonce length in distance bounding protocols

Distance-bounding protocols form a family of challenge–response authentication protocols that have been introduced to thwart relay attacks. They enable a verifier to authenticate and to establish an upper bound on the physical distance to an untrusted prover.We provide a detailed security analysis of a family of such protocols. More precisely, we show that the secret key shared between the verifier and the prover can be leaked after a number of nonce repetitions. The leakage probability, while exponentially decreasing with the nonce length, is only weakly dependent on the key length. Our main contribution is a high probability bound on the number of sessions required for the attacker to discover the secret, and an experimental analysis of the attack under noisy conditions. Both of these show that the attack’s success probability mainly depends on the length of the used nonces rather than the length of the shared secret key. The theoretical bound could be used by practitioners to appropriately select their security parameters. While longer nonces can guard against this type of attack, we provide a possible countermeasure which successfully combats these attacks even when short nonces are use

On Selecting the Nonce Length in Distance-Bounding Protocols

Distance-bounding protocols form a family of challenge-response authentication protocols that have been introduced to thwart relay attacks. They enable a verifier to authenticate and to establish an upper bound on the physical distance to an untrusted prover. We provide a detailed security analysis of a family of such protocols. More precisely, we show that the secret key shared between the verifier and the prover can be leaked after a number of nonce repetitions. The leakage probability, while exponentially decreasing with the nonce length, is only weakly dependent on the key length. Our main contribution is a high probability bound on the number of sessions required for the attacker to discover the secret, and an experimental analysis of the attack under noisy conditions. Both of these show that the attack's success probability mainly depends on the length of the used nonces rather than the length of the shared secret key. The theoretical bound could be used by practitioners to appropriately select their security parameters. While longer nonces can guard against this type of attack, we provide a possible countermeasure which successfully combats these attacks even when short nonces are use

Understanding digital intelligence and the norms that might govern it

Abstract: This paper describes the nature of digital intelligence and provides context for the material published as a result of the actions of National Security Agency contractor Edward Snowden. It looks at the dynamic interaction between demands from government and law enforcement for digital intelligence, and at the new possibilities that digital technology has opened up for meeting such demands. The adequacy of previous regimes of legal powers and governance arrangements is seriously challenged just at a time when the objective need for intelligence on the serious threats facing civil society is apparent. This paper suggests areas where it might be possible to derive international norms, regarded as promoting standards of accepted behaviour that might gain widespread, if not universal, international acceptance, for the safe practice of digital intelligence

Terrorism and the Internet: new media - new threat?

The Internet is a powerful political instrument, which is increasingly employed by terrorists to forward their goals. The five most prominent contemporary terrorist uses of the Net are information provision, financing, networking, recruitment, and information gathering. This article describes and explains each of these uses and follows up with examples. The final section of the paper describes the responses of government, law enforcement, intelligence agencies, and others to the terrorism-Internet nexus. There is a particular emphasis within the text on the UK experience, although examples from other jurisdictions are also employed

Trial By Jury Involving Persons Accused of Terrorism or Supporting Terrorism

This chapter explores issues in jury trials involving persons accused of committing acts of international terrorism or financially or otherwise supporting those who do or may commit such acts. The jury is a unique institution that draws upon laypersons to decide whether a person charged with a crime is guilty or innocent. Although the jury is instructed and guided by a trial judge and procedural rules shape what the jury is allowed to hear, ultimately the laypersons deliberate alone and render their verdict. A basic principle of the jury system is that at the start of trial the jurors should have open minds and regard the accused innocent until proven guilty. The chapter raises issues about jurors\u27 assumptions of innocence in the aftermath of terrorist bombings in the United States, England, Bali, Spain and elsewhere when persons are persons accused of committing acts of terrorism or indirectly supporting terrorists through financing organizations associated with terrorism. A study of a United States trial involving charges of supporting terrorism is used to illustrate the problem, but the thesis of this chapter is that the basic issues apply to trials that might be held in England, Australia, Canada or other countries with jury systems

Secure & Lightweight Distance-Bounding

Distance-bounding is a practical solution to be used in security-sensitive contexts, mainly to prevent relay attacks. The main challenge when designing such protocols is maintaining their inexpensive cryptographic nature, whilst being able to protect against as many, if not all, of the classical threats posed in their context. Moreover, in distance-bounding, some subtle security shortcomings related to the PRF (pseudorandom function) assumption and ingenious attack techniques based on observing verifiers' outputs have recently been put forward. Also, the recent terrorist-fraud by Hancke somehow recalls once more the need to account for noisy communications in the security analysis of distance-bounding. In this paper, we attempt to incorporate the lessons taught by these new developments in our distance-bounding protocol design. The result is a new class of protocols, with increasing levels of security, accommodating the latest advances; at the same time, we preserve the lightweight nature of the design throughout the whole class

Privacy-preserving and secure location authentication

With the advent of Location-Based-Systems, positioning systems must face new security requirements: how to guarantee the authenticity of the geographical positon announced by a user before granting him access to location-restricted! resources. In this thesis, we are interested in the study of ! security ! protocols that can ensure autheniticity of the position announced by a user without the prior availability of any form of trusted architecture. A first result of our study is the proposal for a distance-bounding protocol based on asymmetric cryptography which allows a node knowing a public key to authenticate the holder of the associated private key, while establishing confidence in the distance between them. The distance measurement procedure is sufficently secure to resist to well-known attacks such as relay attacks, distance-, mafia- and terrorist-attacks. We then use such distance-bounding protocol to define an architecture for gathering privacy friendly location proofs. We define a location proof as a digital certificate attesting of presence of an individual at a location at a given time. The privacy properties we garanty through the use of our system are: the anonymity of users, un-linkability of their actions within the system and a strong binding between each user ! and the localization proof it is associated. on last property of our system is the possibility to use the same location proof to demonstrate different granularity of the associated position

Trial By Jury Involving Persons Accused of Terrorism or Supporting Terrorism

This chapter explores issues in jury trials involving persons accused of committing acts of international terrorism or financially or otherwise supporting those who do or may commit such acts. The jury is a unique institution that draws upon laypersons to decide whether a person charged with a crime is guilty or innocent. Although the jury is instructed and guided by a trial judge and procedural rules shape what the jury is allowed to hear, ultimately the laypersons deliberate alone and render their verdict. A basic principle of the jury system is that at the start of trial the jurors should have open minds and regard the accused innocent until proven guilty. The chapter raises issues about jurors\u27 assumptions of innocence in the aftermath of terrorist bombings in the United States, England, Bali, Spain and elsewhere when persons are persons accused of committing acts of terrorism or indirectly supporting terrorists through financing organizations associated with terrorism. A study of a United States trial involving charges of supporting terrorism is used to illustrate the problem, but the thesis of this chapter is that the basic issues apply to trials that might be held in England, Australia, Canada or other countries with jury systems