Practical & Provably Secure Distance-Bounding
Journal article, 2015

From contactless payments to remote car unlocking, many applications are vulnerable to relay attacks. Distance bounding protocols are the main practical countermeasure against these attacks. In this paper, we present a formal analysis of SKI, which recently emerged as the first family of lightweight and provably secure distance bounding protocols. More precisely, we explicate a general formalism for distance-bounding protocols, which lead to this practical and provably secure class of protocols (and it could lead to others). We prove that SKI and its variants are provably secure, even under the real-life setting of noisy communications, against the main types of relay attacks: distance-fraud and generalised versions of mafia- and terrorist-fraud. To attain resistance to terrorist-fraud, we reinforce the idea of using secret sharing, combined with the new notion of a leakage scheme. In view of resistance to generalised mafia-frauds (and terrorist-frauds), we present the notion of circular-keying for pseudorandom functions (PRFs); this notion models the employment of a PRF, with possible linear reuse of the key. We also identify the need of PRF masking to fix common mistakes in existing security proofs/claims. Finally, we enhance our design to guarantee resistance to terrorist-fraud in the presence of noise.



relay attacks


Ioana Boureanu

Akamai Technology Limited

Aikaterini Mitrokotsa

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

Serge Vaudenay

Swiss Federal Institute of Technology in Lausanne (EPFL)

Journal of Computer Security

0926-227X (ISSN)

Vol. 23 2 229-257

Areas of Advance

Information and Communication Technology

Subject Categories

Computer Science



More information

Latest update

5/3/2018 1