Li Lu,Muhammad Jawad Hussain,Zhigang Han

DOI: https://doi.org/10.1109/twc.2016.2532858

IF: 10.4

2016-01-01

IEEE Transactions on Wireless Communications

Abstract:We present a physical layer solution to RF distance bounding, which reduces the prover's processing delay virtually to zero by employing the concepts of frequency modulated continuous wave (FMCW) and secondary radars, and equipping it with the capability of cryptographic communication over unintelligent radar signals. To realize, we encode the verifier's challenges in waveform slope of signals while the prover communicates its cryptographic replies in shape of backscatter modulation. For resilience to multipath, the prover introduces analog frequency modulation using the principle of secondary radar. Our protocol is based on pre-commitment distance bounding scheme. Our paper primarily focuses on design intricacies of a realizable system while we briefly present the simulation results. We critically analyze the security of our protocol against attacksmost concerned in distance bounding and thoroughly investigate its robustness under noise and multipath environments. A shortcoming of our design is low range resolution at lower spectral bandwidths, which can be foretoken as system tolerance. We foresee our endeavor to present a viable zero-delay RF distance bounding scheme while minimizing the hardware, energy, and computational overhead for passive and semipassive tokens.

Xinyan Zhou,Xiaoyu Ji,Chen Yan,Jiangyi Deng,Wenyuan Xu

DOI: https://doi.org/10.1109/infocom.2019.8737572

2019-01-01

Abstract:With the increasing prevalence of mobile devices, face-to-face device-to-device (D2D) communication has been applied to a variety of daily scenarios such as mobile payment and short distance file transfer. In D2D communications, a critical security problem is verifying the legitimacy of devices when they share no secrets in advance. Previous research addressed the problem with device authentication and pairing schemes based on user intervention or exploiting physical properties of the radio or acoustic channels. However, a remaining challenge is to secure face-to-face D2D communication even in the middle of a crowd, within which an attacker may hide. In this paper, we present Nhuth, a nonlinearity-enhanced, location-sensitive authentication mechanism for such communication. Especially, we target at the secure authentication within a limited range such as 20 cm, which is the common case for face-to-face scenarios. Nhuth contains averification scheme based on the nonlinear distortion of speaker-microphone systems and a location-based-validation model. The verification scheme guarantees device authentication consistency by extracting acoustic nonlinearity patterns (ANP) while the validation model ensures device legitimacy by measuring the time difference of arrival (TDOA) at two microphones. We analyze the security of Nhuth theoretically and evaluate its performance experimentally. Results show that Nhuth can verify the device legitimacy in the presence of nearby attackers.

Fan Yang,Fengli Zhang,Jiahao Wang,Zhiguang Qin,Xiaolu Yuan

DOI: https://doi.org/10.1002/cpe.3500

2015-01-01

Abstract:Both distance fraud attacks and relay attacks threaten radio-frequency identification (RFID) applications but are hard to prevent. Existing approaches can neither avoid tags to response the rouge reader's challenges nor have the simultaneous feature to defend the two kinds of attacks. In a first step, this paper presents an improved distance-bounding protocol that a tag deduces the distance to a reader and reports if the reader is honest or malicious through the output of trust values that can defend distance fraud. When multiple readers are synchronized and scheduled, we just logically threat them as one. So our solutions fix a flaw in prior work that may be leveraged by attackers to increase the successful rate of discovering relay attack. Secondly, we deploy trusted third party architecture to provide anonymity for tags in anonymous RFID systems without requiring tag identifiers. Existing distance-based attack detection methods are not applicable in anonymous RFID systems because of the requirement of awareness of tag identifiers. This insight inspires Distance-Bounding Trust Protocol (DBTP), which is for both distance fraud and relay attacks detection in anonymous RFID systems. DBTP can make correct decisions through trust values in accepting or rejecting a reader's challenge by establishing collaborations and trust relationship between one reader (verifier) and active tags (provers). We evaluate the performance of DBTP through theoretical analysis and extensive simulations. The results show that DBTP can detect both distance fraud and relay attacks, and it is effective to guarantee security for anonymous RFID systems. Copyright (c) 2015 John Wiley & Sons, Ltd.

Pedro Peris-Lopez,Julio C. Hernandez-Castro,Christos Dimitrakakis,Aikaterini Mitrokotsa,Juan M. E. Tapiador

DOI: https://doi.org/10.48550/arXiv.0906.4618

2009-06-25

Cryptography and Security

Abstract:The vast majority of RFID authentication protocols assume the proximity between readers and tags due to the limited range of the radio channel. However, in real scenarios an intruder can be located between the prover (tag) and the verifier (reader) and trick this last one into thinking that the prover is in close proximity. This attack is generally known as a relay attack in which scope distance fraud, mafia fraud and terrorist attacks are included. Distance bounding protocols represent a promising countermeasure to hinder relay attacks. Several protocols have been proposed during the last years but vulnerabilities of major or minor relevance have been identified in most of them. In 2008, Kim et al. [1] proposed a new distance bounding protocol with the objective of being the best in terms of security, privacy, tag computational overhead and fault tolerance. In this paper, we analyze this protocol and we present a passive full disclosure attack, which allows an adversary to discover the long-term secret key of the tag. The presented attack is very relevant, since no security objectives are met in Kim et al.'s protocol. Then, design guidelines are introduced with the aim of facilitating protocol designers the stimulating task of designing secure and efficient schemes against relay attacks. Finally a new protocol, named Hitomi and inspired by [1], is designed conforming the guidelines proposed previously.

Xiaoyu Ji,Xinyan Zhou,Chen Yan,Jiangyi Deng,Wenyuan Xu

DOI: https://doi.org/10.1109/tmc.2020.3025023

IF: 6.075

2022-01-01

IEEE Transactions on Mobile Computing

Abstract:With the proliferation of mobile devices, face-to-face device-to-device (D2D) communication has been applied to a variety of daily scenarios such as mobile payment and short distance file transfer. In D2D communications, a critical security problem is to verify the device legitimacy when they share no secrets in advance. Previous research proposed device authentication schemes based on pre-built database or exploiting physical properties. However, a remaining challenge is to secure face-to-face D2D communication even in the middle of a crowd, within which an attacker may hide. In this paper, we present NAuth, a nonlinearity-enhanced, location-sensitive authentication mechanism. Especially, we target at the secure authentication within a limited range such as 20 cm, which is typical for face-to-face scenarios. NAuth designs a verification scheme based on the nonlinear distortion of speaker-microphone systems and a location-based validation model. The verification scheme guarantees device authentication consistency by extracting acoustic nonlinearity patterns (ANP) while the validation model ensures device legitimacy by measuring the time difference of arrival (TDOA) at two microphones. We analyze the feasibility and security of NAuth theoretically and evaluate its performance experimentally. Results demonstrate that NAuth can verify the device legitimacy in the presence of nearby attackers.

Jianqing Fu,Chunming Wu,XiaoPing Chen,Rong Fan

DOI: https://doi.org/10.1109/iccet.2010.5485559

2010-01-01

Abstract:Nowadays, the use of Radio Frequency Identification (RFID) systems in industry and stores has increased. Nevertheless, some of these systems present problems that may discourage potential users. Hence, high confidence and efficient privacy protocols are urgently needed. Previous studies to achieve privacy authentication can be grouped into tree-based and synchronization approaches. But all of the tree-based designs are not suitable to large scale RFID systems, and most of the synchronization designs have security flaws. So in this paper, we propose a scalable pseudo random RFID private mutual authentication protocol (SPRA) to archive both scalable and security. The analysis results show that SPRA effectively enhances the security protection for RFID private authentication, and has the authentication efficiency of O(1).

Aanjhan Ranganathan,Boris Danev,Srdjan Capkun

DOI: https://doi.org/10.48550/arXiv.1404.4435

2014-04-17

Cryptography and Security

Abstract:A distance bounding system guarantees an upper bound on the physical distance between a verifier and a prover. However, in contrast to a conventional wireless communication system, distance bounding systems introduce tight requirements on the processing delay at the prover and require high distance measurement precision making their practical realization challenging. Prior proposals of distance bounding systems focused primarily on building provers with minimal processing delays but did not consider the power limitations of provers and verifiers. However, in a wide range of applications (e.g., physical access control), provers are expected to be fully or semi-passive introducing additional constraints on the design and implementation of distance bounding systems. In this work, we propose a new physical layer scheme for distance bounding and leverage this scheme to implement a distance bounding system with a low-power prover. Our physical layer combines frequency modulated continuous wave (FMCW) and backscatter communication. The use of backscatter communication enables low power consumption at the prover which is critical for a number of distance bounding applications. By using the FMCW-based physical layer, we further decouple the physical distance estimation from the processing delay at the prover, thereby enabling the realization of the majority of distance bounding protocols developed in prior art. We evaluate our system under various attack scenarios and show that it offers strong security guarantees against distance, mafia and terrorist frauds. Additionally, we validate the communication and distance measurement characteristics of our system through simulations and experiments and show that it is well suited for short-range physical access control and payment applications.

Kai Bu,Junze Bao,Minyu Weng,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1016/j.adhoc.2015.06.006

IF: 4.816

2016-01-01

Ad Hoc Networks

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring applications. Along with this trend, a corresponding important problem is to verify the intactness of a set of objects using that of their attached tags. Existing solutions necessitate the knowledge of tag identifiers (IDs), sharing the intuition that verifying whether any tag is absent comes after knowing which tags are supposed to be present. Such solutions, however, can hardly live up to the recent vision of anonymous RFID systems that isolate tag IDs from protocols design for privacy concern. In this paper, we take the first leap toward verifying intactness of anonymous RFID systems. We first identify three critical solution requirements—deterministic verification, anonymity preservation, and scalability—for applications tolerating no absence. Without tag IDs as a priori, we propose a series of crypto-free, lightweight protocols that satisfy the requirements. The proposed protocols explore tag-cardinality difference or leverage Direct-Sequence Spread Spectrum enabled RFID. We validate their performance in terms of accuracy, privacy, and scalability through both analytical and simulation results. To cater for applications that tolerate losing some tagged objects, we further explore probabilistic intactness verification to trade tiny accuracy for boosted efficiency.

Wei Xin,Cong Tang,Hu Xiong,Yonggang Wang,Huiping Sun,Zhi Guan,Zhong Chen

DOI: https://doi.org/10.3233/978-1-60750-722-2-129

2011-01-01

Abstract:Radio Frequency Identification (RFID) systems suffer from different security and privacy problems, among which relay attacks are a hot topic recently. A relay attack is a form of man-in-the-middle (MITM) attack where the adversary manipulates the communication by only relaying the verbatim messages between two parties. The main countermeasure against relay attacks is the use of distance bounding protocols measuring the round-trip time between the reader and the tag, more precisely, it uses bit exchanges for a series of rapid challenge-response rounds in RFID systems. In 2005, Hancke and Kuhn first introduced distance bounding protocol into RFID systems, after that, many schemes have been proposed based on this protocol. However, most schemes tend to a more complex design to decrease adversary's success probability. In this paper, we propose a novel distance bounding protocol named MEED, using only 2n bits of memory, which, to our best knowledge, is equal to Hancke and Kuhn's protocol and less than any existing protocols. In addition, by using our protocol, the tag is able to detect adversary's malicious queries. We also make a comparison with typical previous distance bounding protocols in both memory and mafia fraud success probability.

Hadi Ahmadi,Reihaneh Safavi-Naini

DOI: https://doi.org/10.48550/arXiv.1303.0346

2013-03-02

Abstract:We consider the problem of distance bounding verification (DBV), where a proving party claims a distance and a verifying party ensures that the prover is within the claimed distance. Current approaches to "secure" distance estimation use signal's time of flight, which requires the verifier to have an accurate clock. We study secure DBV using physical channel properties as an alternative to time measurement. We consider a signal propagation environment that attenuates signal as a function of distance, and then corrupts it by an additive noise. We consider three attacking scenarios against DBV, namely distance fraud (DFA), mafia fraud (MFA) and terrorist fraud (TFA) attacks. We show it is possible to construct efficient DBV protocols with DFA and MFA security, even against an unbounded adversary; on the other hand, it is impossible to design TFA-secure protocols without time measurement, even with a computationally-bounded adversary. We however provide a TFA-secure construction under the condition that the adversary's communication capability is limited to the bounded retrieval model (BRM). We use numerical analysis to examine the communication complexity of the introduced DBV protocols. We discuss our results and give directions for future research.

Cryptography and Security,Information Theory

Wei Xin,Tao Yang,Cong Tang,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1109/IMCCC.2011.115

2011-01-01

Abstract:This Radio Frequency Identification (RFID) systems suffer from different security and privacy problems, among which relay attack is a hot topic recently. A relay attack is a type of attack related to man-in-the-middle and replay attacks, in which an attacker relays verbatim a message from the sender to a valid receiver of the message. The sender may not be aware of even sending the message to the attacker. The main countermeasure against relay attack is the use of distance bounding protocols measuring the round-trip time between the reader and the tag. In this paper, we consider a modification of these protocols using `error state' which stands for the number of response bit errors that have already occurred. We set a maximal error number to prevent adversary from malicious queries, we also apply a punishment mechanism for error responding, which to my best knowledge is proposed at the first time in distance bounding protocols, if the tag sends one error bit, it should respond one more challenge bit to successfully finish the protocol. By using error state and punishment mechanism, the success probability for an adversary to access to the system decreases. Finally, we use the Hancke and Kuhn's protocol as a comparison, to show the improvements achieved when different cases are analyzed.

Weiye Xu,Jianwei Liu,Shimin Zhang,Yuanqing Zheng,Feng Lin,Fu Xiao,Jinsong Han

DOI: https://doi.org/10.1109/infocom42981.2021.9488737

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:Current facial authentication (FA) systems are mostly based on the images of human faces, thus suffering from privacy leakage and spoofing attacks. Mainstream systems utilize facial geometry features for spoofing mitigation. which are still easy to deceive with the feature manipulation, e.g., 3D-printed human faces. In this paper, we propose a novel privacy-preserving anti-spoofing FA system, named RFace, which extracts both the 3D geometry and inner biomaterial features of faces using a COTS RFID tag array. These features are difficult to obtain and forge, hence are resistant to spoofing attacks. RFace only requires users to pose their faces in front of a tag array for a few seconds, without leaking their visual facial information. We build a theoretical model to rigorously prove the feasibility of feature acquisition and the correlation between the facial features and RF signals. For practicality, we design an effective algorithm to mitigate the impact of unstable distance and angle deflection from the face to the array. Extensive experiments with 30 participants and three types of spoofing attacks show that RFace achieves an average authentication success rate of over 95.7% and an EER of 4.4%. More importantly, no spoofing attack succeeds in deceiving RFace in the experiments.

Kai Bu,Jia Liu,Bin Xiao,Xuan Liu,Shigeng Zhang

DOI: https://doi.org/10.1109/PADSW.2014.7097801

2014-01-01

Abstract:Radio-Frequency Identification (RFID) technology has fostered many object monitoring systems. Along with this trend, tagged objects' value and privacy become a primary concern. A corresponding important problem is to verify the intactness of a set of tagged objects without leaking tag identifiers (IDs). However, existing solutions necessitate the knowledge of tag IDs. Without tag IDs as a priori, this paper studies intactness verification in anonymous RFID systems. We identify three critical solution requirements, that is, deterministic verification, anonymity preservation, and scalability. We propose Cardiff and Divar, two crypto-free, lightweight protocols that isolate tag IDs from intactness verification and satisfy solution requirements. Cardiff explores tag cardinality as intactness proof while Divar leverages Direct-Sequence Spread Spectrum (DSSS) enabled RFID. Both analytical and simulation results demonstrate that Cardiff and Divar can satisfy the requirements of accuracy, privacy, and scalability.

Alexandre Debant,Stéphanie Delaune,Cyrille Wiedling

DOI: https://doi.org/10.1145/3501402

IF: 2.717

2022-07-01

ACM Transactions on Privacy and Security

Abstract:The continuous adoption of Near Field Communication (NFC) tags offers many new applications whose security is essential (e.g., contactless payments). In order to prevent flaws and attacks, we develop in this article a framework allowing us to analyse the underlying security protocols, taking into account the location of the agents and the transmission delay when exchanging messages. We propose two reduction results to render automatic verification possible relying on the existing verification tool

computer science, information systems

Ben Niu,Xiaoyan Zhu,Hui Li

DOI: https://doi.org/10.1109/WCNC.2013.6554848

2013-01-01

Abstract:Existing work on RFID authentication problems always make assumptions that 1) hash function can be fully used in designing RFID protocols; 2) channels between readers and the server are always secure. However, the first assumption is not suitable for EPC Class-1 Gen-2 tags, which has been challenged in many research work, while the second one cannot be adopted in mobile RFID applications where the wireless channels between readers and the server are always insecure. In this paper, we propose a new ultralightweight authentication protocol for mobile RFID systems. We only use bitwise XOR, and special constructed pseudo-random number generators (RNGs) to achieve our aims in insecure mobile RFID environment. Security analysis shows that our protocol can provide several privacy properties and avoid suffering from kinds of attacks, including tag anonymity, tag location privacy, reader privacy, forward secrecy, and mutual authentication, replay attack, desynchronization attack etc. We implement our protocol and compare authentication delays with several existing work, the results indicate us that our protocol significantly improves the efficiency. © 2013 IEEE.

Yongchao Dang,Yin Chen,Huihui Wu,Yulong Shen,Xiaohong Jiang

DOI: https://doi.org/10.1109/nana.2017.38

2017-01-01

Abstract:Physical layer security is expected to address the security issue in wireless networks by taking advantage of the unique attributes of fading channels. In this paper, we propose a novel physical layer authentication scheme by measuring the locations of surrounding noise sources between communication participants. Typically, the transmitting power of surrounding noise is unknown, so a maximum likelihood (ML) method is adopted to estimate the locations of noise sources, based on the received signal strength (RSS) and angle of arrival (AoA). We analyze the security of the proposed scheme under both passive and active attacks, and show that the proposed scheme can work under highly dynamical scenarios.

Iakovos Gurulian,Carlton Shepherd,Konstantinos Markantonakis,Raja Naeem Akram,Keith Mayes

DOI: https://doi.org/10.48550/arXiv.1605.00425

2016-05-02

Cryptography and Security

Abstract:Over the past decade, smartphones have become the point of convergence for many applications and services. There is a growing trend in which traditional smart-card based services like banking, transport and access control are being provisioned through smartphones. Smartphones with Near Field Communication (NFC) capability can emulate a contactless smart card; popular examples of such services include Google Pay and Apple Pay. Similar to contactless smart cards, NFC-based smartphone transactions are susceptible to relay attacks. For contactless smart cards, distance-bounding protocols are proposed to counter such attacks; for NFC-based smartphone transactions, ambient sensors have been proposed as potential countermeasures. In this study, we have empirically evaluated the suitability of ambient sensors as a proximity detection mechanism for contactless transactions. To provide a comprehensive analysis, we also collected relay attack data to ascertain whether ambient sensors are able to thwart such attacks effectively. We initially evaluated 17 sensors before selecting 7 sensors for in-depth analysis based on their effectiveness as potential proximity detection mechanisms within the constraints of a contactless transaction scenario. Each sensor was used to record 1000 legitimate and relay (illegitimate) contactless transactions at four different physical locations. The analysis of these transactions provides an empirical foundation on which to determine whether ambient sensors provide a strong proximity detection mechanism for security-sensitive applications like banking, transport and high-security access control.

Yihang Song,Songfan Li,Chong Zhang,Li Lu

DOI: https://doi.org/10.1155/2021/6668498

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:Distance bounding protocols guarantee a credible distance upper bound between the devices which require the spatial distance as a security parameter to defend Mafia Fraud attacks. However, in RF systems, the realization of distance bounding protocol faces obstacles due to low spectrum efficiency, since the distance bound estimation consumes a significant amount of frequency band in existing schemes. This hinders RF distance bounding from being practically deployed, especially in commonly used ISM bands. In this work, we propose an alternative, spectrum-efficient scheme for RF distance bounding. We build the physical layer as well as a protocol design based on SFCW signal and SFCW ranging. Thus, comparing existing schemes that consume many frequency bands, our scheme frees many spectrum resources. We propose solutions to the unique challenges facing such an SFCW-based scheme design, namely, data communication over unintelligent SFCW signals, and secure synchronization in the SFCW-based challenge-response exchange. We evaluate our scheme via the security analysis and physical layer simulations. The results show (i) its resistance to attacks commonly concerned in distance bounding, (ii) the feasibility of the physical layer design such as accurate ranging and data communication function, and (iii) the communication noise tolerance and the ability of multipath signal discrimination.

Xiuqing Chen -,Tianjie Cao -,Qiao Yu -

DOI: https://doi.org/10.4156/aiss.vol5.issue5.68

2013-01-01

INTERNATIONAL JOURNAL ON Advances in Information Sciences and Service Sciences

Abstract:Radio Frequency Identification (RFID) is a technology designed to automatically identify a myriad of everyday objects and people. Due to widely spread of the RFID applications, some useful message can be attacked by adversaries. Thus, to eliminate the security problem, the security requirements for privacy-preserving RFID authentication protocols are evident. In this paper, we discuss unique manin-the-middle attacks on extending RFID authentication protocols. In particular, we show that the revised protocols which rely on the use of elliptic curve cryptography (ECC), grouping proof and RFID localization algorithms. Furthermore, we demonstrate that the proposed protocols can resist unique man-in-the-middle attacks and replay attacks.

Yongming Jin,Huiping Sun,Wei Xin,Song Luo,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-25243-3_6

2011-01-01

Abstract:The wide deployment of RFID systems has raised many concerns about the security and privacy. Many RFID authentication protocols are proposed for these low-cost RFID tags. However, most of existing RFID authentication protocols suffer from some feasible problems. In this paper, we first discuss the feasible problems that exist in some RFID authentication protocols. Then we propose a lightweight RFID mutual authentication protocol against these feasible problems. To the best of our knowledge, it is the first scalable RFID authentication protocol that based on the SQUASH scheme. The new protocol is lightweight and can provide the forward security. In every authentication session, the tag produces the random number and the response is fresh. It also prevents the asynchronization between the reader and the tag. Additionally, the new protocol is secure against such attacks as replay attack, denial of service attack, man-in-the-middle attack and so on. We also show that it requires less cost of computation and storage than other similar protocols.