Reference : Post-collusion security and distance bounding
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/41607
Post-collusion security and distance bounding
English
Mauw, Sjouke mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Smith, Zachary Daniel mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Trujillo Rasua, Rolando mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > > ; Deakin University > School of Info Technology > Lecturer]
Toro Pozo, Jorge Luis mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) > ; ETH Zurich > Institute of Information Security > ISG]
11-Nov-2019
Post-collusion security and distance bounding
Yes
26th ACM Conference on Computer and Communications Security
from 11-11-2019 to 15-11-2019
London
United Kingdom
[en] formal security ; logic and verification ; mobile and wireless security
[en] Verification of cryptographic protocols is traditionally built upon the assumption that participants have not revealed their long-term keys. However, in some cases, participants might collude to defeat some security goals, without revealing their long-term secrets.
We develop a model based on multiset rewriting to reason about collusion in security protocols. We introduce the notion of postcollusion security, which verifies security properties claimed in sessions initiated after collusion occurred. We use post-collusion security to analyse terrorist fraud on protocols for securing physical proximity, known as distance-bounding protocols. In a terrorist fraud attack, agents collude to falsely prove proximity, whilst no further false proximity proof can be issued without further collusion. Our definitions and the Tamarin prover are used to develop a
modular framework for verification of distance-bounding protocols that accounts for all types of attack from literature. We perform a survey of over 25 protocols, which include industrial protocols such as Mastercard’s contactless payment PayPass and NXP’s MIFARE Plus with proximity check. For the industrial protocols we confirm attacks, propose fixes, and deliver computer-verifiable security proofs of the repaired versions
Researchers ; Professionals
http://hdl.handle.net/10993/41607
FnR ; FNR10188265 > Jorge Luis Toro Pozo > > Symbolic verification of distance-bounding and multipartyauthentication protocols > 01/06/2015 > 31/05/2019 > 2015

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Limited access
CCS19.pdfAuthor postprint943.46 kBRequest a copy

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.