Reference : Post-collusion security and distance bounding |
Scientific congresses, symposiums and conference proceedings : Paper published in a book | |||
Engineering, computing & technology : Computer science | |||
Security, Reliability and Trust | |||
http://hdl.handle.net/10993/41607 | |||
Post-collusion security and distance bounding | |
English | |
Mauw, Sjouke ![]() | |
Smith, Zachary Daniel ![]() | |
Trujillo Rasua, Rolando ![]() | |
Toro Pozo, Jorge Luis ![]() | |
11-Nov-2019 | |
Post-collusion security and distance bounding | |
Yes | |
26th ACM Conference on Computer and Communications Security | |
from 11-11-2019 to 15-11-2019 | |
London | |
United Kingdom | |
[en] formal security ; logic and verification ; mobile and wireless security | |
[en] Verification of cryptographic protocols is traditionally built upon the assumption that participants have not revealed their long-term keys. However, in some cases, participants might collude to defeat some security goals, without revealing their long-term secrets.
We develop a model based on multiset rewriting to reason about collusion in security protocols. We introduce the notion of postcollusion security, which verifies security properties claimed in sessions initiated after collusion occurred. We use post-collusion security to analyse terrorist fraud on protocols for securing physical proximity, known as distance-bounding protocols. In a terrorist fraud attack, agents collude to falsely prove proximity, whilst no further false proximity proof can be issued without further collusion. Our definitions and the Tamarin prover are used to develop a modular framework for verification of distance-bounding protocols that accounts for all types of attack from literature. We perform a survey of over 25 protocols, which include industrial protocols such as Mastercard’s contactless payment PayPass and NXP’s MIFARE Plus with proximity check. For the industrial protocols we confirm attacks, propose fixes, and deliver computer-verifiable security proofs of the repaired versions | |
Researchers ; Professionals | |
http://hdl.handle.net/10993/41607 | |
FnR ; FNR10188265 > Jorge Luis Toro Pozo > > Symbolic verification of distance-bounding and multipartyauthentication protocols > 01/06/2015 > 31/05/2019 > 2015 |
File(s) associated to this reference | ||||||||||||||
Fulltext file(s):
| ||||||||||||||
All documents in ORBilu are protected by a user license.