Two-Hop Distance-Bounding Protocols: Keep Your Friends Close

Two-Hop Distance-Bounding Protocols: Keep Your Friends Close

Authentication in wireless communications often depends on the physical proximity to a location. Distance-bounding (DB) protocols are cross-layer authentication protocols that are based on the round-trip-time of challenge-response exchanges and can be employed to guarantee physical proximity and com...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on mobile computing Vol. 17; no. 7; pp. 1723 - 1736
Main Authors: Anjia Yang, Pagnin, Elena, Mitrokotsa, Aikaterini, Hancke, Gerhard P., Wong, Duncan S.
Format: Magazine Article
Language:English
Published: Los Alamitos IEEE 01-07-2018
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects:
Access control
Ad hoc networks
Analytical models
Authentication
Computer simulation
Cybersecurity
Distance-bounding
Proposals
Protocol (computers)
Protocols
Proximity
relay attacks
Ubiquitous computing
Wireless communication
Wireless communications
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Authentication in wireless communications often depends on the physical proximity to a location. Distance-bounding (DB) protocols are cross-layer authentication protocols that are based on the round-trip-time of challenge-response exchanges and can be employed to guarantee physical proximity and combat relay attacks. However, traditional DB protocols rely on the assumption that the prover (e.g., user) is in the communication range of the verifier (e.g., access point); something that might not be the case in multiple access control scenarios in ubiquitous computing environments as well as when we need to verify the proximity of our two-hop neighbour in an ad-hoc network. In this paper, we extend traditional DB protocols to a two-hop setting, i.e., when the prover is out of the communication range of the verifier and thus, they both need to rely on an untrusted in-between entity in order to verify proximity. We present a formal framework that captures the most representative classes of existing DB protocols and provide a general method to extend traditional DB protocols to the two-hop case (three participants). We analyze the security of two-hop DB protocols and identify connections with the security issues of the corresponding one-hop case. Finally, we demonstrate the correctness of our security analysis and the efficiency of our model by transforming five existing DB protocols to the two-hop setting and we evaluate their performance with simulated experiments.
ISSN:1536-1233
1558-0660
DOI:10.1109/TMC.2017.2771769