Deakin University
Browse

File(s) under permanent embargo

Post-collusion security and distance bounding

Version 2 2024-06-04, 14:38
Version 1 2020-01-02, 13:05
conference contribution
posted on 2024-06-04, 14:38 authored by S Mauw, J Toro-Pozo, Z Smith, R Trujillo Rasua
Verification of cryptographic protocols is traditionally built upon the assumption that participants have not revealed their long-term keys. However, in some cases, participants might collude to defeat some security goals, without revealing their long-term secrets. We develop a model based on multiset rewriting to reason about collusion in security protocols. We introduce the notion of post-collusion security, which verifies security properties claimed in sessions initiated after the collusion occurred. We use post-collusion security to analyse terrorist fraud on protocols for securing physical proximity, known as distance-bounding protocols. In a terrorist fraud attack, agents collude to falsely prove proximity, whilst no further false proximity proof can be issued without further collusion. Our definitions and the Tamarin prover are used to develop a modular framework for verification of distance-bounding protocols that accounts for all types of attack from literature. We perform a survey of over 25 protocols, which include industrial protocols such as Mastercard's contactless payment PayPass and NXP's MIFARE Plus with proximity check. For the industrial protocols we confirm attacks, propose fixes, and deliver computer-verifiable security proofs of the repaired versions.

History

Pagination

941-958

Location

London, Eng.

Start date

2019-11-11

End date

2019-11-15

ISSN

1543-7221

ISBN-13

9781450367479

Language

eng

Publication classification

E1 Full written paper - refereed

Editor/Contributor(s)

[Unknown]

Title of proceedings

CCS'19 : Proceedings of the ACM Conference on Computer and Communications Security

Event

ACM Special Interest Group on Security, Audit and Control. Conference (2019 : London, Eng.)

Publisher

Association for Computing Machinery

Place of publication

New York, N.Y.

Series

ACM Special Interest Group on Security, Audit and Control Conference

Usage metrics

    Research Publications

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC