[PDF] Top 20 Provably Secure Distance-Bounding: an Analysis of Prominent Protocols

... well-known distance-bounding protocols, ...most protocols aiming to thwart terrorist fraud attacks, may make protocols vulnerable to so-called key-learning mafia fraud attacks, where ... See full document

... DB protocols, such as [3, 7, 8, 28, 17, 2, 16], PoPoK [28] proposed a formal security model that uses a cryptographic PoK system and considers distance bound as an additional property of the ... See full document

... Abstract. Distance (upper)-bounding (DUB) allows a verifier to know whether a proving party is located within a certain distance ...DUB protocols have many applications in secure ... See full document

... Wide-Area Secure Positioning System providing different security and privacy ...associated protocols which allow devices to prove their locations to third parties in a privacy-preserving ...Our ... See full document

... mafia, distance, and impersonation se- curity in the sense of ...not provably preserve terrorist fraud ...many distance-bounding protocols do not address this attack [2,17,21,1]; also, ... See full document

... (DB) protocols are meant to counteract man- in-the-middle relay attacks in authentication ...authentication protocols, that allow the verifier, by measuring the time-of-flight of the messages exchanged, to ... See full document

... To the best of our knowledge, three existing distance bounding protocols [9], [18], [19] addressed the Terrorist Fraud attack. The schemes proposed in [18], [19] are based on pre-established shared ... See full document

... DB protocols. None of the existing anonymous DB protocols provide security against these attacks, and as shown later, there are concrete attacks against all existing ...is secure against a ... See full document

... Enhanced Interior Gateway Routing Protocol, in short EIGRP is the upgraded version of IGRP. EIGRP just has an improved architecture than IGRP but most of the features remain same [16]. As like, fundamental or basic ... See full document

... on secure hardware is too strong for the real world ...the secure hardware is implemented using a tamper-resistant hardware, it is always possible that a side-channel attack will break our ... See full document

... applications. Distance bounding protocol will prevent attacks by computing the distance between the prover and the ...the distance between two nodes for secure authentication. The ... See full document

... previous protocols assume that there is no noise to harm the protocol ex- ...the distance bounding phase is subject to high ...the distance estimate, due to the speed of ... See full document

... In the rest of the paper, it is organized as follows. In the next section, we review some preliminaries required in this paper. We describe the definition and security model of CBPS in Section III. In Section IV, we ... See full document

... For the first time, this paper uses a random oracle model to prove that the Ko cryptosystem[1] is IND-CPA security and gives a non-hash public key cryptosys- tem on braid group, which is very similar to the ElGamal ... See full document

... These protocols attempt to maintain shortest path routes by using periodically updated views of the network ...Proactive protocols have the advantage of providing lower latency in data delivery and the ... See full document

... In general, the “plug-in” estimator is not memory-efficient on small mobile or embedded devices [LRSV12]. The authors of the referenced work proposed to construct an estimator for Shannon entropy instead of min-entropy, ... See full document

... We give some of the parameters for which our scheme will be practical and remain secure. The security proof explains the dependence of the scheme on the SD problem for security. The best- known attack for the ... See full document

... This transformation, as many other common compilation passes, relies on the availability of a flow-sensitive analysis result: some information must be attached to every program point. As usual, since our language ... See full document

... a model of a PUF (cf. Equation 4b in [4] and the system of linear equations in Sect. VI.A and Sect. VI.B in [8]) cannot be formulated as required, due to the presence of the attribute noise. Existence of the attribute ... See full document

... system secure. The session keys help to make the communication secure because it would vary with every execution round (session) of protocol in order to make the adversaries unable to know the messages ... See full document