Study and Design of a Security Architecture for Wireless Personal Area Networks

KATHOLIEKE UNIVERSITEIT LEUVEN

FACULTEIT INGENIEURSWETENSCHAPPEN

DEPARTEMENT ELEKTROTECHNIEK–ESAT

Kasteelpark Arenberg 10, 3001 Leuven-Heverlee

Study and Design of a Security Architecture for Wireless

Personal Area Networks

Promotor:

Prof. Dr. Ir. Bart Preneel

Proefschrift voorgedragen tot

het behalen van het doctoraat

in de ingenieurswetenschappen

door

Dave SINGELEE

December 2008

KATHOLIEKE UNIVERSITEIT LEUVEN

FACULTEIT INGENIEURSWETENSCHAPPEN

DEPARTEMENT ELEKTROTECHNIEK–ESAT

Kasteelpark Arenberg 10, 3001 Leuven-Heverlee

Study and Design of a Security Architecture for Wireless


Examencommissie:

Prof. Georges Van der Perre, voorzitter

Prof. Bart Preneel, promotor

Prof. Chris Mitchell (RHUL)

Prof. Frank Piessens

Prof. Joos Vandewalle

Prof. Ingrid Verbauwhede

Prof. Patrick Wambacq

Proefschrift voorgedragen tot

het behalen van het doctoraat

in de ingenieurswetenschappen

door

Dave SINGELEE

U.D.C. 681.3*D46 December 2008

c© Katholieke Universiteit Leuven – Faculteit IngenieurswetenschappenArenbergkasteel, B-3001 Heverlee (Belgium)

Alle rechten voorbehouden. Niets uit deze uitgave mag vermenigvuldigd en/ofopenbaar gemaakt worden door middel van druk, fotocopie, microfilm, elektron-isch of op welke andere wijze ook zonder voorafgaande schriftelijke toestemmingvan de uitgever.

All rights reserved. No part of the publication may be reproduced in any formby print, photoprint, microfilm or any other means without written permissionfrom the publisher.

D/2008/7515/125

ISBN 978-94-6018-017-0

Acknowledgements

It is a pleasure for me to thank all the people who have helped me to realize thisPh.D. thesis.

First, I want to thank Prof. Bart Preneel for giving me the opportunity tostart a Ph.D. at COSIC and for being the promotor of my thesis. I stronglyappreciate his support, guidance and advice during the years of my Ph.D. Bartis also especially thanked for carefully reading earlier drafts of this thesis andproviding helpful comments and suggestions to improve this doctoral thesis.

I am very grateful to Prof. Chris Mitchell, Prof. Frank Piessens, Prof. JoosVandewalle, Prof. Ingrid Verbauwhede and Prof. Patrick Wambacq for agreeingto serve as jury members, and to Prof. Georges Van der Perre for chairing thejury.

A big thanks goes to all my past and current COSIC colleagues for theirfriendliness and help. In particular, I would like to thank my former COSICfellow Stefaan Seys for his friendship and our interesting joint work on wirelessnetwork security. Special thanks goes to Joris Claessens for being the supervisorof my master’s thesis and giving me helpful advice at the start of my Ph.D. Ithank, among others, Stefaan Seys, Robert Maier, Dries Schellekens, Zhiguo Wanand Joris Claessens for their collaboration during several research and industrialprojects. I would also like to thank my past and current colleagues Stefaan Seys,Robert Maier, Thomas Herlea, Wouter Castryck, Li Weng, Josep Balasch andRoel Peeters for the enjoyable time we spent in office 02.23.

Pela Noe deserves a big thank for her support, the help with my paperworkand all other practical matters. I also thank Pela for her enthusiasm, and formaking my time here in COSIC very enjoyable. I would like to thank ElviraWouters for her patience and for doing the necessary background paperwork.

I also want to acknowledge the K.U.Leuven, the Flemish institute IBBT andthe Institute for the Promotion of Innovation by Science and Technology in Flan-ders (IWT) for funding my research work.

A word of thanks goes to my good friends for their support and to move mythoughts away from work when needed.

Last but of course not least, I want to thank my parents and family for their

iii

support and encouragement. Very special thanks goes to my girlfriend Hellen forher love, motivation and enthusiasm, and with whom I hope to have a long andhappy future.

Dave SingeleeLeuven, December 2008

iv

Abstract

Communication between mobile devices allows them to work together and aug-ments their functionality. This idea resulted in the concept of a Wireless PersonalArea Network (WPAN). Supporting security and privacy are essential beforethese networks can become an everyday reality. Without the necessary coun-termeasures, wireless communications are easy to intercept and modify, and theactivities of users can be traced. Moreover, the specific properties of WPANspresent interesting challenges when designing security and privacy solutions inthis environment. In this doctoral thesis, we present several solutions for a num-ber of important security and privacy problems in WPANs.

The thesis starts with an overview of the most common techniques to con-struct an out-of-band channel, a building block used in pairing protocols, andthe essential part to securely bootstrap key establishment protocols in a WPAN.This doctoral thesis presents two efficient pairing protocols, and discusses theirmain (security) properties.

Distance bounding protocols enable a verifying party to determine an upperbound on the distance between itself and a prover, who claims to be within a cer-tain range. This thesis discusses the cryptographic and physical design principlesthat have to be taken into account to design a secure distance bounding protocol,and presents some interesting applications of distance bounding protocols.

As distance bounding protocols are conducted over noisy wireless ad hocchannels, they should be designed to cope well with substantial bit error ratesduring the rapid single bit exchanges. This thesis presents the noise resilientMAD protocol and compares its performance to the Hancke–Kuhn protocol forboth moderately low and relatively high bit error rates. The results of thisanalysis help to choose the appropriate design parameters.

Finally, the thesis deals with location privacy in WPANs. Several communica-tion scenarios for WPAN are presented and for each of these scenarios, practicaltechniques that make use of temporary pseudonyms are proposed. To analyzeand evaluate these solutions and other techniques that have been proposed inthe literature, this doctoral thesis presents a formal model of location privacy forWPAN.

v

vi

Samenvatting

Draadloze communicatie tussen mobiele toestellen maakt het mogelijk om dezeapparaten te laten samenwerken en hun functionaliteit te verhogen. Dit idee heeftgeresulteerd tot het concept van een draadloos Personal Area netwerk (WPAN ).Vooraleer dergelijke netwerken op grote schaal ingezet kunnen worden, zal menechter de nodige maatregelen moeten voorzien om de beveiliging en privacy vande gebruikers te kunnen garanderen. Zonder extra maatregelen is het immerseenvoudig om draadloze communicatie te onderscheppen en aan te passen, en omde activiteiten van gebruikers te traceren. Het ontwerp van dergelijke beveili-gingsmaatregelen wordt echter bemoeilijkt door de specifieke eigenschappen vandraadloze Personal Area netwerken. Dit resulteert ook in een boeiend en uitda-gend onderzoeksdomein. Deze doctoraatsthesis richt zich vooral op het oplossenvan een aantal belangrijke beveiligings- en privacy problemen in draadloze Per-sonal Area netwerken.

De thesis begint met een overzicht van de voornaamste technieken om eenextra veilig kanaal te creeren, een bouwblok die vooral gebruikt wordt in pairingprotocols. Het is een essentieel onderdeel om sleutelovereenkomst protocols in eenWPAN op een veilige manier te initializeren. Deze doctoraatsthesis stelt tweeefficiente pairing protocols voor, en bespreekt hun voornaamste (beveiligings)eigenschappen.

Afstandsgebonden protocols (distance bounding protocols) zorgen ervoor dateen entiteit een bovengrens kan bepalen op de afstand tussen zichzelf en eenandere entiteit, die beweert zich binnen een bepaald bereik te bevinden. Dezethesis bespreekt de cryptografische en fysische ontwerp principes die nodig zijnom een veilig distance bounding protocol te ontwerpen. Vervolgens worden enkeleinteressante toepassingen van dergelijke protocols besproken.

Aangezien distance bounding protocols over een ad hoc kanaal met ruis uit-gevoerd worden, moeten ze op een zodanige manier ontworpen worden dat zebestand zijn tegen bitfouten die plaatsvinden gedurende snelle bituitwisselingen.Deze thesis stelt het ruisbestendige MAD protocol voor, en vergelijkt zijn perfor-mantie met dit van het Hancke–Kuhn protocol, en dit zowel in het geval van eenrelatieve lage als dat van een relatief hoge bitfoutkans. De resultaten van deze

vii

analyse dragen bij tot de keuze van de optimale ontwerpparameters voor beideruisbestendige distance bounding protocols.

Tenslotte handelt deze thesis ook over locatie privacy in draadloze PersonalArea netwerken. Verschillende communicatie scenarios worden voorgesteld, envoor ieder van deze scenarios worden praktische oplossingen besproken die ge-bruik maken van tijdelijke pseudoniemen. Om deze en andere oplossingen diein de literatuur voorgesteld zijn te analyseren en te evalueren, wordt er in dezedoctoraatsthesis een formeel model voor locatie privacy opgesteld.

viii

Studie en Ontwerp van een

Beveiligingsarchitectuur

voor Draadloze Personal

Area Netwerken

Nederlandse samenvatting

Hoofdstuk 1: Inleiding

De miniaturisatie van computersystemen verloopt tegen een zeer hoog tempo.Deze systemen, ontstaan in het midden van de vorige eeuw, zijn geevolueerd vandure computers die een volledig lokaal opvullen tot zeer goedkope, compacte,draagbare toestellen. Typische voorbeelden zijn digitale camera’s, mobiele tele-foons, GPS-ontvangers, PDA’s, draagbare computers, . . . In plaats van ieder vandeze toestellen apart te gebruiken, kan men ze draadloos laten communiceren ensamenwerken om de functionaliteit te verhogen. Op een dergelijke manier kaneen toestel zijn diensten aanbieden aan de andere apparaten in het netwerk. Ditresulteert tot het concept van een draadloos Personal Area netwerk (WPAN).Een WPAN is een kleinschalig, heterogeen, draadloos ad hoc netwerk dat ver-schillende draadloze toestellen met elkaar verbindt. Het bereik is typisch beperkttot enkele meters, en het netwerk is vaak gecentreerd rond een gebruiker die dedraadloze toestellen bedient. De meest gebruikte communicatietechnologieen zijnBluetooth en ZigBee.

Draadloze Personal Area netwerken zijn initieel ontwikkeld om de hoeveel-heid draden (nodig om toestellen met elkaar te verbinden) tot een minimum te

ix

beperken. Er zijn echter een heel aantal andere toepassingen. Een WPAN wordttegenwoordig reeds vaak gebruikt om een mobiele telefoon met een computer tesynchroniseren, of om handenvrij te telefoneren. Men kan deze technologie ookgebruiken om toestellen in een auto draadloos met elkaar te verbinden (bv. eennetwerk tussen de GPS-ontvanger, de mobiele telefoon, een DVD speler en ver-scheidene schermen in de auto). Draadloze Personal Area netwerken maken ookhun intrede in de medische sector. Een interessant voorbeeld is de creatie van eendraadloos netwerk tussen de mobiele telefoon van een gebruiker en zijn hoorim-plantaat. Een dergelijke verbinding via kabels realiseren zou niet gebruiksvrien-delijk zijn. Bovenstaand overzicht is echter niet exhaustief, er zijn nog vele anderetoepassingen van WPAN.

Omdat het relatief eenvoudig is om draadloze communicatie ongedetecteerdte onderscheppen, speelt de beveiliging van deze netwerken een cruciale rol inde ontwikkeling ervan. De beveiliging van draadloze Personal Area netwerken isechter niet vanzelfsprekend omwille van verschillende redenen. Ten eerste zijn dedraagbare toestellen in een WPAN vaak beperkt in rekencapaciteit, geheugen enenergievoorraad. Dit heeft tot gevolg dat de beveiligingsmechanismen zo efficientmogelijk moeten zijn en dat de communicatiekost tot een minimum beperkt moetworden. Doordat mobiele toestellen batterijgevoed zijn, zijn mobiele toestellenzeer onderhevig aan aanvallen die het netwerk (gedeeltelijk) onbeschikbaar maken(de zogenaamde Denial of Service attacks). Een tweede probleem is dat draadlozePersonal Area netwerken meestal autonoom werken, en dat er bijgevolg geenberoep kan gedaan worden op vaste knopen in het netwerk (bv. key servers ofcertification authorities) om sleutels te verdelen of af te spreken. Hierdoor zijnde meeste traditionele beveiligingsmechanismen (voor het afspreken van sleutels)niet van toepassing in een WPAN. Ten slotte wordt de beveiliging ook bemoeilijktdoor de dynamisch varierende netwerk topologie. Men kan er niet op rekenen dateen bepaald toestel op een specifiek moment beschikbaar zal zijn in het netwerk.Het apparaat kan immers uitgeschakeld zijn (om energie te besparen), of buitenhet bereik van het draadloze netwerk zijn. Naast beveiliging is privacy van degebruiker ook van belang. Door gebruik te maken van draadloze communicatielaat de gebruiker immers automatisch sporen na van zijn activiteiten. Zonder denodige beveiligingsmechanismen kan men een gebruiker traceren via de mobieletoestellen die hij in zijn bezit heeft. Draadloze Personal Area netwerken zorgendus voor nieuwe uitdagingen inzake beveiliging en privacy.

Deze thesis levert een bijdrage tot mogelijke oplossingen voor een deel vandeze uitdagingen. Hoofdstuk 1 behandelt de typische kenmerken van een WPANen de gevolgen voor het ontwerp van een beveiligingsarchitectuur. Hoofdstuk 2geeft een overzicht van de voornaamste technieken om een bijkomend veilig kanaalte creeren, een bouwblok die vooral gebruikt wordt in pairing protocols. In eentweede deel van dit hoofdstuk stellen we twee efficiente pairing protocols voor,en bespreken we hun voornaamste (beveiligings-) eigenschappen. In hoofdstuk 3

x

introduceren we het concept van afstandsgebonden protocols (distance boundingprotocols). Deze protocols zorgen ervoor dat een entiteit een bovengrens kanbepalen op de afstand tussen zichzelf en een andere entiteit, die beweert zichbinnen een bepaald bereik te bevinden. Nadat de voornaamste ontwerpprincipesbesproken zijn, geven we in het tweede deel van dit hoofdstuk een overzicht vande belangrijkste toepassingen van dergelijke protocols. Hoofdstuk 4 bestudeertruisbestendige afstandsgebonden protocols (distance bounding protocols). Westellen het ruisbestendige MAD protocol voor. Vervolgens vergelijken we zijnperformantie (op basis van het vereiste aantal rondes en de robuustheid tegenruis) met dit van het Hancke–Kuhn protocol, dit zowel in het geval van eenrelatieve lage als dat van een relatief hoge bitfoutkans. Hoofdstuk 5 handeltover locatie-privacy in draadloze Personal Area netwerken. Als oplossing voordit probleem stellen we een aantal praktische beveiligingsmechanismen voor diegebruik maken van tijdelijke pseudoniemen. Om deze en andere oplossingendie in de literatuur voorgesteld zijn te analyseren en te evalueren, stellen wein het tweede deel van dit hoofdstuk een formeel model voor locatie-privacy op.Hoofdstuk 6 sluit de thesis af en formuleert nieuwe uitdagingen voor de toekomst.

Hoofdstuk 2: Geavanceerde Pairing Protocols

Om netwerken en computersystemen te beveiligen, kan men symmetrische cryp-tografie toepassen. Dergelijke cryptografische primitieven maken gebruik vaneen geheime sleutel die gekend is door twee partijen: de zender van de bood-schap, en de gewenste ontvanger. Om de veiligheid van het netwerk en comput-ersysteem te garanderen, moet deze geheime sleutel op een veilige en correctemanier uitgewisseld worden. Dit is echter een zeer uitdagend probleem in draad-loze Personal Area netwerken, aangezien men geen beroep kan doen op vasteknopen in het netwerk. Een van de mogelijke oplossingen is het gebruik van pai-ring protocols om sleutelovereenkomst protocols te initialiseren. In dit hoofdstukgeven we een overzicht van de voornaamste technieken om een bijkomend veiligkanaal te creeren, een essentiele bouwblok in pairing protocols. Vervolgens stellenwe twee geavanceerde pairing protocols voor en bespreken we hun voornaamste(beveiligings-) eigenschappen. Het eerste pairing protocol vereist gebruikersinter-actie, het tweede protocol maakt gebruik van de beperkte afstand tussen de tweemobiele toestellen die een sessiesleutel willen afspreken.

Bijkomende veilige kanalen

Wanneer twee mobiele toestellen een symmetrische sleutel willen afspreken doorhet uitvoeren van een pairing protocol, kunnen ze gebruik maken van een bij-komend veilig kanaal. Dit kanaal heeft een lage bandbreedte en is beschikbaarvoor beide mobiele toestellen. Bepaalde informatie wordt dan via het veilige bij-

xi

komend kanaal verstuurd, de rest van de informatie via het onveilige draadlozekanaal (met hogere bandbreedte). Hoepman [82] heeft twee belangrijke eigen-schappen van een bijkomend veilig kanaal gedefinieerd; het kan authentiek en/ofprivaat zijn:

Authentiek bijkomend kanaal: Een bijkomend kanaal is authentiek enkel enalleen als beide partijen de garantie hebben dat alle berichten die ze via ditkanaal ontvangen, door de andere partij verstuurd zijn en dat het berichtniet gewijzigd is. De confidentialiteit van de informatie is niet gewaarborgd.

Privaat bijkomend kanaal: Een bijkomend kanaal is privaat enkel en alleenals beide partijen de garantie hebben dat alle berichten die ze via dit kanaalversturen, enkel door de andere partij ontcijferd kunnen worden. De in-tegriteit en oorsprong van de informatie is niet gewaarborgd.

Het gebruik van een bijkomend veilig kanaal is reeds uitvoerig bestudeerd.Indien het kanaal privaat is, dan kan men een EKE (encrypted key exchange)protocol uitvoeren met de geheime informatie die via het bijkomend kanaal ver-stuurd is. Indien het bijkomend veilig kanaal authentiek is, dan kan men hetDiffie-Hellman protocol uitvoeren, en het bijkomend kanaal gebruiken om depublieke sleutels te authentiseren. In beide gevallen is het resultaat een initielegeheime sessiesleutel.

Een meer uitdagend probleem is echter om het bijkomend veilig kanaal te rea-lizeren op een goedkope, gebruiksvriendelijke, efficiente en veilige manier. Enkelevoorbeelden van interessante technieken, bestudeerd in de literatuur, zijn:

• Via gebruikersinteractie (input en/of output van gebruiker)

• Elektrisch of fysisch contact tussen beide toestellen

• Beveiliging op de draadloze fysische laag

• Beide toestellen uitrusten met een accelerometer

• Visueel bijkomend kanaal (camera en/of display)

• Auditief bijkomend kanaal (luidspreker en/of microfoon)

• Afstand tussen beide toestellen

Locatie-privaat pairing protocol gebaseerd op gebruikersin-

teractie

De meerderheid van de toestellen in een draadloos Personal Area netwerk hebbeneen invoerinterface (bv. toetsenbord) en/of een display. Dergelijke toestellen kun-nen het pairing protocol dat in dit deel voorgesteld wordt uitvoeren. Het protocol

xii

combineert het Diffie-Hellman protocol met een aantal andere technieken. Om depublieke sleutels te authentizeren wordt het MANA I protocol toegepast. Hierbijmoet de gebruiker een aantal hexadecimale waarden, die berekend worden op ba-sis van de publieke Diffie-Hellman sleutels, op beide mobiele toestellen ingeven.Tegelijkertijd met de geheime sessiesleutel wordt er ook een tijdelijk pseudoniemafgesproken. Dit wordt gebruikt om de privacy van de gebruiker te garanderen.De technieken die in hoofdstuk 5 bestudeerd worden, kunnen gebruikt wordenom het pseudoniem te hernieuwen in elke communicatieronde.

Sleutelovereenkomst via afstandsgebonden protocols

Dit pairing protocol maakt expliciet gebruik van de afstand tussen twee mobieletoestellen om een geheime sessiesleutel af te spreken. Iedere gebruiker definieerteerst voor elk van zijn toestellen een privaat gebied. Dit gebeurt op een zodanigewijze dat de gebruiker visueel kan verifieren dat alle vertrouwde toestellen zichbinnen dit privaat gebied bevinden, en alle andere (onbetrouwbare) toestellenzich buiten dit privaat gebied bevinden. De gebruiker geeft dan de informatieover dit gebied (met name de afmetingen) in op het toestel. De afmetingen vaneen privaat gebied zijn niet statisch. In een druk bevolkte omgeving zal de straalveel kleiner zijn dan in een rustige, ruime omgeving.

Om het pairing protocol succesvol te beeindigen moeten beide toestellen zichbinnen elkaars privaat gebied bevinden. De geheime sessiesleutel wordt uitgewis-seld via het Diffie-Hellman protocol. Om de publieke sleutels te authentiserenwordt er gebruik gemaakt van afstandsgebonden protocols (distance boundingprotocols). Op deze manier weten beide toestellen dat een specifieke publiekesleutel afkomstig is van een toestel dat zich binnen een bepaalde afstand bevindt.Aangezien er enkele vertrouwde toestellen aanwezig zijn in het privaat gebied vanhet toestel, moet de publieke sleutel dus afkomstig zijn van het toestel waarmeemen een sessiesleutel wil afspreken.

Hoofdstuk 3: Veilige Afstandsgebonden Protocols

In dit hoofdstuk bespreken we het concept van afstandsgebonden protocols (dis-tance bounding protocols). Dergelijke protocols zorgen ervoor dat een entiteit eenbovengrens kan bepalen op de afstand tussen zichzelf en een andere entiteit, diebeweert zich binnen een bepaald bereik te bevinden. We behandelen de voor-naamste ontwerpprincipes van afstandsgebonden protocols, en bestuderen enkeletoepassingsmogelijkheden in draadloze Personal Area netwerken.

xiii

Werkingsmechanisme

Afstandsgebonden protocols (distance bounding protocols) combineren fysischeen cryptografische eigenschappen en maken het op die manier mogelijk voor eenentiteit om te controleren of een andere entiteit zich binnen een bepaald bereikbevindt. Zowel de afstand tot, als de identiteit van de andere partij, wordengecontroleerd in het afstandsgebonden protocol. Om de afstand tussen beidetoestellen te schatten, wordt de tijd gemeten waarop een signaal zich van hetene toestel naar het andere verplaatst (de zogenaamde time of flight). Deze tijdgeeft dan een indicatie over de afstand tussen beide partijen. De time of flightmeten is de enige techniek die veilig gemaakt kan worden. Alle mechanismen diegebruik maken van de signaalsterkte of de hoek waaronder een signaal ontvangenwordt, zijn niet bestand tegen bepaalde (fysische) aanvallen.

Een afstandsgebonden protocol (distance bounding protocol) bestaat typischuit een aantal rondes. In elke ronde wordt er een vraag-antwoord (challenge-response) protocol uitgevoerd. Tijdens deze snelle bituitwisselingen wordt detijd tussen het zenden van een vraag (de challenge) en het ontvangen van hetantwoord (de response) opgemeten. De maximale responstijd wordt dan ver-menigvuldigd met de voortplantingssnelheid van het draadloze medium om eenschatting van de afstand tussen beide partijen te bekomen. Meestal wordt de in-formatie verzonden via radiogolven. In dat geval is de voortplantingssnelheid desnelheid van het licht. Dit heeft tot gevolg dat de tijd om een antwoord te bereke-nen zeer kort moet zijn, en dat de ontvanger van het antwoord de responstijdmet een zeer hoge nauwkeurigheid moet kunnen meten. Indien men de garantieheeft dat er geen aanvaller fysisch aanwezig kan zijn tussen beide partijen, danmag men de informatie ook verzenden via ultrasone golven. In dat geval zijn devereisten voor het berekenen van een antwoord en het meten van de responstijdminder strikt.

Ontwerpprincipes

Om een veilig afstandsgebonden protocol (distance bounding protocol) te ontwer-pen, moet men een aantal principes in rekening brengen. Deze kunnen opgesplitstworden in cryptografische en fysische principes. Beide principes worden uitvoerigbesproken in dit hoofdstuk. Er zijn een aantal protocols in de literatuur versche-nen die tegen een of meerdere van deze regels zondigen, en bijgevolg onderhevigzijn aan bepaalde aanvallen. Een van de fysische ontwerpprincipes is dat eenafstandsgebonden protocol bestand moet zijn tegen bitfouten, aangezien het uit-gevoerd wordt in een ruizige omgeving. De gevolgen van deze observatie voor deveiligheid van afstandsgebonden protocols worden besproken in hoofdstuk 4.

xiv

Toepassingen

Veilige afstandsgebonden protocols (distance bounding protocols) zijn specifiekontworpen om bepaalde aanvallen (en dan vooral de zogenaamde man-in-the-middle attacks) te vermijden. Maar er zijn nog andere interessante toepassingen.

Afstandsgebonden authenticatie

In conventionele computernetwerken gebeurt authenticatie meestal op basis vaniets wat je weet, wat je hebt of wat je bent. Je kan echter ook informatie overde locatie of de afstand tot een bepaalde plaats mee in rekening brengen bijhet toekennen van bepaalde privileges (bv. om een deur te openen moet je je erdichtbij bevinden). Dit is zeker handig in draadloze Personal Area netwerken,waar het bereik van het netwerk per definitie zeer beperkt is. Door het toepassenvan afstandsgebonden protocols (distance bounding protocols) kan je deze vormvan authenticatie garanderen.

Protocol voor sleutelovereenkomst

Je kan een sleutelovereenkomst protocol op verschillende manieren initialiseren.Een interessante methode is gebruik te maken van een pairing protocol dat deafstand tussen de twee entiteiten die een sleutel willen afspreken, mee in rekeningbrengt. Dit pairing protocol is reeds besproken in hoofdstuk 2.

Bepalen van de locatie op een veilige manier

Afstandsgebonden protocols (distance bounding protocols) maken het mogelijkom een bovengrens te bepalen op de afstand tussen twee entiteiten. Dit principekan nu ook uitgebreid worden. Om op een veilige manier de locatie van eentoestel te bepalen in een 2-dimensionaal vlak (men kan de resultaten ook ver-algemenen tot 3 dimensies), moet men een afstandsgebonden protocol uitvoe-ren met ten minste drie samenwerkende, niet-collineaire verifierende entiteiten(verifiers). Deze drie entiteiten zijn gesynchroniseerd en delen dezelfde geheimesleutels. Door hun metingen te combineren, kunnen ze de locatie van een toestelberekenen. Om valse locatie-claims te vermijden, moeten er wel enkele specifiekebeveiligingsmechanismen toegepast worden, zoals o.a. broadcast mode. De detailsworden uitvoerig in dit hoofdstuk besproken.

Hoofdstuk 4: Afstandsgebonden Protocols in

Ruizige Omgevingen

Aangezien afstandsgebonden protocols (distance bounding protocols) over een adhoc kanaal met ruis uitgevoerd worden, moeten ze op een zodanige manier ont-

xv

worpen worden dat ze bestand zijn tegen bitfouten die plaatsvinden gedurendesnelle bituitwisselingen. In dit hoofdstuk stellen we het ruisbestendige MADprotocol voor, en vergelijken zijn performantie (op basis van het vereiste aantalrondes en de robuustheid tegen ruis) met dit van het Hancke–Kuhn protocol, ditzowel in het geval van een relatieve lage als dat van een relatief hoge bitfoutkans.

Ruisbestendige MAD protocol

Het ruisbestendige MAD protocol is een aangepaste versie van het MAD proto-col, dat ontworpen werd door Capkun et al. Het heeft de interessante eigenschapdat een aanvaller in elke ronde slechts een kans van 1/2 heeft om een goed ant-woord (response) te sturen. Het zorgt ook automatisch voor wederzijdse authen-ticatie, wat een belangrijk voordeel is (sommige andere protocols moeten tweekeer achter elkaar uitgevoerd worden om deze eigenschap te bekomen, wat uite-raard minder efficient is). Door een (n, k)-foutverbeterende code te integrerenin het afstandsgebonden protocol kan men een bepaald aantal fouten (aangeduidmet de parameter x ) corrigeren. Om de veiligheid van het protocol te garanderen,moeten beide partijen de responstijd echter kunnen opmeten met een voldoendehoge precisie, en mag het niet mogelijk zijn om de (n, k)-foutverbeterende codein een verwaarloosbaar korte tijd te berekenen.

Vergelijking tussen ruisbestendig MAD en Hancke–Kuhn

protocol

Performantie bij relatief lage bitfoutkans

We vergelijken eerst de performantie van beide ruisbestendige afstandsgebondenprotocols (distance bounding protocols) in het geval dat de bitfoutkans relatieflaag is (in de orde van 0.01 en lager). Een eerste vaststelling is dat de bitfoutkanswel degelijk een invloed heeft op de kans op succesvolle aanvallen. Hoe meerbitfouten er toegelaten zijn ten gevolge van ruis, in hoe meer rondes een aanvallereen fout antwoord kan doorsturen. Hij kan dan achteraf beweren dat hij een juistantwoord had doorgestuurd, maar dat er een bitfout is opgetreden. Men kan dusconcluderen dat ruis voordelig is voor een aanvaller. Een hogere bitfoutkans isechter nadelig voor een eerlijke entiteit die zijn afstand tot een andere plaats (ofentiteit) wil bewijzen, aangezien er meer kans is dat een juist antwoord toch foutwordt ontvangen (en dat bijgevolg de ronde zal falen).

Als we beide protocols vergelijken bij een zelfde bitfoutkans, dan merken weop dat het ruisbestendige MAD protocol slechts de helft van het aantal snellebituitwisselingen nodig heeft, in vergelijking met het Hancke–Kuhn protocol, omde kans op succesvolle aanvallen onder een bepaalde drempel te houden. Als webeide protocols vergelijken in het geval dat er wederzijdse authenticatie vereistis (wat meestal het geval is), dan heeft het ruisbestendige MAD protocols zelfs

xvi

slechts een vierde van het aantal snelle rondes nodig. Er moeten echter iets meerbits uitgewisseld worden via het trage draadloze kanaal in vergelijking met hetHancke–Kuhn protocol. Om beide ruisbestendige protocols volledig met elkaar tevergelijken moet men bijgevolg de kost van zowel het trage als het snelle draadlozekanaal in rekening brengen.

Performantie bij relatief hoge bitfoutkans

Hoe hoger de bitfoutkans, hoe moeilijker het wordt om de parameters van eenruisbestendig afstandsgebonden protocol (distance bounding protocol) te bepalen,rekening houdend met het maximaal aantal toegelaten foutief afgekeurde enfoutief goedgekeurde authenticatie claims (false negatives en false positives).Vanaf een bepaalde bitfoutkans wordt het zelfs onmogelijk om aan beide voor-waarden simultaan te voldoen. In dit hoofdstuk berekenen we voor beide ruis-bestendige afstandsgebonden protocols de bitfoutkans waarbij dit fenomeen zichvoordoet. Over het algemeen ligt deze limiet hoger bij het ruisbestendige MADprotocol dan bij het Hancke–Kuhn protocol.

Als we beide protocols vergelijken bij een zelfde bitfoutkans, dan merkenwe op dat het ruisbestendige MAD protocol slechts de helft van het aantal snellebituitwisselingen nodig heeft, in vergelijking met het Hancke–Kuhn protocol. Ditis in overeenstemming met het scenario waarbij de bitfoutkans relatief laag is.Wanneer de bitfoutkans echter een bepaalde drempel overschrijdt (typisch in deorde van 0.1), stijgt het aantal vereiste snelle rondes bijzonder snel, en wordt hetduidelijk voordeliger om het Hancke–Kuhn protocol te gebruiken.

Hoofdstuk 5: Locatie-Privacy in WPAN

Dit laatste hoofdstuk handelt over locatie-privacy in draadloze Personal Areanetwerken. Ieder draagbaar toestel heeft een uniek en vast hardware-adres. Doorde draadloze communicatie tussen de mobiele toestellen in het netwerk af te luis-teren, kan een aanvaller dit hardware-adres bekomen. Dit heeft grote gevolgen.Het laat de aanvaller immers toe om de gebruiker van deze mobiele toestellente traceren. Telkens er een bepaald hardware-adres verschijnt, weet de aanvallerdat een specifiek mobiel toestel aanwezig is. Als hij bovendien ook weet wie degebruiker van dat toestel is (bv. door dit ooit visueel waargenomen te hebben),dan kan hij op die manier de gebruiker traceren. Dit is een zeer ernstig beveilig-ingsprobleem.

Dit locatie-privacy probleem kan opgelost worden door tijdelijke identiteiten(pseudoniemen) te gebruiken tijdens de draadloze communicatie. Dit moet echterop een zodanige manier gebeuren dat een aanvaller niet in staat is om te de-tecteren dat verschillende pseudoniemen tot eenzelfde toestel behoren. Anderskan hij immers nog steeds de gebruiker blijven traceren.

xvii

In dit hoofdstuk bespreken we vier communicatiescenario’s, en stellen we voorieder van deze scenario’s een praktische oplossing voor die gebruik maakt vantijdelijke pseudoniemen. In een tweede deel van dit hoofdstuk stellen we eenformeel model voor locatie-privacy in WPAN voor. Dit theoretisch raamwerkbevat een formele definitie van de verschillende vormen van locatie-privacy, eneen theoretisch model van de aanvalsmogelijkheden van een actieve aanvaller. Ditmodel passen we dan toe op een aantal protocols die in de literatuur voorgesteldzijn. Dit laat toe om verscheidene problemen te identificeren en op te lossen.

Probleembeschrijving

Het gebruik van vaste hardware-adressen in mobiele communicatie laat een aan-valler toe om mobiele toestellen, en dus ook de gebruiker van deze apparaten,te traceren. Dit probleem kan verholpen worden door tijdelijke pseudoniemen tegebruiken. Men moet minstens volgende twee doelstellingen realiseren om hetlocatie-privacy probleem op te lossen:

Ontraceerbaarheid: Het moet computationeel zeer moeilijk zijn voor een aan-valler om te achterhalen welk specifiek toestel aan het communiceren is(bv. wat het vaste hardware-adres van dit toestel is).

Ontkoppelbaarheid: Het moet computationeel zeer moeilijk zijn voor een aan-valler om verschillende pseudoniemen, die tot eenzelfde toestel behoren, metelkaar in verband te brengen.

Verder veronderstellen we dat er een actieve aanvaller aanwezig is tijdens demobiele communicatie. Deze aanvaller heeft een eindige hoeveelheid rekenkrachten geheugen, maar kan alle berichten in het netwerk onderscheppen en eventueelinformatie wijzigen, toevoegen of verwijderen.

Vier communicatie scenario’s voor WPAN

Rekening houdend met bovenstaande beperkingen en veronderstellingen besprekenwe in dit hoofdstuk vier communicatie scenario’s voor WPAN, en stellen we voorelk van deze scenario’s een praktische oplossing voor die gebruik maakt van tij-delijke pseudoniemen. Zonder in detail te gaan, geven we nu een overzicht vandeze vier scenario’s en de voorgestelde beveiligingsmechanismen:

• Scenario 1: de mobiele toestellen delen een geheime symmetrischesleutel. In dit scenario kunnen we een ketting van tijdelijke pseudoniemenopstellen. Deze ketting start van een gekende publieke waarde (eventueelvariabel in tijd), en de geheime sleutel wordt gebruikt om de volgendewaarde in de ketting te berekenen.

xviii

• Scenario 2: toestel kent adres van de ontvanger. Het adres van deontvanger wordt samen met een variabele willekeurige waarde (een nonce)als input gebruikt van een cryptografische hashfunctie (met specifieke cryp-tografische eigenschappen). De output van deze functie is het tijdelijkpseudoniem.

• Scenario 3: er is een bijkomend veilig kanaal aanwezig. Metdit bijkomend veilig kanaal kan men een geheime sessiesleutel afspreken.Deze symmetrische sleutel kan dan gebruikt worden op een ketting vanpseudoniemen te genereren, net zoals in scenario 1.

• Scenario 4: de mobiele toestellen delen geen geheime informatie.Indien beide toestellen geen geheime informatie delen, kunnen ze best hunberichten naar alle toestellen in het netwerk sturen, zonder enige vorm vanidentificatie. In sommige gevallen kan men ook de oplossing van scenario 2gebruiken, maar in dat geval kan locatie-privacy niet volledig gegarandeerdworden.

Formeel locatie-privacy model

Om onze oplossingen, en andere technieken die in de literatuur voorgesteld zijn,te evalueren, stellen we een formeel model voor locatie-privacy op. De aan-valler modelleren we als een entiteit met een eindige hoeveelheid rekenkrachtdie beperkte toegang heeft tot bepaalde orakels. We definieren drie vormen vanlocatie-privacy waaraan een protocol kan voldoen: “standaard” locatie-privacy(location privacy), locatie-privacy van een communicerende groep toestellen (com-municating constellation location privacy), en voorwaartse privacy (forward lo-cation privacy). Voor ieder van deze definities beschrijven we een aanvalsspel(attack game). Het doel van ieder spel is om een onderscheid te kunnen makentussen een specifieke knoop uit het netwerk (de target node) en een willekeurigeknoop. Indien een aanvaller hierin slaagt met een significant grotere kans dan1/2, dan wint hij het spel en voldoet het protocol niet aan de specifieke definitievan locatie-privacy.

In dit hoofdstuk analyseren we de oplossing voorgesteld door Gehrmann etal. (Bluetooth anonimity mode). We evalueren ook formeel drie protocols diegebruik maken van tijdelijke pseudoniemen: het SP-1 protocol (onze oplossingvoor communicatie scenario 1), het SP-2 protocol (onze oplossing voor commu-nicatie scenario 2) en het protocol van Wong en Stajano. De resultaten wordenin onderstaande tabel samengevat. In deze tabel worden de volgende symbolengebruikt:

• V: voldoet aan definitie.

• X: voldoet niet aan definitie, maar er is een oplossing voor het probleembeschikbaar.

xix

• XX: voldoet niet aan definitie, en geen oplossing beschikbaar.

Tabel 1. Formele evaluatie van het SP-1, SP-2 en Wong–Stajano protocol

protocol loc. private constellation loc. private forward loc. privateSP-1 X X XSP-2 V V XX

Wong-Stajano V V X

xx

List of Acronyms

ACL Access Control ListACO Authenticated Ciphering OffsetAES Advanced Encryption StandardCA Certification AuthorityCAC Channel Access CodeCOF Ciphering Offset NumberDAC Device Access CodeDoS Denial-of-ServiceDSR Dynamic Source RoutingECC Elliptic Curve CryptographyEDR Enhanced Data RateErCC Error Correcting CodeFSM Finite State MachineGCM Galois Counter ModeGPS Global Positioning SystemGSM Global System for Mobile CommunicationsIP Internet ProtocolIV Initial ValueMAC Message Authentication CodeMANA Manual AuthenticationMIC Message Integrity CodeNFC Near Field CommunicationNiMH Nickel-Metal HydrideNWK network

xxi

OOB Out-of-BandPAN Personal Area NetworkPGP Pretty Good PrivacyPIN Personal Identification NumberPKI Public Key InfrastructurePRF Pseudo-Random FunctionRFID Radio Frequency IdentificationRSA Rivest-Shamir-AdlemanSKKE Symmetric-Key Authenticated Key Agreement (protocol)SN Sensor NetworkSSL Secure Sockets LayerSTS Station-to-Station (protocol)TLS Transport Layer SecurityUWB Ultra-WidebandWAP Wireless Application ProtocolWBAN Wireless Body Area NetworkWLAN Wireless Local Area Networkw.l.o.g. without loss of generalityWPAN Wireless Personal Area NetworkWTLS Wireless Transport Layer SecurityXOR Exclusive OR

xxii

List of Notation

addrA the hardware address of device AA the hardware address (identity) of device A−→ data sent via a wireless ad hoc channel (e.g., Bluetooth)99K data sent via an out-of-band channela← b the value b is assigned to variable aa|b concatenation of the bits a and ba ‖ b concatenation of the bitstrings a and b(a, b) concatenation of the bitstrings a and bx ∈R {0, 1} random bit xX ∈R {0, 1}n random bitstring X of length n(n,k) ECC (n,k) error correcting codeNi the i-th bit of string NNA,i the i-th bit of string NA

min[f(x)] the minimum of function f(x)max [f(x)] the maximum of function f(x)gcd(a, b) the greatest common divisor of a and b⌊x⌋ the largest integer less than or equal to xa the bit-complement of bit aa⊕ b exclusive OR (XOR) of a and baP the point multiplication of integer a and

the point P on an elliptic curveE an elliptic curve over a finite field

xxiii

〈Z∗p, ·〉 the multiplicative group of integers modulo p

(with p a large prime)〈Zp,+〉 the group of integers modulo p

(with p a large prime)Pr(X) the probability of event Xpoly(k) any polynomial function of kA[x] an attacker that is allowed to ask x queries

to a particular oracleh(D) a cryptographic hash function computed on

the data string D. Such a function should bepreimage, second preimage and collision-resistant

hi(m), hj(m) two pairwise independent cryptographic hash functionsPRF k(D) a pseudo-random function computed

on the bitstring D using the key kMAC k(D) a message authentication code computed on

the bitstring D using the key kCVk(m) check-value function computed on the message

m using the key kEk(m) symmetric encryption of the message m

using the key kEKA

(m) asymmetric encryption of the message musing the public key KA of entity A

Sign(m) a (symmetric or asymmetric) signaturecomputed on the bitstring m

commit(m) secure commitment computed on the bitstring m

xxiv

List of Tables

4.1 Influence of the number of allowed errors x on the false acceptanceratio for n = 37 and Pb = 0.01 . . . . . . . . . . . . . . . . . . . . . 113

4.2 Comparison of the false rejection ratio for n = 37 and Pb = 0.01 . . 1144.3 Comparison of the false acceptance ratio for n = 63 and Pb = 0.02 115

xxv

xxvi

List of Figures

1.1 Mutual entity authentication protocol of Bluetooth . . . . . . . . . 81.2 ZigBee key hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . 15

2.1 Mobile personal devices share a secure out-of-band channel . . . . 312.2 Pairing protocol for bidirectional private out-of-band channel . . . 322.3 Pairing protocol for bidirectional authentic out-of-band channel . . 332.4 MANA I protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352.5 MANA II protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . 372.6 MANA III protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . 382.7 MANA IV protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . 402.8 Location private pairing protocol based on user interaction . . . . 482.9 The concept of a user’s (device’s) private space . . . . . . . . . . . 552.10 Efficient key establishment protocol using distance bounding pro-

tocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

3.1 The concept of proximity based authentication. . . . . . . . . . . . 613.2 Distance fraud attack . . . . . . . . . . . . . . . . . . . . . . . . . 633.3 Mafia fraud attack . . . . . . . . . . . . . . . . . . . . . . . . . . . 643.4 Terrorist fraud attack . . . . . . . . . . . . . . . . . . . . . . . . . 653.5 Wormhole attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . 673.6 Distance bounding protocol of Capkun and Hubaux . . . . . . . . 683.7 Guessing attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 693.8 Distance bounding protocol of Brands and Chaum . . . . . . . . . 743.9 Distance bounding protocol of Waters and Felten . . . . . . . . . . 773.10 Modified distance bounding protocol of Waters and Felten . . . . . 803.11 Distance bounding protocol of Bussard . . . . . . . . . . . . . . . . 813.12 Zero knowledge proof of knowledge in Bussard’s distance bounding

protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 833.13 Secure location verification: the ideal scenario . . . . . . . . . . . . 883.14 Effect of the processing delay in secure location verification . . . . 883.15 Attacker delays responses to cheat on his location . . . . . . . . . . 893.16 Secure location verification: broadcast mode . . . . . . . . . . . . . 90

xxvii

3.17 Geometrical properties of broadcast mode . . . . . . . . . . . . . . 923.18 Transformation of the coordinate system . . . . . . . . . . . . . . . 933.19 Intersection points defining the area where prover is located . . . . 943.20 Broadcast mode: prover is outside the triangle {V1, V2, V3} . . . . 953.21 Broadcast mode: prover collinear with verifiers V1 and V3 . . . . . 953.22 Hyperbola attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

4.1 Distance bounding protocol of Hancke and Kuhn . . . . . . . . . . 1034.2 Noise resilient MAD protocol . . . . . . . . . . . . . . . . . . . . . 1064.3 Man-in-the-middle attack on the noise resilient MAD protocol . . . 1094.4 Relation between the false acceptance ratio PFA and the number

n of rounds for x = 5 and Pb = 0.005 . . . . . . . . . . . . . . . . . 1164.5 Influence of z1 and k on Plim,MAD (NR MAD) for n = 500 . . . . 1204.6 Influence of z1 on Plim,H (Hancke–Kuhn) and Plim,MAD (NR MAD)

for PFA ≤ 50% and n = 500 . . . . . . . . . . . . . . . . . . . . . . 1224.7 Influence of z1 on Plim,MAD (NR MAD) for large values of k (k >

10) and n = 500 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1224.8 Influence of PFA on Plim,H (Hancke–Kuhn) and Plim,MAD (NR

MAD) for PFR ≤ 2−7 and n = 500 . . . . . . . . . . . . . . . . . . 1234.9 Minimal required number n of rounds for the Hancke-Kuhn and

NR MAD protocol when PFR ≤ 2−23 and PFA ≤ 2−23 . . . . . . . 1254.10 Minimal required number n of rounds for the Hancke-Kuhn and



NR MAD protocol when PFR ≤ 2−10 and PFA ≤ 2−10 . . . . . . . 1284.13 Three regions of the bit error rate . . . . . . . . . . . . . . . . . . 129

5.1 Four WPAN communication scenarios . . . . . . . . . . . . . . . . 1395.2 Communicating constellation in the WPAN . . . . . . . . . . . . . 1515.3 Improved SP-1 protocol . . . . . . . . . . . . . . . . . . . . . . . . 1615.4 Wong and Stajano’s location privacy protocol . . . . . . . . . . . . 163

B.1 General overview of the IM3 health care architecture. . . . . . . . 197B.2 Communication in CICADA for a sample network of 5 nodes . . . 199B.3 FSM of a sensor in a WBAN. . . . . . . . . . . . . . . . . . . . . . 200B.4 Secure JOIN-REQUEST originating from sensor A. . . . . . . . . . 201B.5 Secure key transport to all the sensors in the WBAN. . . . . . . . 203

xxviii

Contents

1 Introduction 11.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.2 Case Studies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

1.2.1 Bluetooth . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61.2.2 ZigBee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

1.3 This Thesis and Related Work . . . . . . . . . . . . . . . . . . . . 181.4 Outline and Main Contributions . . . . . . . . . . . . . . . . . . . 26

2 Enhanced Pairing Protocols 292.1 Constructing Out-of-Band Channels . . . . . . . . . . . . . . . . . 30

2.1.1 Defining an extra channel . . . . . . . . . . . . . . . . . . . 302.1.2 Establishing session keys using out-of-band channels . . . . 312.1.3 Overview of existing technologies . . . . . . . . . . . . . . . 33

2.2 Location Private Pairing Protocol Based on User Interaction . . . 462.2.1 Our enhanced pairing protocol . . . . . . . . . . . . . . . . 472.2.2 Evaluation of the pairing protocol . . . . . . . . . . . . . . 50

2.3 Key Establishment Using Distance Bounding Protocols . . . . . . . 542.4 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

3 Secure Distance Bounding Protocols 593.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

3.1.1 Time of flight distance bounding protocols . . . . . . . . . . 613.1.2 Attack scenarios . . . . . . . . . . . . . . . . . . . . . . . . 633.1.3 Cryptographic design principles . . . . . . . . . . . . . . . . 653.1.4 “Physical” design principles . . . . . . . . . . . . . . . . . . 663.1.5 Practical use case . . . . . . . . . . . . . . . . . . . . . . . . 71

3.2 Existing Distance Bounding Proposals . . . . . . . . . . . . . . . . 733.2.1 Brands’ and Chaum’s protocol . . . . . . . . . . . . . . . . 733.2.2 Waters’ and Felten’s protocol . . . . . . . . . . . . . . . . . 763.2.3 Bussard’s protocol . . . . . . . . . . . . . . . . . . . . . . . 79

3.3 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

xxix

3.3.1 Proximity based authentication . . . . . . . . . . . . . . . . 843.3.2 Key establishment . . . . . . . . . . . . . . . . . . . . . . . 863.3.3 Secure location verification . . . . . . . . . . . . . . . . . . 86

3.4 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

4 Employing Distance Bounding Protocols in Noisy Environments1014.1 Noise Resilient Distance Bounding Protocols . . . . . . . . . . . . 102

4.1.1 The RFID protocol of Hancke and Kuhn . . . . . . . . . . . 1034.1.2 Noise resilient mutual authentication with distance bounding104

4.2 Statistical Properties . . . . . . . . . . . . . . . . . . . . . . . . . . 1114.3 Performance Analysis at Low Bit Error Rates . . . . . . . . . . . . 112

4.3.1 Influence of bit errors on the false acceptance ratio . . . . . 1124.3.2 Comparison of the false rejection ratio . . . . . . . . . . . . 1134.3.3 Comparison of the false acceptance ratio . . . . . . . . . . . 1154.3.4 Required number of fast communication rounds . . . . . . . 115

4.4 Constraints Due to High Bit Error Rates . . . . . . . . . . . . . . . 1174.4.1 Upper limit on the bit error rate . . . . . . . . . . . . . . . 1174.4.2 Reducing the number of rounds . . . . . . . . . . . . . . . . 124

4.5 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

5 Location Privacy in Wireless Personal Area Networks 1335.1 Location Privacy Problem . . . . . . . . . . . . . . . . . . . . . . . 134

5.1.1 Tracking mobile users . . . . . . . . . . . . . . . . . . . . . 1345.1.2 Attack strategies . . . . . . . . . . . . . . . . . . . . . . . . 1355.1.3 Problem statement and design goals . . . . . . . . . . . . . 136

5.2 Location Privacy–Enhancing Techniques . . . . . . . . . . . . . . . 1385.2.1 Overview of WPAN communication scenarios . . . . . . . . 1385.2.2 Temporary pseudonym schemes . . . . . . . . . . . . . . . . 1405.2.3 Practical observations . . . . . . . . . . . . . . . . . . . . . 148

5.3 Theoretical Location Privacy Model . . . . . . . . . . . . . . . . . 1495.3.1 Overview of the different entities . . . . . . . . . . . . . . . 1495.3.2 Identification protocol . . . . . . . . . . . . . . . . . . . . . 1505.3.3 Adversarial model . . . . . . . . . . . . . . . . . . . . . . . 1515.3.4 Attack games . . . . . . . . . . . . . . . . . . . . . . . . . . 1525.3.5 Forward security . . . . . . . . . . . . . . . . . . . . . . . . 154

5.4 Analysis and Evaluation of Several Location Privacy–EnhancingSchemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1555.4.1 Necessity of random responses . . . . . . . . . . . . . . . . 1565.4.2 Bluetooth anonymity mode . . . . . . . . . . . . . . . . . . 1575.4.3 Our location privacy–enhancing scheme . . . . . . . . . . . 1585.4.4 Wong and Stajano’s location privacy protocol . . . . . . . . 163

5.5 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

xxx

6 Conclusions and Future Research 1676.1 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1676.2 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

A Secure Location Verification: Computing the Prover’s Location191

B How to Secure an Interactive Medical Monitoring Environment195B.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195B.2 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

B.2.1 General overview . . . . . . . . . . . . . . . . . . . . . . . . 196B.2.2 Security assumptions . . . . . . . . . . . . . . . . . . . . . . 197

B.3 Protocol design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198B.3.1 CICADA . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198B.3.2 CICADA-S . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

B.4 Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204B.4.1 Performance evaluation . . . . . . . . . . . . . . . . . . . . 204B.4.2 Security properties . . . . . . . . . . . . . . . . . . . . . . . 205

B.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

xxxi

xxxii

Chapter 1

Introduction

1.1 Motivation

Digital communication systems are evolving very rapidly. Since their introductionin the 1940s, computers have evolved from very expensive, room-filling machines,only available to a few large organizations, to affordable, light and portable de-vices. Typical examples of such mobile devices are digital cameras, mobile cellphones, GPS receivers, wireless headsets, laptops, . . . As more and more of thesemobile devices became available on the market, it became apparent that enablingthese devices to communicate over wireless links would allow them to work to-gether and augment their functionality. This idea resulted in the concept of aWireless Personal Area Network (WPAN). A WPAN is a small, heterogeneous,wireless ad hoc network which connects several personal mobile devices. Therange of a WPAN is typically a few meters, and is often centered around a singleuser (or a very small number of users) operating the mobile devices. PersonalArea Networks (PAN) are standardized in the IEEE 802.15 working group [90].

There are several communication technologies available to create a WirelessPersonal Area Network, with Bluetooth [25] and to a lesser degree ZigBee [218]the most popular ones. By 2009, more than 66 percent of the 900 million mobilephone handsets sold that year will include Bluetooth technology [23]. WirelessPersonal Area Networks have several interesting applications. Such networkswere originally created to be a cable-replacement technology that allows for alimited number of devices to communicate with each other via a wireless link.There is however a larger range of applications. The most well known and com-monly used one is to connect a mobile phone to a wireless headset (to phonehands-free) or to a laptop (to synchronize data). Another popular application isto connect a wireless mouse and keyboard to a computer. A WPAN can also becreated in a car: the mobile phone and/or PDA of the user, a GPS receiver, one

1

2 CHAPTER 1. INTRODUCTION

or more displays installed in the car, a DVD player and other electronic devicescan form a wireless network and communicate to each other. At this moment,such networks only exist in luxury cars, but it can be expected that the demandwill increase and that it will also appear in cheaper vehicles. Nintendo [150]and Sony [198] have gaming consoles with wireless joysticks, which hence forma small WPAN. Wireless Personal Area Networks are also appearing in medi-cal, health and wellness environments. ABI Research forecasts that by 2012 themarket for PAN sensors in this area (sports, exercise, health and well-being) willrepresent nearly 140 million units [1]. Another interesting medical application inthis area is to connect a cochlear implant via Bluetooth to the mobile phone ofa user. This could enable people with hearing problems to make mobile phonecalls. Wireless Personal Area Networks can also be interesting when devices needan Internet connection. These mobile devices can then form a network with amobile phone (or another device such as a PDA), which is then used as a gatewayto the Internet.

A Wireless Personal Area Network is very different from a conventional com-puter network. Its most important characteristics are:

Battery fed: The nodes in a Wireless Personal Area Network are typically mo-bile devices. They are often not connected to the power supply, and have toget their energy from a battery. To avoid that the energy level is exhaustedin a very short period of time, the intensive use of expensive operations(from an energy point of view) has to be minimized. Mobile devices withvery limited resources go into sleep mode from the moment they do nothave to send or receive data. Always being online would consume toomuch energy.

Self-organized and decentralized: A Wireless Personal Area Network is aspecial type of a wireless ad hoc network [204]. Such an ad hoc networkestablishes itself the moment two or more devices enter each others’ commu-nication range. This happens without the use of any fixed infrastructure,but relies solely on the devices that create the instantaneous connection.

Dynamic network topology: The nodes in a Wireless Personal Area Networkare often mobile. Such devices can move from one place to another. Evenmore, they can go offline to preserve energy or because they are not operatedby the user at that moment of time. Because of these reasons, the networktopology is dynamic. The number of devices in the network can changein place and time. The lifetime of a Wireless Personal Area Network istypically very short. Connections are established on the spot. From themoment the data transfer has finished, the devices disconnect again.

Heterogeneity: The devices that can make up the Wireless Personal Area Net-work can have very different capabilities. This can range from a laptop

1.1. MOTIVATION 3

(having large energy and computation resources) to a digital watch (beingbattery fed and having very limited computational power).

Limited range: The range of a Wireless Personal Area Network is determinedby the antenna and wireless radio built in the mobile device. Typically,the range is a few meters. The communication in a WPAN is thereforemost of the time single hop. A device communicates directly to the in-tended destination, which is in the sending range. It is however possible toextend the range of a WPAN, and send data to devices outside the send-ing range. Wireless Personal Area Networks can be grouped in clustersto form a larger network (e.g., this is called scatter-nets in the Bluetoothstandard [25]). In this case, the data is forwarded from hop-to-hop (somulti-hop communication).

Wireless: A Personal Area Network (PAN) is in all practical cases wireless,since wiring limits the mobility of the devices in the network. The datais transmitted via the wireless radio. Since wireless communication doesnot stop at the destination, a passive eavesdropper located within receivingrange can receive all transmitted data.

Small number of devices: Since a Wireless Personal Area Network is centeredaround a single or a small number of users, the number of devices in thenetwork is very low. E.g., Bluetooth devices can form pico-nets, whichconsist of at most 8 devices. Often, the number of devices will be evensmaller (two or three devices that need to exchange some data).

User operated: Most devices in the Wireless Personal Area Network will beoperated by a user (e.g., a PDA, mobile phone, laptop, . . . ). This doesnot have to be the same user for all devices. The total number of usersis however quite small, due to the small scale of the network. Otherwise,it would make more sense to define the network as a Wireless Local AreaNetwork (WLAN) [89, 212, 214].

Low bit rate: Mobile devices in a Wireless Personal Area Network often onlyneed to send small amounts of data to each other (e.g., an entry of thephone book or some voice communication). In order to have a low energyconsumption, the bit rate used in the network should be low. E.g., Blue-tooth foresees a maximum bit rate of 3 Mbit/s, using Enhanced Data Rate(EDR) [25].

It is clear that providing security for Wireless Personal Area Networks isessential as wireless links are easy to eavesdrop undetected. One needs a se-curity architecture that guarantees the confidentiality and integrity of messagestraveling in the network, (mutual) data and entity authentication, location pri-vacy, availability,. . . Due to the specific properties of wireless ad hoc networks


and Wireless Personal Area Networks in particular, as discussed above, it is notstraightforward to provide these security services.

The fact that these networks run on battery operated devices with limitedprocessing power means that the security solutions should be as efficient as possi-ble and avoid intensive use of expensive cryptographic operations such as publickey encryption or digital signatures. Otherwise, the energy consumption ofthe security techniques that are applied would be too high. Let us illustrate thisby a practical example. A battery that is often used in mobile phones, is a Nickel-Metal Hydride battery (NiMH ). Such a battery has on average an energy densityof 360 J/cm3 [29, 205]. Experiments of Potlapally et al. [166] have demonstratedthat computing an RSA signature [170], using a 1024-bit key, consumes 546 mJon an Intel SA-1110 StrongARM processor (a 32-bit RISC processor) clockedat 206 MHz. A mobile device containing such a processor and having a NiMHbattery of 1 cm3 can hence only compute around 600 RSA signatures before thebattery is exhausted, which is a low number. Computing a 163-bit signatureusing elliptic curve cryptography (ECC ) [139, 142], which has about the samesecurity level, costs a factor 3 less than the RSA signature [166]. If we comparethese results with symmetric cryptographic primitives, we immediately see a verylarge gap. Employing the Advanced Encryption Standard (AES) algorithm [45,pp.31–52] to compute the encryption of an 128-bit block [44] (using a 128-bitkey) on the same processor only costs 19.36 µJ [166], which is significantly lessthan the RSA or ECC signature. This example illustrates that one has to takethe efficiency of cryptographic operations into account when designing securitysolutions for WPANs. Traditional security mechanisms were not designed withthis property in mind.

Another important issue in the energy consumption of a mobile device is thecommunication cost. Cryptographic algorithms used in a Wireless Personal AreaNetwork should limit the number of messages that need to be exchanged. Ahigh number of messages could substantially increase the communication cost,which is an important part of the total cost. Communication cost can influencethe choice of which particular cryptographic operation to employ (see the resultspublished by Seys [176]).

Because of the limited amount of energy, mobile devices in a WPAN aresusceptible to a particular Denial-of-Service attack [201]. An adversary canperform a sleep deprivation attack [33], in which he tries to exhaust the batteryof a mobile device such that it would go to sleep and become unavailable.

Wireless Personal Area Networks normally operate autonomously withoutaccess to online key servers or certification authorities. Only a limitednumber of mobile devices will be part of the wireless ad hoc network. This meansthat conventional means of key establishment are not always applicable to thesenetworks. From the moment the network is created and online, one cannot usethe services of online central servers to facilitate security services such as signing

1.1. MOTIVATION 5

public key certificates or distributing updated session keys.To make things even more difficult, some networks allow multi-hop routing

and node mobility. This means that nodes do not have a clear idea of the con-tinuously changing network topology. One cannot rely on the presence ofa particular, dedicated mobile device during the establishment of a session keybetween nodes in the WPAN. On distinct moments in time, the network topol-ogy can have changed. The neighborhood of a node changes continuously, andnew trust relationships have to be established every time a new node joins thenetwork.

These specific properties present interesting challenges when designing se-curity and privacy solutions in these environments. Cryptographic techniquesproposed for conventional computer networks cannot be applied in Wireless Per-sonal Area Networks.

Another type of wireless ad hoc networks are Sensor Networks (SN). Suchnetworks typically consist of a high number small sensors, each equipped with thenecessary computing power and communication capabilities. They are deployedin some area of interest and form spontaneously and dynamically a wireless adhoc network to collect and forward the necessary sensing data [19, 107, 167, 203,206]. Security solutions proposed for sensor networks are often not optimal tobe deployed in Wireless Personal Area Networks. The reason is that the formerhave some other characteristics, which heavily influence the design of the securityarchitecture. The most important characteristics of sensor networks that aredifferent from those of a WPAN, are:

Unattended: A very crucial difference between a WPAN and a SN is that inthe former, the devices are under control (and surveillance) by the useroperating them, while in a sensor network, the sensors are distributed insome area and are left unattended. They may be physically impossible toreach once they have been deployed.

Not user operated: A sensor works autonomously, without any user interac-tion. It measures the sensing data, performs the necessary computationsand processing, and forwards the data to other sensors in the network. Mostdevices in a WPAN require user-interaction, and do not work autonomouslyduring their entire lifetime.

Multi-hop: Due to the large scale of a sensor network and the limited commu-nication range of the sensor, data packets are forwarded in a hop-by-hopfashion. In a WPAN, most communication is single hop, directly fromsource to destination without passing intermediate nodes.

Limited power supply: A WPAN is heterogeneous and often contains deviceswhich have a stronger power supply (e.g., a laptop). Some could even beconnected to the power mains in a building. In a sensor network, (almost)all nodes are battery fed and have limited power supply.


Limited processing power: A WPAN is heterogeneous and often contains de-vices which are equipped with strong and fast processors (e.g., a laptop).In a sensor network, (almost) all nodes have very limited processing power.

1.2 Case Studies

It is interesting to go more into detail, and study two widely spread technologiesthat can be used to create a Wireless Personal Area Network (WPAN): Blue-tooth and ZigBee. We will briefly investigate how Bluetooth and ZigBee havetried to solve the security issues discussed above and implemented their securityarchitecture. Next, we will give an overview of their most important securityweaknesses. More details can be found in [179]. Since Bluetooth is currently byfar the most popular technology to create Wireless Personal Area Networks, wehave mainly focussed on this technology when designing new security techniquesin this doctoral thesis.

1.2.1 Bluetooth

In February 1998, the Bluetooth Special Interest Group (SIG) [23] was foundedby major players in the telecommunications and network industries: Ericsson,IBM, Intel, Nokia and Toshiba. In the next 6 years, several other companiesjoined the SIG and now there are already more than 3000 members. The majortask of this organization was the creation of the Bluetooth specification which de-scribes how mobile phones, computers, PDAs, headsets and other mobile devicescan communicate over a wireless link with each other. In 2000, the Bluetoothstandard was included in IEEE 802.15 [90], the Wireless Personal Area Network(WPAN) Working Group. The specifications have been updated several times,the latest version is v2.1, which was published in 2007 [25].

The Bluetooth wireless technology [75] realizes a low-cost short-range wire-less voice- and data-connection through radio propagation. The primary use ofBluetooth is cable replacement, most suited for small networks with relativelyhigh load of communication over short distances. With a normal antenna, themaximal range is about 10 m. The Bluetooth wireless technology uses the 2.4GHz band, which is unlicensed, and can be used by many other types of devicessuch as cordless phones, microwave ovens, WiFi [212] and baby monitors. Toavoid interference, Bluetooth employs spread spectrum and frequency hopping.

Every time a Bluetooth wireless link is formed, it is within the context of apiconet. A piconet consists of maximally 8 devices that occupy the same physicalchannel. In each piconet, there is exactly one master, the other devices are calledslaves. The theoretical maximum bandwidth is 3 Mbit/s. The real bandwidth islower because of error correction. One of the main differences between Bluetooth

1.2. CASE STUDIES 7

and some other wireless technologies is the ability to connect different types ofdevices (e.g., a mobile phone with a PDA).

It is possible to configure the “visibility” of a Bluetooth device. When a de-vice is in non-discoverable mode, it does not respond to inquiries of other devices.When the device is in limited discoverable mode, it is discoverable only for a lim-ited period of time, during temporary conditions or for a specific event. Andfinally, when it is in general discoverable mode, it is discoverable (visible) con-tinuously. Each device is characterized by a factory-established 48-bit identifier,unique for every device: the Bluetooth hardware address.

Bluetooth security architecture

The key agreement protocol [116] is a crucial part of the security architectureof Bluetooth [190]. Suppose that two Bluetooth devices, called A and B, wantto communicate securely (we will assume that A initiates the communication).Initially these devices do not share a secret. They will perform a key agreementprotocol to generate a link key and an encryption key. The latter is fed tothe stream cipher E0. The key agreement protocol of Bluetooth consists of thefollowing phases [185]:

Generation of the unit key: When a Bluetooth device is turned on for thefirst time, it calculates a unit key. This is a key that is unique for every deviceand that is almost never changed. It is stored in non-volatile memory. The unitkey is only used if one of the devices does not have enough memory to storesession keys. The unit key is derived from a random number and the Bluetoothhardware address of the device.

Generation of the initialization key: At the start of a communication ses-sion, the Bluetooth devices do not yet share a session key, and will have toestablish one. This is achieved in different steps. First, an initialization key isgenerated. This temporary key is a function of a random number IN RAND(generated by A and sent to B in clear), a shared PIN and the length L of thisPIN. The PIN should be entered in both devices by a user or it can be fed froma higher layer into the pairing procedure. The length of the PIN can be chosenbetween 8 and 128 bits. Typically, it consists of 4 decimal digits. If one of thedevices does not have an input interface, a fixed PIN can be used (often, thedefault value is 0000). Note that a low-entropy shared secret (the PIN) is usedto generate the initialization key.

Mutual entity authentication: Each time a new shared key is generated (aninitialization key or a link key), both devices perform a mutual authenticationprotocol. The authentication scheme is based on a challenge-response protocol.


AU_RAND

SRES

BA ADDRB

E1

SRES ACO

Klink

AU_RAND

ADDRB

E1

SRES ACO

Klink

AU_RAND

AU_RAND

SRES

BA ADDRB

E1

SRES ACO

Klink

AU_RAND

ADDRB

E1

SRES ACO

Klink

AU_RAND

Figure 1.1: Mutual entity authentication protocol of Bluetooth

This protocol is performed twice. First, B authenticates itself to A, as shown inFig. 1.1. If this authentication is successful, the roles are switched (B becomesthe verifier and A the prover). The authentication goes as follows. A generatesa random number (the challenge) AU RAND and sends this to B. Both devicesnow compute a response SRES = E1(ADDRB ,Klink,AU RAND). AlgorithmE1 is based on the SAFER+ block cipher, with some small modifications [68].This function encrypts the plaintext, which is the concatenation of the challengeAU RAND and the Bluetooth hardware address ADDRB of device B, using theshared key Klink (which is the initialization key or the link key). B sends itsresponse to A. If this response corresponds to the value that A has calculated,then the authentication is successful. Another output of the algorithm E1 is thevalue ACO (Authenticated Ciphering Offset), which is used for the generation ofthe encryption key (see later in this section).

Generation of the link key: Both devices now share an initialization key.This key will be used to agree on a new, semi-permanent key (called the linkkey). The link key will be stored on both devices for future communication.Depending on the memory constraints of both devices, the link key can be theunit key of the memory-constrained device or a combination key derived fromthe input of both devices.

If the unit key of device A is the link key, it is transmitted encrypted from Ato B. This encryption is done by XOR’ing the unit key of A with the initializationkey.

If the link key is a combination key, then both devices first generate a ran-dom number LK RAND. These random numbers are encrypted with the ini-tialization key and sent to the other device. Now they both compute LK KA =E21(LK RANDA,ADDRA) and LK KB = E21(LK RANDB ,ADDRB). The com-bination key KAB is the XOR of LK KA and LK KB . Algorithm E21 is basedon the SAFER+ block cipher, with some small modifications [68]. This functionencrypts the Bluetooth hardware address with a key that is derived from the

1.2. CASE STUDIES 9

random number LK RANDA (or LK RANDB). After the generation of thelink key, the (old) initialization key is definitively discarded and a mutual au-thentication is started using the exchanged link key that is shared between bothdevices.

Generation of the encryption key and the key stream: After a successfulgeneration of the link key and execution of the mutual authentication protocol,the encryption key can be generated. Device A generates a random numberEN RANDA and sends this to B in clear. Both devices generate the encryp-tion key KC = E3(EN RANDA,Klink,COF). The COF value (Ciphering OffsetNumber) is the ACO value which was generated during the mutual authentica-tion protocol. However, if the encryption key is used for broadcast, then theCOF is the concatenation of the Bluetooth hardware address of the sender anditself (so COF = (ADDR||ADDR)). This COF value is concatenated with thevalue EN RAND and encrypted using the algorithm E3 with the shared link keyKlink. The result is the encryption key KC . It has a length of 128 bits, but itslength can be reduced to a truncated encryption key K ′

C if necessary.Finally, the encryption key KC (or the truncated key K ′

C) is fed to the en-cryption scheme E0 together with the Bluetooth hardware address and the clockof the master. These values are used to initialize the four LFSRs and the inter-nal states of the stream cipher E0. With the key stream generator, 200 streamcipher bits are generated, of which the last 128 are fed back into the key streamgenerator as the initial values of the four LFSRs. The internal states are kept.From that moment on, the key stream Kcipher can be generated. The masterclock is used during the initialization in order to make the key stream harder toguess.

Security weaknesses

There are several security weaknesses in the Bluetooth standard [103, 190]. Themost important ones are:

Unit Key: The unit key is employed if one of the Bluetooth devices doesnot have enough memory to store session keys. This key is stored in non-volatilememory and is almost never changed. It is sent encrypted (with the initializationkey) to the other device. This procedure results in an impersonation attack. If Ahas sent its unit key to device B, then B knows the key of A and can impersonateitself as A to a device C. Because of this attack, it is strongly recommended toavoid the use of unit keys.

Location privacy: When two or more Bluetooth devices are communicating,the transmitted packets always contain the Bluetooth hardware address of the


sender and the destination (or an identifier which is directly related to these ad-dresses). When an attacker eavesdrops on the transmitted data, he knows theBluetooth addresses of these devices. The attacker does not have to be physicallyclose to the communicating devices, he can use a device with a stronger antenna(e.g., it is very easy to construct an antenna which can intercept Bluetooth com-munication from more than one mile away [39, 49]) or just place a small trackingdevice near the two Bluetooth devices. This way, the attacker can keep track ofthe place and time these devices were communicating, which is a violation of theprivacy of the user.

Security depends on security of PIN: The initialization key is a functionof a random number, a shared PIN and the length L of the PIN. The randomnumber is sent in clear and hence known by an attacker who is eavesdroppingduring the initialization phase. This means that only the PIN is unknown to theattacker. If an attacker obtains the PIN, he knows the initialization key. Worseyet, since all the other keys are derived from the initialization key, they will alsobe known by the attacker. Hence the security of the keys used in Bluetoothdepends on the security of the PIN. If this value is too short or weak (e.g.,0000), it is very easy for an attacker to guess the PIN. Unfortunately, it is verycumbersome for a user to remember and enter long (and random) numbers.

Note that it is possible to verify a guess of the PIN. The reason is that themutual authentication protocol is executed after the generation of the initializa-tion key. If an attacker observes this protocol, he obtains a challenge and thecorresponding response. The attacker calculates for every guess of the PIN thecorresponding response and when this is equal to the observed response, the guessof the PIN was correct. The shorter the PIN, the faster this brute force attackcan be carried out. Shaked and Wool showed that this attack can be optimizedby employing an algebraic representation of SAFER+, the cryptographic prim-itive used in the mutual authentication protocol [180]. This can be done sincethe operations used in the Armenian shuffles and Pseudo Hadamard Transfor-mations, the basic building blocks of the SAFER+ algorithm, are linear. As aresult, almost the entire SAFER+ round can be implemented as a multiplicationwith a square matrix of size 16. This matrix has an interesting structure andonly contains coefficients which are powers of 2. This results in an efficient andfast implementation. The authors state that a PIN of 4 digits can be cracked inless than 0.06 seconds on a standard PC. This is a critical security problem.

Denial-of-Service attacks: Mobile networks are always vulnerable to Denial-of-Service (DoS ) attacks. They consist of mobile devices and these devices areoften battery powered. Bluetooth is no exception.

However, there are also some more advanced DoS attacks, caused by imple-mentation decisions. A nice example is the black list which is used during the

1.2. CASE STUDIES 11

mutual authentication protocol. To avoid that a device would start the authenti-cation protocol over and over again (and eventually guess the correct PIN), eachdevice has a black list of the Bluetooth addresses of the devices which failed toauthenticate themselves correctly. These devices cannot start an authenticationprocedure during some period. Each consecutive time the authentication proce-dure fails, this period is increased exponentially (until a pre-determined upper-limit is reached). Candolin discovered that this mechanism can be exploited inseveral DoS attacks [33]. An attacker can try to authenticate itself to device A,but change every time his Bluetooth hardware address. All these authenticationattempts will fail and the black list of A will become quite large. This can resultin a buffer overflow attack . An even more elaborate attack exploiting the blacklist mechanism is the following. Suppose device B wants to authenticate itself toA. After A has sent a challenge to B, the attacker sends a wrong response to Ausing the Bluetooth hardware address of B. The authentication will fail, B willbe put on the black list of A and the (correct) response of B will be ignored by A.The attacker keeps repeating this attack and B will never be able to authenticateitself successfully to A.

Encryption algorithm E0: Bluetooth uses the stream cipher E0 for data en-cryption. This stream cipher has several security flaws [3, 41, 63, 70, 79, 131].The attacks with the lowest complexity are the algebraic attacks [41]. Fortu-nately, these attacks do not work in Bluetooth because they need a long keystream during the initialization and E0 in Bluetooth only uses small packets (thepayload ranges from zero to a maximum of 2745 bits [25]). There are howeversome attacks which can be implemented on the E0 algorithm in Bluetooth. Vau-denay found a practical known-plaintext attack [131]. The attack is based on arecently detected flaw in the resynchronization of E0, as well as the investigationof conditional correlations in the finite state machine (FSM) governing the keystream output of E0. It finds the original encryption key for two-level E0 usingthe first 24 bits of 223.8 frames, requiring 238 computations.

Implementation errors: Implementation errors can result in critical securityproblems. A good example is the Bluesnarf attack discovered by Laurie [122]. Itis possible, on some mobile phones, to connect to the device without alerting theowner of the target device of the request, and gain access to restricted portionsof the stored data in the phone. The Bluesnarf attack can also be extended bycombining it with a backdoor attack [122]. The result of this combined attack isthat not only the private data of the mobile phone can data be retrieved, butother services, such as access to the Internet, WAP and GPRS gateways, or evensending an SMS are available for the attacker without the owner’s knowledge.These attacks are caused by implementation errors and hence can be fixed bythe vendors.


Other security problems: When two Bluetooth devices are being paired,these devices will send their “name” to each other. This user-friendly name canbe exploited by a malicious user in a Bluejacking attack [22], by sending arbitraryinformation to the other party. By choosing a misleading name, one could alsotry to force a pairing process with a particular victim.

There are also some security problems in the challenge-response protocol,which uses the algorithm E1, which is based on the SAFER+ block cipher.Kelsea [109] discovered a weakness in the key schedule of SAFER+ that allows akey search to be performed slightly faster than by exhaustive search. This attackis only a theoretical issue and does not really endanger the security of Bluetooth.

Another security flaw is the lack of integrity checks on the Bluetooth packets.An attacker can always modify a transmitted Bluetooth packet without this beingdetected.

Man-in-the-middle attacks are also not prevented in Bluetooth. The reasonis that the data is never authenticated by the sender. And there are almost notime stamps or nonces in the protocols, so the freshness of the messages is notguaranteed.

1.2.2 ZigBee

ZigBee [218] is a specification set of high level communication protocols that op-erate on top of the low-power Media Access Control (MAC) and Physical (PHY)layers described in the IEEE 802.15.4 standard for WPANs [90]. In 2003, theIEEE 802.15.4-2003 standard [91] was approved by the TG4 task group of theIEEE 802.15 Working Group. The ZigBee v1.0 specifications were ratified in2004, based on the IEEE 802.15.4-2003 standard. The TG4 task group put itselfinto hibernation in 2004, after forming the TG4b task group. The task of TG4bis to resolve ambiguities, reduce unnecessary complexity, etc. in the ZigBee stan-dard. In 2006, the IEEE 802.15.4-2006 standard was approved, which supersedesthe 2003 standard. This latest version is currently not publicly available yet.

ZigBee is aimed at extending battery life times of low power devices. The pri-mary use of ZigBee is control and monitoring in wireless sensor networks, mostsuited for large networks with small load of communication over short distances.The maximum range is about 30 m and the theoretical maximum bandwidthis 250 kbit/s. ZigBee operates in the same unlicensed 2.4 GHz radio band asBluetooth. The radios use direct-sequence spread spectrum coding to avoid in-terference. The technology is intended to be simpler and cheaper than otherWPANs such as Bluetooth. The most capable ZigBee node type is said to re-quire only about 10% of the software of a typical Bluetooth or Wireless Internetnode, while the simplest nodes are about 2%. Because of these characteristicsand similarities with Bluetooth, ZigBee can also be used to create a WPAN. Bothtechnologies also share some security weaknesses, as we will demonstrate later inthis section.


ZigBee uses 2 kinds of addressing. There is a 64-bit IEEE address that can becompared to the IP address on the Internet. There is also a 16-bit short address.The short addresses are used once a network is set up. A network can consist ofmaximally 216 = 65, 536 devices.

Security architecture of ZigBee

An important device in a ZigBee network is the ZigBee trust center. This deviceis trusted by all other devices within the ZigBee network and is responsible fordistributing and establishing keys in the network. The ZigBee trust center alsoenforces the policies in the network. These policies state how a device can join orleave the network (securely or insecurely), if and when keys have to be updated,etc. The trust center can be configured to operate in either commercial or resi-dential mode. The former is designed for high-security commercial applications,while the latter is designed for low-security residential applications.

Several types of keys are used in ZigBee; they form a key hierarchy. Thisis shown in Fig. 1.2. If the trust center works in commercial mode, the secu-rity manager of each device (situated in the application layer) will perform thefollowing steps:

1. Obtain the trust center master key: Initially, each device shares a trustcenter master key with the trust center. The device can obtain this trustcenter master key (together with the address of the trust center) in twoways. Or the device acquires the trust center master key via insecure key-transport (e.g., it is sent in clear from the trust center to the device at lowpower), or it acquires this key via pre-installation (e.g., factory installationor based upon data entered by a user).

2. Establish link key with trust center: The trust center and the device,that share a trust center master key, will execute a Symmetric-Key Authen-ticated Key Agreement (SKKE ) protocol to establish a link key with eachother. This is done by feeding two random 128-bit challenges (each devicegenerates one of these challenges and sends it to the other party in clear)together with the trust center master key to a key derivation function. TheSKKE protocol offers key authentication1.

3. Compute key-load key: The key-load key is derived from the link keyand is used by the trust center to transport an application master keysecurely to a device.

1Key authentication is the property whereby one party is assured that no other party asidefrom a specifically identified second party (and possibly additional identified trusted parties)may gain access to a particular secret key [140].


4. Compute key-transport key: The key-transport key is derived from thelink key and is used by the trust center to transport an application link keyor a network (NWK ) key securely to a device.

5. Obtain the network key: The trust center puts the current networkkey in a specially constructed command frame, secures it with the key-transport key and transmits it to the device. This NWK key is used toencrypt broadcast communication and is shared by all the devices in thenetwork.

6. (a) Obtain the application link key: When two devices in a networkwant to communicate securely (end-to-end), they need an applicationlink key. One way to obtain such an application key is as follows: thetrust center generates the application link key and puts it in a speciallyconstructed command frame. This frame is then sent securely to eachdevice. The security of the frame is protected by employing the key-transport key. The advantage of the trust center sending out theapplication link keys directly, is that key-escrow can be implemented.

(b) i. Obtain the application master key: Instead of directly trans-mitting the application link key to both devices, the trust centercan also generate an application master key. It puts this key in aspecially constructed command frame, and sends this securely toboth devices. The security of this frame is protected by employingthe key-load key.

ii. Establish application link key with other devices: Afterthe devices obtained the application master key, they execute theSKKE protocol. This is done exactly as described above. Theonly difference is that the application master key is used to derivethe link key, instead of the trust center master key. The output ofthe SKKE protocol is the application link key, which is used forend-to-end security between both devices.

Security weaknesses

Improper use of the security mechanisms in ZigBee can cause several securityproblems [156, 172, 179]. The most important ones are:

IV (Nonce) management problems: Security information is stored in Ac-cess Control Lists (ACLs). Each ACL entry contains the following security in-formation: destination address, security control field (indicating which securitymechanisms are applied), key, nonce, and the key and frame counters. The nonceis a function of the security control field, the frame counter and the address of


Trust center master key

Trust center link key

Key-load key Key-transport key

Network key

Application link key

Application master key

SKKE

Pre-installation

Computation

Key transport Key transport

SKKE Key transport

Figure 1.2: ZigBee key hierarchy


the sender. Only the frame counter is really variable, and as a consequence, thenonce is derived directly from the frame counter. Reusing the same nonce wouldresult in a serious security weakness, and should hence definitely be avoided.There is however a problem if a key is used in two different ACLs (because inthis case, the frame counter in each ACL is updated independently and this couldresult in the reuse of a nonce) or if a nonce is reused in the same ACL (withoutthe key being updated). The latter can occur when a power failure arises. If theframe counter is stored in volatile memory, and the key in non-volatile memory,then the frame counter would be reset to zero after the power failure, while thekey would remain the same. To avoid this problem, the frame counter and thekey should be stored together in non-volatile memory.

Improper support of group keying: ZigBee does not support group keying.The reason is that each ACL can only contain the address of one destination.This is not compatible with the concept of group keying. Suppose that one woulduse multiple ACLs, one for each destination in the group, then the probability ofreusing a nonce would become very large. As explained above, this can becomevery problematic. On the other hand, if one would use only one ACL, whichwould contain the information of the entire group of nodes (which use the samegroup key), this would not work either. The ACL contains the address of thedestination. This field would have to be updated each time before one of thenodes in the group sends a message. Otherwise, the ACL contains the wrongdestination address, and the device cannot not find the correct ACL entry in itsmemory. Updating the destination address in advance is however not possible,because one would have to know in advance which device is going to send the nextmessage. Another problem would be that each device in the group has to updatethe frame counter every time a message is sent to one of the group members, alsowhen it is was not intended for the device itself. This is not feasible.

Key management: The ZigBee standard states that there can be maximally255 ACL entries. The exact amount of ACL entries is vendor specific, and oftenmuch lower than 255. The number of application link keys a device can maxi-mally share with other devices is equal to the number of ACL entries. So in thebest case, it can only share a key with 255 other ZigBee devices, which is con-siderably less than the maximum amount of 65,536 devices in a ZigBee network.In a WPAN, supporting a maximum of 255 communication runs would probablynot be very problematic, since the number of devices is typically very limited.However, it becomes a problem when the number gets very low (some vendorsonly support 2 ACL entries [172]).

Replay attacks: Every time a message is transmitted to another device, theframe counter is incremented by one. This prevents replay attacks, as frames


with a lower frame counter than stored in the ACL, will be discarded. Thiscan however cause a security problem in broadcast communication. In a ZigBeenetwork, broadcast communication is secured with the NWK key, which is storedin a default ACL. Every time a message is broadcasted, each device in the networkshould increment the frame counter in its default ACL. If a device goes to sleepmode, and does not receive broadcast messages for a certain period of time, itcannot send any broadcast message anymore. The frame counter in its defaultACL will have a lower value than the one in the default ACL of the other devices,and a message with a lower frame counter will be discarded by the other devices,as they wrongfully detect this event as a replay attack. As a consequence, adevice can never go to sleep mode, and this can have an important influence onthe battery life time of a ZigBee device.

Initialization procedure: The secure initialization and installation of themaster key determines the security of the other keys. When an attacker ob-tains the trust center master key, this would compromise the security of theother keys used in ZigBee, as they are all derived from the trust center mas-ter key. A genuine device can obtain the trust center master key via insecurekey-transport or via pre-installation. The former is the easiest method, but veryinsecure. Transmitting a key at low power does not provide any confidential-ity at all, since an attacker with a strong directional antenna can intercept thecommunication. Theoretically, insecure key-transport is only secure when it isconducted in a Faraday cage. This is however not very practical. That is why itis recommended to obtain the trust center master key via pre-installation. This ismore awkward, but provides more security. If this method is not possible due topractical reasons (typically because of the ad hoc characteristic of the network),other secure initialization mechanisms are needed.

Location privacy: The header of a ZigBee frame, which is never encrypted,contains the address of the source and destination device. This address is eitherthe 64-bit IEEE address, or a 16-bit short address (used once the network isset up). When an attacker eavesdrops on the transmitted data, he knows theaddresses of the devices that were communicating. This way, the attacker cankeep track of the place and time that ZigBee devices are communicating, whichis a violation of the privacy. It is especially a problem when ZigBee is used toconnect mobile personal devices.

Insufficient integrity protection: In total, there are 8 security levels thatcan be employed to secure a frame. The payload can be encrypted or not, andthe frame can contain a message integrity code (MIC ) of 0, 32, 64 or 128 bits.This MIC is computed by applying the CCM∗ mode (which is a generic combinedencryption and authentication block cipher mode) of the AES algorithm. Since


a MIC of 0 bits is allowed, it is possible not to apply integrity protection ona frame, which can have serious security consequences. Fortunately, commandframes in ZigBee are integrity protected with a 128-bit MIC.

1.3 This Thesis and Related Work

Providing security for Wireless Personal Area Networks (WPAN) encompassesthe complete security research domain, ranging from developing efficient crypto-graphic primitives and protocols to formulating the appropriate security policies.By applying the appropriate cryptographic solutions, most of the security prob-lems in WPANs can be solved (e.g., the security weaknesses in Bluetooth andZigBee, which were mentioned earlier in this chapter). We can distinguish severalsubtopics in this security research domain (many of them are a complete researchfield themselves):

Key establishment

Key establishment is one of the major issues in the design of a security archi-tecture for Wireless Personal Area Networks. Cryptography reduces the confi-dentiality and integrity of a message to the confidentiality and integrity of a key.When using symmetric cryptography, which will typically be the case in Wire-less Personal Area Networks for efficiency reasons, the parties involved have tonegotiate a secret session key. A good key establishment scheme provides entityauthentication (all parties know the identity of the other parties whom they haveestablished a session key with), key authentication (all parties are assured thatonly authorized parties could have obtained the secret session key) and key con-firmation (all parties are assured that all other authorized parties have knowledgeof the secret session key) [140].

A large number of practical key establishment protocols can be applied inconventional computer networks. These protocols can be based on symmetric orasymmetric cryptographic techniques. Some of the protocols involve an on-linetrusted third party. Key establishment protocols based on symmetric encryptionare often key transport protocols. One party chooses a key a priori and se-curely transfers this key to the other party. Examples are the Authenticated KeyExchange Protocol 2 (AKEP 2) [15], Shamir’s no-key algorithm [114, 140], thebasic Kerberos authentication protocol [113, 141, 148, 202] and the Otway-Reesprotocol [153]. The latter two require interaction with an online trusted server.Key establishment protocols based on asymmetric cryptographic techniques of-ten make use of the Diffie-Hellman key agreement protocol [54]. In order tobe secure, one has to avoid man-in-the-middle attacks. This can be achievedby authenticating the public Diffie-Hellman keys. The Station-to-Station (STS)protocol [53, 55, 140], which is widely used in practice, accomplishes this au-

1.3. THIS THESIS AND RELATED WORK 19

thentication by digitally signing the public Diffie-Hellman keys. Key transportbased on public key encryption involves one party choosing a symmetric key,and transferring it to the other party using that party’s public encryption key(and the corresponding public key encryption algorithm such as RSA [170] orElGamal encryption [59]). In order to have mutual entity authentication and/orkey confirmation, additional steps have to be included in the protocol. Examplesare the Needham-Schroeder public key protocol [146], the X.509 strong two-way(or three-way) authentication algorithm [99] and the Beller-Yacobi key transportprotocol [16].

Due to the characteristics of Wireless Personal Area Networks, conventionalcryptographic algorithms and protocols cannot be applied. WPANs operate au-tonomously without access to online key servers or certification authorities. Se-cure key transport protocols are not suitable for Wireless Personal Area Networkssince most devices do not yet share any cryptographic material. And becauseof the dynamically changing network topology, one cannot rely on a particulardevice being online or part of the network. As a consequence, there is a needfor key establishment protocols that were designed with the characteristics ofwireless ad hoc networks in mind.

There are several proposals for key establishment in wireless ad hoc networksthat make use of certificates and public key cryptography [176]. They try tomodify the concept of a Public Key Infrastructure (PKI ) such that it can beapplied in ad hoc networks. Zhou and Haas [217] propose to distribute thetask of the Certification Authority (CA) to multiple nodes using a thresholdscheme. This solution has the advantage that if one or more of the CAs becomesunreachable, a node can still obtain a certificate, and that an adversary willhave to compromise multiple CAs before he can create false certificates. Seysextended this idea in [177]. The self-organized PKI for wireless ad hoc networkswas introduced by Hubaux et al. [87]. Their scheme is similar to the PrettyGood Privacy (PGP) solution of Zimmermann [220], in the sense that public keycertificates are issued by the users. However, as opposed to PGP, certificatesare stored and distributed by the users and not by trusted online servers. Eachuser maintains a local repository that contains a limited number of certificates.Gehrmann et al. [67] introduce the concept of a Personal CA. The idea is todelegate the task of the CA to one of the mobile devices in the WPAN.

Other key establishment protocols for Wireless Personal Area Networks mech-anism use identity-based public key systems [27, 181]. In identity-based schemes,the public key is mathematically derived from the identity of the user. Knowingthe identity of a user automatically results in the computation of that user’s pub-lic key. There is no need anymore to explicitly authenticate the public keys. Theconcept of identity-based cryptographic schemes has been adapted to wireless adhoc networks in (among others) [50, 110, 209].

Jakobsson and Pointcheval [102] proposed a variation on the STS protocol


that is specifically designed for efficiency. Eschenauer and Gligor [61] presenteda random key pre-distribution to establish keys in ad hoc networks. Many vari-ations and adaptations of this idea have been proposed subsequently. The tech-nique is however more suitable for large scale sensor networks, and less forsmall WPANs. Another solution would be to employ a balanced password-authenticated key agreement protocol. This cryptographic algorithm was firstproposed by Jablon [100] and later standardized in the ISO 11770–4 standard [93].

In chapter 2, we show how pairing protocols enable user operated mobiledevices in a Wireless Personal Area Network to derive a shared secret session keyby making use of out-of-band channels. We propose a new location private pairingprotocol that requires limited user interaction, and a novel pairing protocol thatenables mutual device authentication through presence.

Device authentication

Due to the wireless nature of the communication medium, it is very hard formobile devices to have a clear idea which entity they are communicating with.Device authentication is hence a very important issue, and is necessary to avoidimpersonation and man-in-the-middle attacks (see [140] for an overview of otherattacks on authentication protocols and a discussion on how to avoid them). Itis very related to key establishment, since the latter is not useful without entityand key authentication.

Device authentication by itself (so not in combination with key establishment)can be realized in different ways. One can use challenge-response protocols basedon symmetric cryptography (see the ISO 9798–2 standard [96] for an overview ofthe most common algorithms), challenge–response protocols based on asymmetriccryptographic techniques (see the ISO 9798–3 standard [97] for an overview of themost common algorithms) or zero-knowledge identification protocols. The latterinclude (among others) the Feige-Fiat-Shamir identification protocol [62], TheGuillou-Quisquater (GQ) identification scheme [74] and the Schnorr identificationprotocol [174, 175]. These protocols based on zero-knowledge are less interestingto be used in a WPAN, since they are computationally intensive and require atrusted third party to distribute certain parameters and secret data.

There are two research areas where device authentication in WPANs is par-ticularly important and very challenging. The first area investigates how deviceauthentication can be done by exploiting “physical” characteristics of the mobiledevice. This is especially important to guarantee device and key authentica-tion during the boot-strap mechanism of key establishment protocols based onasymmetric cryptography (i.e. to authenticate public keys in pairing protocols).This research problem is studied in Chapter 2, where we give an overview ofthe most common techniques to construct (authentic) out-of-band channels. Thecharacteristics of these secure side-channels can be used to realize device and keyauthentication.


A second research area where device authentication in Wireless Personal AreaNetworks is studied, is the case where it is not sufficient to know the identityof the other party. In some scenarios, extra information could be needed tohave a successful authentication claim. Often, this required extra informationis the location of the device. This is particularly the case in physical accesscontrol. E.g., to open the door of a building, one needs to have the correctidentity (authorized to enter the building), but also needs to be close to thedoor. The latter is important to avoid relay attacks, where an adversary beingclose to the door impersonates an authorized user (who is located somewhereelse, being unaware of the attack). The location information required during theauthentication protocol can be detailed or not; it can vary from the exact GPScoordinates [51] to the range or direction of the device (relative to the verifyingparty).

This idea of incorporating location information in an authentication protocolis investigated in chapter 3. We introduce the concept of distance bounding pro-tocols. These protocols can be used to provide device authentication based onits presence. It enables a verifying party to determine an upper bound on thedistance between itself and a prover, who claims to be within a certain range.We extended this concept to location verification, by having multiple collabo-rating, non-collinear verifiers. In order to employ these protocols in a WirelessPersonal Area Network, distance bounding protocols should be resistant to biterrors caused by noise. This is discussed in chapter 4, where we propose a noiseresilient distance bounding protocol.

Location privacy

Privacy is an important issue for mobile wireless networks. Until recently, thedifferent components of privacy were considered to be anonymity, pseudonymity,unlinkability and unobservability [80, 94, 161, 215]. The fact is that there ishowever another aspect, namely location privacy. Soon after the Bluetooth stan-dard was released, Jakobsson and Wetzel showed that it is straightforward totrack a device’s whereabouts [103]. As many wireless devices are also personaldevices (e.g., mobile phone, laptop, PDA), this implies that it is also possibleto track the people carrying the mobile devices. The attacker does not haveto be physically close to the communicating devices, he can use a device with astronger antenna (e.g., it is very easy to construct an antenna which can interceptBluetooth communication from more than one mile away [39, 49]).

An attacker keeping track of the place and time mobile devices are commu-nicating, and hence tracking the user operating these devices, can have seriousconsequences. E.g., without location privacy, a terrorist could be capable of dis-covering in which hotel (and even in which room) an important politician stays.This would certainly entail serious security problems. Another example of an at-tack is to track users on a specific location and use this information for location


dependent commercial advertisements (e.g., a shop can send advertisements toeverybody that is nearby). This location based service can be desirable in somecases, but the user should be able to decide when his/her location is revealed andwhen not.

Location privacy is a relatively new issue in privacy, but nevertheless veryimportant in Wireless Personal Area Networks. Solutions to this problem shouldprevent other parties from learning ones current or past location [20]. As WPANsare getting more and more deployed, such location privacy enabling techniquesare gaining in importance.

We demonstrate that the location privacy problem can be solved by usingtemporary pseudonyms [189]. There is not really a need for fixed identifiersin Wireless Personal Area Networks, as it only causes privacy concerns. It isimportant that pseudonyms that are employed in a WPAN are not completelystateless. Otherwise, pairing information, relationships between the different mo-bile devices and network configurations would be lost every time the pseudonymis updated. This would require many re-initializations, which is definitely notefficient and user-friendly.

Traditional pseudonym systems [132] cannot be used to solve the problem in aWPAN, since they require the presence of a central trusted server. Gruteser andGrunwald [72] proposed to protect the location privacy of 48-bit WiFi addressesin a Wireless LAN by using cryptographic hash functions. A hash chain, whichis started with an unpredictable random seed, is used to construct temporarypseudonyms (the last hash constitutes the input for the next application of thehash function). This solution can however not be deployed in WPAN, since unlikeWLAN the former does not employ a client/server topology.

In chapter 5, we propose several practical solutions to the location privacyproblem and formulate a formal model of location privacy in Wireless PersonalArea Networks. This model is applied to several protocols published in theliterature.

Efficient and user-friendly cryptographic protocols

Because of the limited resources of the devices in a Wireless Personal Area Net-work, it is important that cryptographic protocols are as efficient as possible. Ef-ficiency has always been an important characteristic of cryptographic algorithms,but it should be considered as a top priority (as important as the security of thealgorithm itself) when designing cryptographic protocols for WPANs. Due tothe heterogeneity of the ad hoc network, the cryptographic protocols should bedesigned in order that they can be used by the devices which are most restrictedby their available resources. It is not a good idea to design two classes of cryp-tographic protocols: a more secure version for the more powerful devices, and aweaker version for the devices with limited resources. This could be exploited byan attacker, who then will force the devices to use the weaker version (even if


the mobile device has plenty of resources). This causes severe security problems.An example of a practical scenario where this design rule was ignored, is in theBluetooth security architecture. The use of unit keys in Bluetooth is one of themajor security problems of this communication technology.

In Wireless Personal Area Networks, user-friendliness is also very crucial inthe design of security primitives. The devices in a WPAN are typically operatedby a user. To avoid that the user bypasses the security mechanisms, which wouldresult in an insecure network, the cryptographic protocols should only requirelimited and very intuitive user interaction. No technical knowledge about WPANsand security in particular should be required to use a WPAN in a secure way.E.g., entering a few digits on a keyboard, comparing some digits or symbols ona display, touching two mobile devices, . . . is still acceptable. Entering the 160-bit output of a cryptographic hash function is definitely not. The cryptographicprotocols needed to secure the network should be as invisible as possible for theuser. In order to design a secure and practical security architecture for WPANs,user-friendliness should hence certainly be taken into account.

Both energy efficiency and user-friendliness often contradict with the securityof the cryptographic protocol. Making the protocol too simple and/or reducingthe number of operations could result in a lower security level. The goal is tofind the trade-off, such that all three requirements (security, energy efficiencyand user-friendliness) are fulfilled.

All protocols proposed in this doctoral thesis, have taken these design criteriainto consideration. The energy consumption, both caused by expensive computa-tions and communication cost, is reduced as much as possible. In order to ensurethe user-friendliness, the user operating the devices is only required to performa few, easy, short operations (e.g., such as entering a 5-digit number on an inputinterface).

Secure and efficient routing

Most ad hoc routing schemes [157, 160] broadcast messages into the network atsome point [176]. Therefore, most research papers combine proposals for securebroadcast with a discussion on how to use the secure broadcast mechanism tocreate secure routing schemes [158, 159]. Hu et al. [86] present a secure broadcastmechanism that can use several authentication methods. Papadimitratos andHaas propose a scheme based on message authentication codes that requires thetwo mobile nodes to share a secret session key [154]. In [155], the same authorspresent a protocol that is based on digital signatures. This idea is similar to theideas proposed in [85, 197]. Seys and Preneel [178] present a key establishmentprotocol that can be built on top of the Dynamic Source Routing (DSR) protocol.This can be used to build a secure version of the DSR protocol.

In Appendix B, we exploited the specific characteristics of a Wireless BodyArea Networks in the design of a secure cross-layer routing protocol.


Denial-of-service attacks

A Denial-of-Service (DoS) attack is an attempt to make resources unavailablefor its intended users. It is one of the most important problems in computernetworks, certainly because these attacks are often easy to produce. This is evenmore true for wireless ad hoc networks. Radio waves are very sensitive to inter-ference. This is why a signal can easily be jammed by a radio transmission witha frequency close to that used by the wireless network. Even a simple microwaveoven can make a wireless network completely inoperable. An adversary can ex-ploit the network access methods to disconnect a device from the network anddisrupt the topology. The problem is even worse since most mobile devices in thenetwork are battery operated. An attacker can try to exhaust all the energy ofa node and hence force it to go offline. This attack is called a sleep deprivationattack [33] and is very difficult to prevent. Adding (computationally intensive)cryptographic operations to the security architecture helps the attacker to per-form Denial-of-Service attacks. An attacker can try to force a node to performthese operations (e.g., decrypt dummy traffic that was sent by the adversary),and hence exhaust the battery at a much faster rate. Solving one problem (e.g.,confidentiality of data) hence causes another problem (DoS attacks). One has tofind a trade-off in such a way that DoS attacks are more difficult to perform (orcause less problems), without having too much effect on the rest of the securityarchitecture. There are also other particular Denial-of-Service attacks, caused bysome decisions taken during the design of the architecture of the WPAN tech-nology (e.g., exploiting the black list mechanism in Bluetooth).

Interference with other wireless networks and/or devices operating in thesame frequency band are usually solved by techniques such as spread spectrumand frequency hopping. The basic idea of spread spectrum is to deliberatelyspread the transmission energy in the frequency domain, resulting in a signalwith a wider bandwidth. Frequency hopping is one the most common techniquesused to create a spread spectrum. By using this technique, the transmissionfrequency is altered in a predetermined manner. It is used in Bluetooth [25],WiFi [212] and many other products including cordless telephones.

The sleep deprivation attacks are more difficult to protect from. An attackercan always send random data to a mobile node. One should however prevent thisnode from performing computationally heavy (cryptographic) operations, as thisexhausts the battery very fast. This is typically done by putting some asymmetryin the security architecture. E.g., it should be much harder to create an encryptedmessage than to decrypt it. If the node can easily (without consuming too muchenergy) verify that a message is well encrypted (and does not contain randomdata), an attacker has to perform a (computationally heavy) encryption, whichis less interesting from his point of view. Of course, this technique also influencesthe energy consumption of genuine nodes that want to encrypt data. Anotheridea is to use lightweight cryptographic algorithms, which limits the effect of


performing an unnecessary encryption. This way, the consequences of a DoSattack exhausting the battery are reduced. Connection depletion attacks, whichare attacks in which the adversary initiates and leaves unresolved a large numberof connection requests to a particular device, can be prevented by using clientpuzzles [104, 124, 135].

Lightweight cryptographic primitives

Not only cryptographic protocols, but also the cryptographic primitives itselfshould be as efficient as possible in order to limit the energy consumption. Wehave already demonstrated that symmetric cryptography consumes less energythan public key cryptography (see also [81]). The communication cost of theformer is however higher. In some cases, one wants to reduce the energy cost evenfurther, reduce the number of rounds and/or use secure cryptographic primitivesthat consume less energy than AES [45] and other symmetric block ciphers. Ofcourse, the security level should be still high enough such that the cryptographicprimitive can be used to secure the data in the wireless ad hoc network.

It is not entirely clear how to design a secure block or stream cipher thatconsumes significantly less energy. One can try to limit the number of bit changesin flip-flops, lower the processing frequency of the encryption module, reduce theamount of memory, have a lower number of rounds, . . . One should howevernote that such a design strategy is not always beneficial. Reducing the energyconsumption could sometimes result in a higher number of gates. Since the chiparea in mobile devices with ultra-low resources is typically also very limited,this increase in number of gates is undesirable. Another important element isthat the energy consumption of a cryptographic primitive heavily depends on theplatform on which it will be deployed. It can happen that a particular algorithmis very efficient on one specific hardware platform (due to its characteristics), butnot at all on another one. Fortunately, there are some symmetric cryptographicalgorithms which were explicitly designed such that they can be implementedwith very low energy requirements [58]. Some examples are [26, 47, 123, 165].

To authenticate data in a wireless ad hoc network, one-time signature schemescan be used. They typically make use of one-way functions, such as a crypto-graphic hash function. Important examples are the Lamport-Diffie scheme [117]and the HORS one-time signature scheme [169]. Since the output of a crypto-graphic hash function can be computed very efficiently, both one-time signatureschemes do not require extensive computation power. Their disadvantage is thatthey have a large communication cost, which can become a significant part ofthe total energy consumption. Seys [176] compared the total cost of several ver-sions of one-time signature schemes with elliptic curve cryptography (ECC), andsearched for the most optimal cryptographic technique to sign data in a wirelessad hoc network. This evaluation of the total energy consumption depends onseveral parameters, among them the number of devices that on average has to


verify the digital signature.Research is also conducted in the area of lightweight public key cryptogra-

phy. By designing a special hardware architecture and optimizing the arithmeticoperations, one can perform public key encryption with a very low power con-sumption, bandwidth and a limited number of gates. Some recent results werepublished in (among others) [4, 9, 10, 11, 125]. It is however still an open researchproblem if public key cryptography is really suitable to be deployed on deviceswith an extremely low amount of resources, such as RFID tags.

1.4 Outline and Main Contributions

The outline of this doctoral thesis is the following:

• Chapter 1 presents the motivation and context of the work described inthis doctoral thesis. It introduces Wireless Personal Area Networks andshows that traditional cryptographic primitives and protocols designed forconventional computer networks cannot be deployed in Wireless PersonalArea Networks, due to their specific characteristics.

• Chapter 2 introduces pairing protocols, and discusses how they enable useroperated mobile devices in a Wireless Personal Area Network to derive ashared secret session key. It also gives an overview of the most commontechniques to construct an out-of-band channel, a building block used inpairing protocols and the essential part to securely bootstrap key establish-ment protocols in a WPAN. The main security properties of these channelsare discussed and analyzed. In the second part of this chapter, we presenttwo new pairing protocols that we have published in [188] and [193]. Thefirst pairing protocol offers location privacy and combines MANual Authen-tication (MANA) protocols with elliptic curve cryptography. The secondpairing protocol enables mutual device authentication through presence.It combines the concept of a user’s device’s private space with distancebounding protocols.

• Chapter 3 discusses the notion of distance bounding protocols, which en-able a verifying party to determine an upper bound on the distance betweenitself and a prover, who claims to be within a certain range. We give themain guidelines on how to construct a secure distance bounding protocoland illustrate these by discussing the weaknesses and security properties ofseveral distance bounding protocols. We show that the protocol of Watersand Felten [210] is vulnerable to a terrorist fraud and a guessing attack. Inthe second part of the chapter, we extend the idea of determining an upperbound on the distance between two parties to secure location verification ina 2-dimensional plane. Our solution requires at least three collaborating,

1.4. OUTLINE AND MAIN CONTRIBUTIONS 27

non-collinear verifiers that carry out a distance bounding protocol simulta-neously. It is an extended version of the research results we have publishedin [186].

• Chapter 4 shows that it is important that distance bounding protocolsare resistant to bit errors occurring during the fast bit exchange phase ofthe protocols. Such bit errors will occur, as these protocols are conductedover noisy wireless ad hoc channels. We propose the noise resilient MADprotocol, which we have published in [191]. We give a detailed overview ofthe main statistical properties of the Hancke–Kuhn protocol and the noiseresilient MAD protocol. Their performance (in terms of number of roundsand robustness to noise) is compared for both moderately low and relativelyhigh bit error rates. We will derive and compare an upper bound on theallowed bit error rate and a lower bound on the required number of fastcommunication rounds for both secure noise resilient distance boundingprotocols.

• Chapter 5 investigates the location privacy problem in Wireless PersonalArea Networks. We demonstrate that including the fixed unique hardwareaddresses of mobile devices in the header of messages broadcasted into thenetwork leads to severe privacy risks. We consider several communicationscenarios and present new security techniques to solve the location privacyproblem in each of these scenarios. We have published these solutionsin [189, 192]. In a second part of the chapter, we construct a formal modelof location privacy for WPAN, and apply this to analyze and evaluate theexisting protocols in the literature.

• Chapter 6 summarizes the conclusions and provides directions for futureresearch.

We have worked on other research publications that have not been includedin this doctoral thesis.

In [183, 187], we study the security architecture of the Wireless ApplicationProtocol (WAP) and some important properties of the WTLS protocol (the wire-less variant of the TLS protocol). Next, we address the security weaknesses ofWAP and WTLS and propose some countermeasures and good practices whenusing WAP.

In [184], we investigate how mobile agents can securely collect information,protect the collected data against untrusted hosts, and digitally sign transactionsin an untrusted environment. We present an agent-based scenario for mobile com-merce and discuss techniques using multiple agents that have been implementedto provide security in this scenario. Some security threats which lead to new ob-servations on using threshold signature schemes in the context of mobile agentsare also addressed in this publication.


Another research publication discusses the common threats that can be iden-tified when using security tokens such as smart cards in web applications [48].

Chapter 2

Enhanced Pairing Protocols

Symmetric cryptography reduces the confidentiality and integrity of a message tothe confidentiality and integrity of a key. When using symmetric cryptography,which will typically be the case in Wireless Personal Area Networks (WPANs)due to efficiency reasons, the parties involved have to negotiate a secret ses-sion key. Several interesting key establishment protocols can be found in theliterature. They are often based on public key cryptography, make use of keypre-distribution schemes, or rely on a trusted third party. Unfortunately, keyestablishment protocols designed to be employed in traditional networks are notalways applicable to wireless ad hoc networks. The latter normally operate au-tonomously without access to online key servers or certification authorities. Andeven more, since these networks support node mobility, the nodes in the wirelessad hoc network do not have a clear idea of the continuously changing networktopology. These specific properties present interesting challenges when design-ing security and privacy solutions, such as key establishment protocols, in theseenvironments.

In this chapter, we introduce the concept of (enhanced) pairing protocols,which enable devices in a Wireless Personal Area Network to derive a sharedsecret session key. These protocols are often constructed by using out-of-bandchannels. Such a channel is typically inexpensive to setup, and can be employedto securely bootstrap a key establishment protocol in a Wireless Personal AreaNetwork. It has the interesting property that all data transmitted on the channelremains confidential for eavesdroppers and/or that the integrity and authenticityis protected. An out-of-band channel can be created in several ways, dependingon the exact hardware and (physical) characteristics of the devices in the net-work. In this chapter, we give an overview of the most common techniques toconstruct an out-of-band channel, and discuss their main (security) properties.Next, we propose two new enhanced pairing protocols. The first one combinesMANual Authentication (MANA) protocols with elliptic curve cryptography. It

29

30 CHAPTER 2. ENHANCED PAIRING PROTOCOLS

is user-friendly, energy-efficient and offers location privacy. The second enhancedpairing protocol enables mutual device authentication through presence and es-tablishes a session key between personal mobile devices which do not yet shareany authenticated cryptographic material. It makes use of distance boundingprotocols, which enable a verifying party to determine an upper bound on thedistance between itself and a prover, who claims to be within a certain range.

Contributions in this chapter

This chapter extends our research results that were published in [188, 193]. Themost important novel contributions presented here are:

• We present an enhanced pairing protocol that combines MANual Authen-tication (MANA) protocols with elliptic curve cryptography, and have alook at its security properties. To the best of our knowledge, it is the firstpairing protocol that offers location privacy during the establishment of asecret session key.

• We present a key establishment protocol that uses distance bounding pro-tocols and enables mutual device authentication through presence. Oursolution only requires limited user-interaction.

2.1 Constructing Out-of-Band Channels

One of the most important problems in wireless ad hoc networks is: how to estab-lish a shared secret (key) between two nodes in a wireless ad hoc network that donot yet know each other and hence do not share any secret data? This problemis known in literature as the pairing problem [7, 64, 82, 83, 200]. These pair-ings should be established in such a way that a high level of security is achievedeven with minimal user interaction. This excludes pairing protocols in which theshared session key is directly derived from a weak secret. An example of such aprotocol is the initialization mechanism of Bluetooth [25, 103, 131, 190]. Addi-tionally, privacy is also a concern, certainly in Wireless Personal Area Networks.Finally, the pairing should be made instantly, without any preparations. We donot want to rely on any secret cryptographic information shared a priori amongthe nodes.

2.1.1 Defining an extra channel

Most solutions assume that the two mobile nodes share an extra, low bandwidth,secure channel. This secure extra channel is often called the out-of-band channel .The resulting system model is shown in Fig. 2.1. Such an out-of-band channelis typically cheap to setup, and can be employed to securely bootstrap a key

2.1. CONSTRUCTING OUT-OF-BAND CHANNELS 31

Alice BobWireless Ad-Hoc Channel

Secure Out-of-Band-Channel

Figure 2.1: Mobile personal devices share a secure out-of-band channel

establishment protocol in a Wireless Personal Area Network. It has the inter-esting property that all data transmitted on the channel remains confidential foreavesdroppers and/or that the integrity and authenticity is protected.

The out-of-band channel shared among the two mobile nodes (denoted byAlice and Bob in the rest of this chapter), can be private and/or authentic [82, 83]:

Authentic out-of-band channel: The out-of-band channel is authentic if andonly if Bob is guaranteed that a message he receives actually was sent byAlice. The data can however be eavesdropped by others.

Private out-of-band channel: The out-of-band channel is private if and onlyif Alice is guaranteed that the message she sends is only received by Bob.The latter does however not know that the data comes from Alice.

The channel can be private and/or authentic in one direction, or bidirectional.Unless explicitly mentioned differently, we will always assume in the rest of thischapter that the out-of-band channel is bidirectional.

2.1.2 Establishing session keys using out-of-band channels

How to establish a session key using such a secure out-of-band channel? Thisdepends on the type of channel that is shared among the two mobile nodes.

Let us first start by discussing the basis principles of a pairing protocolusing a private out-of-band channel, as proposed by Hoepman [82]. Thebasic version of the protocol is shown in Fig. 2.2 and works as follows. Bothmobile nodes (Alice and Bob) generate a random secret bitstring (respectively pi

and qi) of length n. Next, both devices exchange these random bits via the privateout-of-band channel (denoted by a dashed line in Fig. 2.2). After having receivedthe secret bitstring of the other party, both devices compute the XOR of pi and qi.The result is r, a shared secret of n bits. In order to compute a common sessionkey, one can perform an encrypted key exchange (EKE) protocol . The encryptedkey exchange protocol was first introduced by Bellovin and Merritt [17, 18]. Itenables two parties, which share a low entropy password, to securely exchange ahigh entropy session key. Such an EKE protocol is used as follows. Alice and Bob


Alice Bob

pi ∈R {0, 1}n qi ∈R {0, 1}npi

qi

ri ← pi ⊕ qi ri ← pi ⊕ qi

EKE(r)

Figure 2.2: Pairing protocol for bidirectional private out-of-band channel

perform an EKE protocol using the shared secret r as a low entropy password.The data exchanged in this EKE protocol, is transmitted via the wireless ad hocchannel. The result is a high entropy session key. Any existing, secure EKEprotocol [13, 17, 18, 108, 133] can be used in this pairing protocol.

The situation is completely different if the two mobile nodes share an au-thentic out-of-band channel. Instead of employing an encrypted key exchangeprotocol to establish a secret session key, Alice and Bob will carry out the Diffie-Hellman protocol [54]. Other key agreement protocols based on asymmetric cryp-tographic algorithms could however be used as well. The (simplified) basic versionof a pairing protocol using an authentic out-of-band channel is shownin Fig. 2.3 and works as follows. The protocol starts by Alice and Bob gener-ating their temporary private keys (respectively x and y). Next, both partiescompute their temporary public keys (respectively αx and αy). To avoid man-in-the-middle attacks, these keys have to be authenticated. To accomplish this, themobile devices exchange some bits via the authentic out-of-band channel (denotedby a dashed line in Fig. 2.3). These bits are derived from the public keys (αx andαy) by applying a specific function f() on them. The choice of this function f()depends on the design of the pairing protocol, but is often a cryptographic hashfunction. In order to provide a high level of security, the collision probability ofthe function f() must be low and the first and second preimage resistance of thefunction f() must be high. Since the out-of-band channel typically has a very lowbandwidth, as few bits as possible have to be exchanged through this channel.This should be taken into account when selecting an appropriate function f().In a next phase, Alice and Bob send their temporary public key to each othervia the wireless ad hoc channel. The shared session key K is then equal to αxy.Most pairing protocols for authentic out-of-band channels are designed accordingto this principle.

Since most practical out-of-band channels, shared among two mobile nodes ina Wireless Personal Area Network, are typically authentic out-of-band channels


Alice Bob

x ∈R {0, 1}n y ∈R {0, 1}nf(αx)

f(αy)

αx

αy

K ← (αy)x K ← (αx)y

Figure 2.3: Pairing protocol for bidirectional authentic out-of-band channel

(and hence not private), we will mainly focus on these type of secure channels inthe rest of this chapter.

2.1.3 Overview of existing technologies

Constructing a secure authentic out-of-band channel is quite a challenge and avery active area of research. Different techniques have been suggested in lit-erature, depending on the exact hardware and (physical) characteristics of thedevices in the network. Some of them are more difficult to realize in practicethan others.

Some devices could have more than one secure out-of-band channel available.That is why before the actual pairing protocol starts, the mobile devices shouldperform a handshake protocol, in which they negotiate which out-of-band channelto use during the key establishment procedure. Each device first sends a listcontaining its available out-of-band channels to the other party. Next, theyagree on an out-of-band channel, available by both devices. If they do not sharea secure out-of-band channel, the pairing protocol cannot be executed and hencefails.

We will now have a closer look at the most interesting techniques to createan out-of-band channel, and discuss their main (security) properties.

Pairing based on user interaction

A first category of solutions employs the user itself as the secure out-of-bandchannel. These methods require some user interaction to authenticate the publickeys sent over the insecure wireless ad hoc network. Since almost every mobiledevice in a Wireless Personal Area Network has at least a standard input and/or


output interface, this category of pairing protocols is very important from apractical point of view.

In order to not endanger the usability of the pairing protocol, the user shouldbe considered as a very low-bandwidth secure channel, and therefore be requiredto transfer only a few bits between the two mobile devices. Because of this re-quirement, the ephemeral pairing protocols of Hoepman [82, 83] are not practicalto be employed in a Wireless Personal Area Network. These pairing protocolsrequire the secure out-of-band channel to have a relatively high bandwidth.

Gehrmann et al. present several MANual Authentication (MANA) proto-cols [64, 65, 66]. These techniques enable mobile devices to authenticate theirpublic keys by manually transferring data between the devices. Manual transferrefers to the human operator of the devices performing one of the following pro-cedures: copying data output from one device into the other device, comparingthe output of the two devices, or entering the same data into both devices. Orig-inally, three MANA protocols were proposed by Gehrmann [64]. Later, a fourthMANA protocol was added to the set of manual authentication protocols. Thefour MANA protocols are standardized in ISO 9798–6 [98]. Let us now have acloser look at these important protocols.

The MANA I protocol [64] is designed for the situation where one device(A) has a standard output interface, and the other device (B) a standard inputinterface. The two devices wish to agree on the value of a public data string D(e.g., the public Diffie-Hellman keys). A first generates a random key K, suitablefor use with the check-value function (CV ) shared by the two components. Acheck-value function is a function which efficiently maps strings of bits and a shortsecret key to a fixed-length bitstring. Even more, it has to be computationallyinfeasible to find a pair of data strings (d, d′) for which the number of keys whichsatisfy f(d,K) = f(d′,K) is more than a small fraction of the possible set ofkeys [98]. Typically, the bitlength of K is in the order of 16 to 20 bits. Thisresults in a probability of a successful forgery of around 2−12 or less (2−16 if thekey has a length of 5 hexadecimal digits). A also computes the check-value ofthe data string D. The key and check-value are then output to the display ofdevice A. The user reads these values on the display, and enters both of themon the input interface of device B. The latter then recomputes the check-value ofD using the key K, and compares the result with the value entered by the user.The device outputs an indication of success or failure, depending on whether ornot the check-values agree. Finally, the user copies this success/failure indicationback into device A. In case of a failure, the protocol is aborted. The MANA Iprotocol is depicted in Fig. 2.4.

The MANA II protocol [64] is designed for the situation where both devices(A and B) have a standard display, but neither of them has a standard keypad(although they must both possess a means of indicating successful completion ofthe protocol). The protocol starts by A generating a random key K, suitable for


Output: data D ready Output: data D ready

Both components ready?

Generate K

Compute CV (D)K

Output K and CV (D)K

User enters K and CV (D)K

Recompute CV (D)K

Compare check-values

Output Accept / Reject

User enters result

User enters start

A B

Figure 2.4: MANA I protocol


use with the check-value function (CV ) shared by the two components (bitlengthof 16 to 20 bits). This key is then sent via the insecure wireless ad hoc channelto device B. Next, both devices compute the check-value of the data string Dand output the result, together with the key K, on their display. The user thencompares the values displayed by the two devices. Only when both the key andthe check-value agree completely, the user enters a signal of acceptance into bothdevices. If the check-values or the key values are different then the mechanism hasfailed and the user shall enter a rejection signal into the devices. The absence ofan acceptance signal is interpreted by the device as a failure signal. The MANA IIprotocol is depicted in Fig. 2.5. Note that the security analysis of the MANA Iand II protocol is very similar, since both make use of a check-value.

A different class of manual authentication protocols can be constructed usinga conventional message authentication code (MAC ) algorithm. Both the MANAIII and the MANA IV protocol make use of this primitive.

The MANA III protocol [64] is a slightly modified version of the SHAKEprotocol, proposed by Larsson [118], in which a key is established based on atemporary secret shared between the two mobile devices. It is used if bothdevices have a standard input interface (e.g., a keypad). A shared secret passwordis entered into both devices and randomized verification takes place over theinsecure wireless ad hoc channel. It is important to note that the MANA IIIprotocol requires that the out-of-band channel preserves confidentiality (i.e. thechannel is private). The protocol is depicted in Fig. 2.6. Both keys KA and KB

are generated randomly and are suitable for use with the message authenticationcode (MAC ). Typically, the bitlength of these keys is in the order of 128 to160 bits. The output of the MAC function has the same bitlength. The randomstring R, generated by the user and entered on the input interface of both devices(A and B), is in the order of 16 to 20 bits. It is a temporary secret bitstring,shared between both devices. Both devices compute a MAC function using theirkeys (KA or KB) on the concatenation of their identity, the data string D and theshared secret string R. The output of these MAC functions (denoted by MACA

and MACB) are sent via the wireless ad hoc channel to the other device. From themoment device A has received MACB (and not before), it sends the KA to deviceB. On receipt of KA, device B verifies that MACA is correct. If verification issuccessful, device B sends KB to device A and outputs an indication of success.On receipt of KB , device A verifies that MACB is correct. If verification issuccessful, device A outputs an indication of success. The user verifies that bothdevices have given an indication of success, and if so, enters a confirmation ofsuccess into both devices. If one or both of the devices give a failure indication,then the user enters a failure indication into both devices.

The MANA IV protocol is designed for the situation where one device(A) has a standard input interface, and the other device (B) a standard outputinterface. As in the MANA III protocol, it makes use of a message authentication




Generate K

Compute CV (D)K

Output and KCV (D)K

User enters accept / reject

User enters start

K

Compute CV (D)K

Receive K

Output and KCV (D)K

User compares and KCV (D)K

A B

Figure 2.5: MANA II protocol




Generate KA

Compute MAC (ID , D, R)KA A

Output accept / reject

User enters success / failure

MACB

Receive MACA

BA

User enters R

Generate KB

Compute MAC (ID , D, R)KB B

MACA

Receive MACB

KB

KA

Verify MACA

Verify MACB Output accept / reject

Figure 2.6: MANA III protocol


code (MAC ) function and the out-of-band channel also has to be private. Theprotocol is depicted in Fig. 2.7. The data exchanges and operations are verysimilar to the MANA III protocol. Also the bitlength of the parameters KA, KB

and R are equal for both protocols.

In the proposal of Cagalj et al. [31], the user has to compare the visualrepresentation of a truncated hash value, computed on the public keys exchangedover the wireless ad hoc network, and displayed on the screen of both mobiledevices. This idea is quite similar to the MANA II protocol.

Vaudenay presented a manual authentication protocol using short authentica-tion strings (SAS) [207]. Vaudenay’s SAS protocol is very similar to the MANAII protocol (they are both instantiations of the same protocol family). However,it provides significant improvements over the latter in two aspects. First, thelength of the string to be manually verified by the user is optimal. Only half ofthe length of the string used by the MANA II protocol is needed to achieve thesame level of security. A second improvement is that the operations that need tobe performed by the user, are reduced. This is important from a user-friendlinesspoint of view. The SAS protocol needs in total four moves.

Laur, Asokan and Nyberg propose the MA-3 protocol [120] for mutual dataauthentication based on a cryptographic commitment scheme and short manuallyauthenticated out-of-band messages. It is an improved version of Vaudenay’s SASprotocol: they reduce the number of moves to three. The authors also formallyprove that both protocols require non-malleable commitment schemes in orderto be secure. These results are further extended in [121]. Laur, Asokan andNyberg show that several manual cross-authentication protocols (among themthe MA-3 protocol [120]) are instantiations of the same protocol family thatuses a commitment scheme to temporarily hide a secret key needed for dataauthentication. They also demonstrate that all asymptotically optimal manualdata authentication protocols have a certain structure and that there are noasymptotically optimal two round protocols for data authentication.

The current Bluetooth standard (Specification version 2.1 + EDR) [25] in-cludes the Secure Simple Pairing protocol [24], which can be employed to estab-lish a shared session key. This protocol uses an instantiation of the three roundMana IV protocol to authenticate the public keys during the Diffie-Hellman keyexchange and thus prevents active man-in-the-middle attacks.

We have proposed a similar idea in 2006 [188]. The result is a user-friendlyand efficient pairing protocol that requires limited user interaction. It combinesmanual data authentication (inspired by the MANA I protocol, but other pro-tocols could be used as well) with elliptic curve cryptography (to decrease thecommunication and computation cost). The novelty of our protocol is that itoffers location privacy during the establishment of the secret session key. Thisenhanced pairing protocol will be discussed more in detail in Sect. 2.2.




BA

Generate KA

Compute MAC (ID , D, R)KA A

Output accept / reject

User enters success / failure

MACB

Receive MACA

User enters R

Generate KB

Compute MAC (ID , D, R)KB B

MACA

Receive MACB

KB

KA

Verify MACA

Verify MACB Output accept / reject

Generate R

Figure 2.7: MANA IV protocol


Resurrecting duckling security policy

Stajano and Anderson have proposed the resurrecting duckling security pol-icy [200, 199]. The basic idea of this method is to make physical contact be-tween the two mobile devices (e.g., via a connector), and then exchange somebits via this secure channel. This security policy was originally proposed for theuse case scenario where some devices (e.g., a thermometer) need to be controlledby another one (e.g., a remote control) under well defined special circumstances.There are many potential applications of wireless devices that need to establisha secure transient association between two principals (often a user and a periph-eral). Another interesting application presented by the authors, is a police pistolthat can only be fired when held by the officer to whom it was issued, who forthis purpose might be wearing a sensor or a RFID tag.

The basic idea behind the resurrecting duckling is inspired by biology: aduckling emerging from its egg will recognize as its mother the first movingobject it sees that makes a sound, regardless of what it looks like. This verysimple idea can be adopted in a wireless ad hoc network. Initially, a device is ina pre-imprinting phase. It will recognize as its owner the first entity that sendsit a secret key. This key is transported in plaintext via an electrical contact,established by touching the device by the other one. As soon as this initialkey is received, the device is no longer a newborn and will stay faithful to itsowner for the rest of its lifetime (it is imprinted). If several entities are presentat the device’s birth, then the first one that sends it a key becomes the owner.The controlling device (the “mother”) can break the secure association betweenboth devices. From that moment on, the device goes back to the pre-imprintingphase, waiting for a new association to be established. As a fall-back mechanism,some other device (typically the manufacturer) should be able to bring a deviceback to the pre-imprinting phase. This resurrecting duckling security policy isvery intuitive and user-friendly, which is a very important advantage in WirelessPersonal Area Networks.

To perform the imprinting procedure, both devices need an electrical contactby which some secret data can be exchanged. This electrical contact can beconsidered as an authentic and private out-of-band channel. An adversary is notable to transmit data on this channel, nor eavesdrop the exchanged bits. Thedisadvantage of requiring an electrical contact on both devices, is that it slightlyaugments the fabrication cost of the devices. We can extend the resurrectingduckling security policy, and allow other (similar) ways to imprint a mobile de-vice. If a secret key is exchanged to imprint a device (as described above andproposed in the original resurrecting duckling security policy [200]), the out-of-band channel needs to be private. After having exchanged the secret key, bothdevices can perform an encrypted key exchange (EKE) protocol, as described inSect. 2.1.2. If the out-of-band channel is authentic, the secret key should be usedto authenticate public Diffie-Hellman keys, exchanged via the wireless ad hoc


channel. E.g., one can compute a message authentication code (MAC ) value onthese public keys, and exchange the output of this function via the out-of-bandchannel.

Instead of touching the devices via an electrical contact, one can use NearField Communication (NFC ) [149] to establish a secure association between twomobile devices. This is a short-range high frequency wireless communicationtechnology which enables the exchange of data between devices over about 10centimeter distance. NFC infrastructure is already in use for public transporta-tion, access control and payment. The technology is also present in some mobilephones. Extra security countermeasures are however necessary to make surethe NFC channel is authentic. Replay attacks, or attacks where an adversarymodifies or inserts data [78], should definitely be avoided.

Another way to transfer bits from one device to another, and hence imprintmobile devices, is via intra-body communication [219]. The idea is to use ex-tremely low power currents (in the order of pico Amperes) that travel through thebody and hence transport data bits. A low-frequency carrier (less than 1 MHz)is used to avoid the propagation of energy and minimize remote eavesdroppingand interference. A typical use-case scenario is to exchange electronic businesscards by shaking hands. Such intra-body communication can be considered as anauthentic out-of-band channel. It is not clear if eavesdropping can be prevented.If this is the case, the channel is also private.

An approach inspired by the resurrecting duckling policy is proposed by Bal-fanz et al. [7]. They introduce the concept of location limited channels. A typicalexample is an infrared link (IrDA [92]). Such a channel can be considered as anauthentic out-of-band channel. In order to insert, delete or modify data, theattacker has to be in the line-of-sight. It is difficult to perform such an attackwithout this being noticed. An infrared sensor is available on several types ofmobile phones and laptops.

Wireless physical layer security

Recent advances in information theoretic security have been made in the field ofwireless physical layer security [8, 21, 128]. This theoretic research area analyzesthe secrecy capacity of various channel models. Techniques are proposed to createa secrecy capacity that is strictly greater than zero. The interesting aspect ofwireless physical layer security is that the devices that want to privately exchangesome secret bits are not required to share any cryptographic material (such askeys).

Under certain assumptions, one can exploit the characteristics of a wirelessnoisy communication medium to create an advantage of a legitimate destinationover a passive eavesdropper. E.g., one can use the fact that at a specific momentin time, the physical wireless channel between the source and destination is differ-ent from the channel between the source and a passive eavesdropper, to exchange


secret data [43, 127, 128, 216]. This data is then sent (at that particular moment)at a rate chosen in such a way that the destination can still decode the message,but the eavesdropper cannot. This approach requires (partial) knowledge of thechannel state information between the different entities. It is not very realisticto assume the knowledge of this information. Other techniques make use of acooperating node jamming the wireless channel [115, 151], cognitive interferencechannel models [126, 130], . . . To the best of our knowledge, none of the proto-cols proposed in literature can be practically implemented in a wireless ad hocnetwork, due to the underlying assumptions of the channel models.

Although this research area is still very theoretical and emerging, it shows thatone can transfer bits securely via a wireless ad hoc channel between two mobiledevices, that do not share any secret cryptographic data, without an eavesdropperobtaining any information about the exchanged message. This result could beemployed to distribute keys in a wireless network. I.e. the wireless physicallayer itself is used as a private out-of-band channel (it is not authentic). Thewireless physical layer can hence be employed to exchange secret data betweentwo devices, which then can be used to derive a temporary session key (e.g.,via an encrypted key exchange (EKE) protocol). Although this approach looksvery promising, more research is needed to design practical schemes that areinformation theoretic (or computationally) secure under milder and more realisticassumptions.

Shaking the mobile devices together

Another class of pairing protocols assumes the devices are equipped with anaccelerometer. The mobile devices that need to establish a shared session key,can then be shaken together. The accelerometers measure these movements, andsince both devices follow (more or less) the same pattern, they will obtain thesame measurements, and hence share some data. This shared data can then beused to derive a secret session key.

Castelluccia and Mutaf describe a movement-based pairing protocol for CPU-constrained devices [38]. It is an extension of the protocol proposed by Alpernand Schneider [2]. In their paper, the authors present a new pairing protocolthat allows two CPU-constrained wireless devices to establish a shared secretat a very low cost. This is done by shaking the mobile devices during the keyexchange protocol.

Mayrhofer proposes a protocol for generating secret shared keys from simi-lar sensor data streams [136]. When two (or multiple) devices are in the samesituation, and thus experience the same sensor readings, this constitutes sharedsecret information. These data streams could be generated from joint movementof the devices. This idea is further investigated in [137]. The authors introducea new method for device-to-device authentication by shaking devices together.Their paper describes two protocols for combining cryptographic authentication


techniques with known methods of accelerometer data analysis to the effect ofgenerating authenticated, secret keys.

The idea of shaking two devices together, and using the data from the ac-celerometers to generate secret keys is very suitable for Wireless Personal AreaNetworks. It is easy for non-technical users to execute this protocol successfully,which is an important requirement to employ the pairing protocol in practice.The channel can be considered as an authentic out-of-band channel, since an at-tacker cannot influence the movement of the devices. The channel is not private,unless an attacker is not able to reconstruct the pattern in space the deviceshave covered. In most (realistic) scenarios, this can not be assumed (e.g., be-cause the adversary captures the movement on a video camera, and reconstructsit afterwards). There are some important disadvantages when using this type ofout-of-band channel. With the current state-of-the-art protocols, the user has toshake the devices at least 10 seconds to generate keys with an appropriate levelof security. This is not very user-friendly. The pairing protocol is also only suitedfor small mobile devices (e.g., shaking a laptop is probably not a good idea). An-other practical problem is the (not negligible) cost of adding an accelerometer toeach of the mobile devices. There are however some mobile phones available forsale which already have an accelerometer, and hence could execute this pairingprotocol.

Visual out-of-band channel

Wireless Personal Area Networks commonly consist of mobile phones. This prop-erty can be exploited when designing a pairing protocol for WPAN. Mobile phonesalways have an output interface (a display), and recent versions often contain acamera. Since the camera of one mobile phone can be pointed to the displayof another one, this visual out-of-band channel can be used to pair the two mo-bile phones. The devices can show a visual representation of the output of acryptographic hash function computed on the public Diffie-Hellman keys (e.g.,representing the bits by black and white pixels on the screen). This output ofthe hash function is then transported via the visual out-of-band channel to theother mobile phone. It is quite user-friendly, since the user does not have to docomplicated, technical actions (only pointing a camera of a mobile phone to thescreen of the other device).

A visual out-of-band channel shared between two mobile phones can be con-sidered as an authentic out-of-band channel. An attacker cannot modify, insertor delete the data displayed on the screen of a mobile phone that functions nor-mally. Only by installing a virus on the phone or tampering with it, the adversarycan take control over the device and display other data on the screen. But if thisis the case, the attacker already has full control over the mobile phone, anddoes not obtain an additional benefit by performing a man-in-the-middle attack.The channel is not private, unless an attacker is not able to eavesdrop on the


data shown on the display. In most (realistic) scenarios, this cannot be assumed(e.g., because the adversary captures the data by a small video camera hiddensomewhere near the mobile phone).

In [138], a system that utilizes 2-dimensional barcodes and camera-telephonesto implement a visual channel for authentication and demonstrative identificationof devices is presented. Strong mutual authentication in this system requiresrunning two separate unilateral authentication steps. Saxena et al. improve thistechnique, and show how strong mutual authentication can be achieved with aunidirectional visual channel [173]. The authors show how a visual out-of-bandchannel can be used even on devices that have very limited displaying capabilities,all the way down to a device whose display consists of a cheap single light-source,such as a LED. They also describe a new video codec that may be used toimprove execution time of pairing in limited display devices. This video codeccan of course also be used for other applications besides pairing.

Audio channel

Instead of using a visual out-of-band channel, one can also use audio to transportdata in an authenticated way from one device to another. This is even more user-friendly, since the user does not have to perform any task at all. Everything canbe automated, the user only has to press a “start” button on both device. Thereare however also some important disadvantages when using the audio channel asa secure out-of-band channel. It is not always allowed or desired to have yourmobile phones making some noise (e.g., during a meeting). That is why ultra-sound is definitely preferred to audio audibly by humans. The former howeverhas the disadvantage that it increases the cost, since ultra-sound receivers andtransmitters have to be added to the device’s hardware.

A second and more important problem is the security of the audio out-of-band channel. It is certainly not private, since an attacker can easily eavesdropthe audio transmitted by a mobile device. In most cases, it is however also notauthentic, since a device receiving an audio message does not know the source ofthis data. An attacker could have broadcasted the message from another location.That is why the audio channel can only be employed as an authentic out-of-bandchannel when this is combined with other security mechanisms. One could requirethe user to enter some specific (or random) data on the input interface of themobile device. This data can then be used in the rest of the pairing protocol.One could combine the audio channel with distance bounding protocols (whichwill be discussed more in detail in Chapter 3). These protocols enable a verifyingparty to determine an upper bound on the distance between itself and a prover,who claims to be within a certain distance.

Kindberg and Zhang suggest to use ultra-sound to validate and secure spon-taneous associations between wireless devices [112]. The devices measure theround trip time to check that the ultra-sound message originated from the cor-


rect source. As we will discuss in chapter 3, this is not sufficient. Secure distancebounding protocols have to be deployed to preclude man-in-the-middle attacks.Ultra-sound is also not secure if there is an attacker physically present.

Goodrich et al. introduce the Loud-and-Clear system, which uses the audiochannel for human-assisted authentication of mobile devices that do not yet knoweach other [71].

Integrity regions

In [32], Cagalj et al. proposed integrity codes, a coding scheme that provides in-tegrity protection of messages exchanged between entities that do not hold anymutual authentication material. The construction of integrity codes enables asender to encode any message such that if its integrity is violated in transmissionover a radio channel, the receiver is able to detect it. In order to achieve this goal,they rely on the physical properties of the radio channel and on unidirectionalerror detecting codes. If the receiver is aware of its presence in the transmis-sion range of the sender, integrity codes enable message authentication throughpresence awareness.

This idea is further extended by Capkun and Cagalj. They introduce the con-cept of integrity regions [37], a security primitive that enables integrity protectionof messages exchanged between mobile devices that do not hold any mutual au-thentication material. Their solution makes use of lightweight ranging techniquesand visual verification within a small physical space, and offers unilateral authen-tication. In Sect. 2.3, we propose an improved version of this protocol, which isalso based on the visual verification of entity proximity, but achieves mutualentity authentication. Our protocol makes use of distance bounding protocols,which enable a verifying party to determine an upper bound on the distancebetween itself and a prover, who claims to be within a certain range.

2.2 Location Private Pairing Protocol Based on

User Interaction

As already noted earlier in this chapter, mobile devices in a Wireless PersonalArea Network are often operated by a user and have at least a standard inputand/or output interface (except for some devices such as wireless headsets orwatches). This input interface often varies between a simple keypad (e.g., ofa mobile phone) up to a keyboard (e.g., of a laptop). The output interface isoften a standard display. Since these interfaces are already present without extracost and the user controls the mobile devices, pairing protocols based on userinteraction are very interesting from a practical point of view.

2.2. LOCATION PRIVATE PAIRING PROTOCOL BASED ON USERINTERACTION 47

2.2.1 Our enhanced pairing protocol

We will now present an enhanced pairing protocol that requires the user to en-ter a few hexadecimal digits in order to authenticate public Diffie-Hellman keysexchanged via the insecure wireless ad hoc channel. We assume that both de-vices have a standard input and output interface. The protocol was originallydesigned to be employed for Bluetooth, but can be used in other communicationtechnologies for Wireless Personal Area Networks too. The discussion presentedbelow extends the research results that were published in [188].

The enhanced pairing protocol will be used to pair two mobile, user-operateddevices (denoted by Alice and Bob) in a Wireless Personal Area Network. Toreduce the communication and computation cost, both devices will carry out theDiffie-Hellman protocol [54] in the group of points defined by an elliptic curve Eover a finite field [139, 140]. We assume that the mobile devices already sharethis elliptic curve E and a point P on this curve (all devices in the same WPANwill share the same parameters). An elliptic curve key size of at least 160 bitsis recommended (this corresponds to a security level of 80 bits). Our enhancedpairing protocol also needs the following cryptographic primitives.

h2(p), h3(p) : E → {0, 1}n are two pairwise independent cryptographic hashfunctions that map a point p on the elliptic curve E to an n-bit string.We recommend a bitlength of at least 128 bits. In practice, both cryp-tographic hash functions can be derived from a single cryptographic hashfunction h using the equation hi(m) = h(m ‖ i) (where ‖ denotes the con-catenation of bits), as was proposed by Hoepman [82]. In order to providea high level of security, the collision probability of the cryptographic hashfunctions must be low and the first and second preimage resistance of thecryptographic hash functions must be high.

CVk(m, p) : M × E ×K → {0, 1}q is a check-value function that maps a messagem from a message space M , a point p on an elliptic curve E , and a key kfrom a key space K, to a q-bit string (which is called the check-value). Inorder to provide a sufficient level of security, the collision probability of theoutput of the check-value function (for a fixed key k) must be low enough.A key length of 16-20 bits and a check-value length of 16-20 bits is in mostcases sufficient [64, 66].

MACk(p,m) : E ×M ×K → {0, 1}n is a message authentication code (MAC )function that maps a point p on an elliptic curve E , a message m from amessage space M , and a key k from a key space K, to an n-bit string. Thekey length of the MAC function should be at least 128 bits to provide ahigh level of security. The NESSIE project [147] has published a list ofseveral secure MAC algorithms.


Alice Bob

Start pairing

a ∈R {0, 1}l b ∈R {0, 1}lR ∈R {0, 1}mk ∈R {0, 1}q

s← CV k(R, aP )(k, s)

(R, aP )

Verify s

K ← h2(abP )

x← h3(abP )

t← CV k(R, bP )

u← MAC x(bP,R)t

(R, bP, u)

Verify t

x← h3(abP )

K ← h2(abP )

Verify uEK(R, aP, bP )

Figure 2.8: Location private pairing protocol based on user interaction

Our enhanced pairing protocol, which is shown in Fig. 2.8, is inspired bythe MANA I protocol (other protocols can be used as well) and the anonymousephemeral pairing protocols of Hoepman [83]. It offers location privacy duringthe establishment of the secret session key (location privacy in WPANs will beextensively studied in chapter 5). During the execution of the pairing protocol,the devices will use a shared temporary, random identifier R (a pseudonym)instead of their unique identifiers. The aspect of location privacy is an importissue in Wireless Personal Area Networks. To the best of our knowledge, ourpairing protocol is the first protocol that has taken this aspect into consideration.All messages transmitted during the execution of the pairing protocol will bebroadcasted and contain the temporary identifier R.

Our location private pairing protocol, which is depicted in Fig. 2.8, works as


follows:

Alice and Bob start the pairing protocol when the user presses a buttonon both devices (or performs another specified operation). From this momenton, both devices are in “pairing-mode” and will not ignore communication fromunknown devices anymore. Alice then starts the protocol by generating a randomsecret value a and computing the point aP on the elliptic curve E . Bob generatesa random secret b and computes bP . Alice also generates a random, temporaryidentifier (pseudonym) R and a random, one-time key k. This key k is then usedto compute the check-value s of (R, aP ).

Next, a manual authentication protocol is executed (as a default solution, weuse the MANA I protocol, but other (MANA) protocols are also possible). Thevalues of k and s are shown on the output interface of Alice, and the user entersthem on the input interface of Bob.

In parallel with executing the MANA protocol (just after this operation), Alicebroadcast the data D = (R, aP ) via the wireless ad hoc channel. All devices willreceive this message, but only the devices which are in “pairing-mode” will storeD in their temporary memories. For every message D = (R, aP ) Bob receives,it computes the check-value using the key k and compares the output with thevalue s. If the check-value is correct, Bob computes the point abP on the ellipticcurve E . This Diffie-Hellman key is mapped to a session key K and a MAC-keyx. Bob stores the entry (R,K) in a table containing the temporary identities andsession keys of the devices it is paired with.

Next, it generates the check-value t of the temporary identifier R and itspublic Diffie-Hellman key bP . This check-value is transported to Alice via theout-of-band channel (MANA I protocol): it is displayed on the screen of Bob,and the user enters the value on the input interface of Alice.

In parallel with executing the MANA protocol (just after this operation),Bob broadcast the triplet (R, bP, u) via the wireless ad hoc channel. The valueu is equal to the MAC computed on (bP,R) using the key x and is used for keyconfirmation.

Alice waits until it receives a triplet containing the identifier R (all othermessages will be ignored), computes the check-value on the received data (R, bP )and verifies if this equals t. If this is correct, Alice computes the point abP on theelliptic curve E and maps it to the session key K and the MAC-key x. Finally,it verifies the MAC value u using the key x. After successful verification of thisMAC value, Alice stores the entry (R,K) in a table containing the temporaryidentities and session keys of the devices it is paired with. Because of this lastverification step, Alice has the confirmation that Bob knows the point abP onthe elliptic curve E , and hence also the session key K.

As a last step in the pairing protocol, Alice constructs a message containingthe pseudonym R and the public Diffie-Hellman keys aP and bP and encryptsthis message using the key K. This message is sent to Bob in order to have


mutual key confirmation. By decrypting this message and verifying the content,Bob knows that Alice possesses the key K.

The session key K is used to protect the data traveling between Alice andBob (both confidentiality and integrity should be provided). The identifier R isused to avoid an attacker tracing the mobile devices. In order to achieve locationprivacy, the pseudonym R should be updated every time a message is sent. Moreinformation on how to derive and update pseudonyms can be found in chapter 5.

2.2.2 Evaluation of the pairing protocol

We now evaluate the main (security) properties of our location private pairingprotocol, and investigate which security problems it solves.

Location privacy

Pairing protocols are employed in wireless ad hoc networks. Due to the char-acteristics of these networks and the wireless communication medium, messagessent by one mobile device are received by all other devices which are in thetransmission range. To make sure that the destination knows it is the intendedrecipient, there should be a way to identify the source (and/or destination) ofa message. Otherwise, the devices that are going to be paired have no meansto find out which public Diffie-Hellman key they have to use during the pairingprocess, and they hence have to try all public keys that are broadcasted in thenetwork. Also key confirmation becomes an issue. A device does not know if anincorrect key confirmation message is the result of a failed attempt by the otherparty (this would result in a failure of the pairing protocol), or a message thatwas intended for another device (this should have no effect on the outcome of thepairing protocol). Most pairing protocols do not take this issue in account, andhence implicitly assume that the messages contain some “identification informa-tion”. Typically, this is done by including the source and destination address inthe header of the message.

As will be discussed more in detail in chapter 5, putting the address of thesource and destination in the header of a message leads to location privacy prob-lems. An attacker receiving these messages (that are broadcasted in the wirelessad hoc network) can use these to track mobile devices. And since the mobile de-vices in a Wireless Personal Area Network are operated by a user, an adversarycan use this attack to track people. This attack should definitely be avoided.

To solve this privacy problem, one has to employ temporary pseudonyms in-stead of the fixed, unique addresses of the mobile devices. To the best of ourknowledge, our pairing protocol is the first pairing protocol that offers locationprivacy during the establishment of a secret session key. We use a temporary,random identifier R, which is generated by Alice. Since R is randomly generated,


there is no relation between this identifier and the fixed, unique hardware ad-dresses of Alice and/or Bob. After the key establishment procedure, the identifierR will be updated (every time a message is exchanged between Alice and Bob)using a key that is derived from the session key. Since the attacker does notposses this key, he cannot link the messages to each other, and hence not trackthe mobile devices. If the pairing protocol is conducted again at a later momentof time, Alice generates a new random identifier R’, which is independent fromthe former pseudonym R. To avoid collisions, the length of R should be longenough (preferably the same bit length as the hardware addresses of the mobiledevices).

Using a random, temporary identifier R has an influence on the complexityof the protocol. Alice broadcasts it public Diffie-Hellman key together with R inthe wireless ad hoc network, and authenticates both of them via the out-of-bandchannel. At that moment, Bob does not yet know R, and hence has to try allreceived pairs (R, aP ), until the check-value output of one of them equals thevalue received via the out-of-band channel. When in a later stage Bob sends itspublic key to Alice, it can use the identifier R. As a result, Alice immediately candetect if it is the intended destination of the message, and hence does not have tocheck all received public keys. So realizing location privacy during the executionof the pairing protocol results in a workload that lies between the workload ofnon-anonymous pairing protocols (where both parties immediately know whichpublic Diffie-Hellman key they have to use during the key establishment protocol)and the workload of protocols where no identification information is used (whereboth parties have to check all public keys that are broadcasted in the network).

Man-in-the-middle attack

Our enhanced location private pairing protocol was originally proposed to replacethe initialization mechanism of Bluetooth. As has already been discussed inSect. 1.2, the default way to establish a session key in Bluetooth, is by having theuser entering a PIN on the input interface of both devices, and deriving a key fromthis (low entropy) secret value. A passive eavesdropper can crack the PIN off-line and can recover the secret session key and hence decrypt all confidential dataexchanged between both Bluetooth devices. By employing our pairing protocol,the user does not have to enter a PIN anymore. The data entered by the userauthenticates the public Diffie-Hellman keys. As a result, a passive eavesdroppercan no longer obtain the secret session key. The most interesting attack anadversary can perform to decrypt all confidential data exchanged between twomobile devices, is a man-in-the-middle attack. Note that this is the case for allpairing protocols that make use of an authentic out-of-band channel.

An attacker obtaining k and s (e.g., by observing the user when he entersthese values on the input interfaces of the device) can perform a substitutionattack. This man-in-the-middle attack is performed by first searching for a data


string D′ = (R′, a′P ) that satisfies the property CVk(R′, a′P ) = CVk(R, aP )and a data string that satisfies the property CVk(R, b′P ) = CVk(R′, bP ). Theattacker then substitutes the message D = (R, aP ) in the pairing protocol byD′ = (R′, a′P ) and hence forces Bob to compute the point a′bP on the ellipticcurve. Finally, the attacker calculates u′ = MACx′(b′P,R), and sends the triplet(R, b′P, u′) to Alice, which will compute the point ab′P on the elliptic curve. Asa result of this substitution attack, the attacker shares a key h2(ab′P ) with Aliceand a key h2(a

′bP ) with Bob. However, both devices think that they share asecret session key with each other.

The success probability of an attacker performing a substitution attack de-pends on the cryptographic strength of the check-value function. In order toprovide a high level of security, the collision probability of the check-value func-tion must be low. This can be guaranteed by using check-value functions obtainedfrom error correcting codes [106], as discussed in the ISO 9798–6 standard [98].By using a Reed-Solomon code [168], a key and check-value output of 4 hexadec-imal digits gives a success probability of a substitution attack of around 2−12

or less. If this is increased to 5 hexadecimal digits, the probability decreases toaround 2−16 or less.

User-friendliness

An important design criterion when designing a pairing protocol, is the user-friendliness. One has to avoid the user having to enter (or visually compare) largebitstrings. This would increase the probability of making errors (which wouldresult in a failure in the protocol), and could also be abused by an attacker (e.g.,if the user has to visually compare bitstrings that are almost equal, he wouldmaybe not detect a few differences and accept them as being equal). That is whywe have to limit the user interaction and input as much as possible.

In (the default version of) our scheme, the user is required to press a buttonon both devices to start the pairing protocol, and entering three short values.These are the key k, and the check-values s and t. Each of them is relativelyshort, typically 4 or 5 hexadecimal digits. This is probably still acceptable, asit is comparable with the required user interaction of other applications (e.g.,online banking).

Energy efficiency

Since the pairing protocol has to be conducted by mobile devices in a wireless adhoc network, energy efficiency is also a very important design criterium. The mostenergy consuming cryptographic operation in our pairing protocol is the Diffie-Hellman protocol in the group of points defined by an elliptic curve. One of theadvantages of working in this group is that it is a factor 3 more efficient thanperforming (standard) Diffie-Hellman in the multiplicative group Z

∗p [81, 166].


If one increases the security level, elliptic curve cryptography (ECC ) becomeseven more efficient compared to the standard Diffie-Hellman protocol. Anotheradvantage of elliptic curve cryptography is a shorter key length (ECC with 160bits is equivalent to standard Diffie-Hellman with a key length of 1024 bits [145]).This reduces the memory and communication cost.

For some mobile devices, carrying out the Diffie-Hellman protocol in the groupof points defined by an elliptic curve could still be a very demanding operation.Fortunately, the pairing protocol is only performed to establish a session betweentwo devices that do not yet share any cryptographic material. From the momentthey share a secret session key, they can use this session key to refresh it. Thisway, they do not have to perform the (more demanding from energy and compu-tation point of view) pairing protocol again. So as long as a mobile device withlimited capacities does not have to make too many new (secure) connections,there will be no problem. As the cost of computation power decreases every year(devices get more powerful), more devices will be able to conduct this pairingprotocol in the near future without any problem.

Denial-of-Service attacks

Note that the verification of the check-value t prevents a Denial-of-Service (DoS)attack. An attacker could send random messages containing the identifier R andforce Alice to perform many point-multiplications on the elliptic curve E . Such apoint-multiplication has an average energy cost of 300 mJoules [81]. This attackwould hence exhaust the battery power of Alice very quickly. That is why theDiffie-Hellman protocol is only executed after the verification of the check-valuet.

If our enhanced pairing protocol will be employed to securely bootstrap Blue-tooth communication, another Denial-of-Service attack can be prevented too.Since the user no longer has to enter a shared PIN to derive a session key, themutual authentication protocol conducted in the Bluetooth key agreement pro-tocol is not needed either. This mutual entity authentication protocol containeda black list mechanism, which was used to avoid that a device would start theauthentication protocol over and over again (see Sect. 1.2 for more details). Ashas already been discussed, this black list contains the Bluetooth addresses ofthe devices which failed to authenticate themselves correctly. These devices weredenied to start an authentication procedure during some period, which was ex-ponentially increased at consecutive failed attempts. Candolin discovered thatthis mechanism can be exploited in several Denial-of-Service attacks [33]. Theuse of the black list, and hence the Denial-of-Service attack, is avoided by ourenhanced pairing protocol.


2.3 Key Establishment Using Distance Bound-

ing Protocols

As discussed in Sect. 2.1, two mobile devices (denoted by Alice and Bob) which donot yet share any authenticated cryptographic keys, can establish a shared sessionkey by performing the Diffie-Hellman key exchange protocol, and authenticatingtheir public keys via a secure out-of-band channel.

To create such a channel, we exploit the fact that mobile devices in a WirelessPersonal Area Network are often close to each other, in the immediate neighbor-hood of the user. To cryptographically enforce the concept of “proximity”, dis-tance bounding protocols can be used. These protocols, which were introduced byBrand and Chaum [28], combine physical and cryptographic properties and en-able a verifying party to determine an upper-bound on the distance between itselfand a prover, who claims to be within a certain range. Secure distance bound-ing protocols measure the time of flight during n fast communication rounds, inwhich a challenge-response protocol is conducted. Most distance bounding pro-tocols make use of electromagnetic signals to transport data during the n roundsof fast bit exchanges. If there is no attacker physically present between the proverand verifier, ultra-sound can be employed. This has the advantage that the ac-curacy of the measurements is not very critical, since the propagation speed ofultra-sound is relatively slow. Distance bounding protocols will be extensivelystudied in Chapter 3 and 4. We refer to these chapters for more details.

To exploit the “proximity” in creating a secure out-of-band channel, we usethe concept of a user’s (device’s) private space, which was introduced byCapkun and Cagalj [37]. The user’s (device’s) private space can be (informally)defined as follows: it is the largest spherical space, centered around the user’s(device’s) location, within which the user can visually verify the presence of othertrusted devices AND the absence of untrusted nodes and adversaries. It is graph-ically depicted in Fig. 2.9. In this figure, A and B are in each other’s privatespace, but all other nodes are not. The size of the user’s private space is variable(e.g., it will be much smaller in a crowded room than in open air). By combiningthe notion of a user’s private space and the concept of secure distance boundingprotocols, one can create a key establishment protocol that achieves mutual de-vice authentication, as we will show in this section. The results presented belowextend the research results that we have published in [193].

We expect that the users operating the mobile devices are able to visuallyverify the presence of each other’s devices within a very small range. Dependingon the situation and the environmental constraints (presence of walls, other peo-ple, . . . ), this radius can vary from a few centimeters up to a couple of meters.By introducing the concept of a user’s private space, we assume that the attackeris not in the proximity of Alice and Bob (i.e. outside and hence not physicallypresent in the user’s private space), as illustrated in Fig. 2.9. However, this does

2.3. KEY ESTABLISHMENT USING DISTANCE BOUNDINGPROTOCOLS 55

AB

dA

dB

E

C

AttackerD

F

Figure 2.9: The concept of a user’s (device’s) private space

not imply that all communication between Alice and Bob is confidential. We as-sume that the attacker is able to modify his antenna, and hence can transmit andreceive signals from a very large distance (much larger than the communicationrange of other devices in the wireless ad hoc network). In addition, an attackercould have control over several devices in the network, but all these maliciousnodes are also located outside the private space of Alice and Bob.

The goal of our pairing protocol is to establish a session key between twomobile devices located in each other’s private space. The key establishmentprotocol, which is shown in Fig. 2.10, is carried out as follows:

Alice and Bob start the key establishment protocol by generating a randomnonce (NA and NB respectively) and a (temporary) public key (gxA and gxB

respectively), that will be used in the Diffie-Hellman protocol [54]. To simplifyour discussion, we use the Diffie-Hellman key agreement protocol over a finitecyclic group G with generator g. G is a subgroup of Z

∗p, the multiplicative group

of non-zero integers modulo a large prime p. Other groups, such as the groupof points defined by an elliptic curve E over a finite field, can be used too (thelatter is recommended for efficiency reasons).

Next, Alice and Bob construct a string mA (or mB) which consists of theconstant 0 (or 1), the (temporary) public key gxA (or gxB ) and the randomnonce NA (or NB). A commitment to this bitstring is sent over the wirelessad hoc network to the other party. Any secure commitment scheme which isunconditionally hiding and conditionally binding (or conditionally hiding andunconditionally binding) can be used1.

Now both parties start to conduct a secure distance bounding protocol. Sincewe assume that no active attackers are present in the private space of Alice andBob, ultra-sound can be used as a communication medium. This relaxes theconstraints on the accuracy of the measurements. As a consequence, Alice andBob can be located very close to each other (even in the order of centimeters).Another advantage of assuming that no attackers or malicious nodes are present

1For a formal definition, we refer to the results of Damgard [46]


Alice Bob

mA ← 0‖gxA‖NA mB ← 1‖gxB‖NBcommit(mA)

commit(mB)

Start of rapid bit exchanges

sis0 ← NA,0

si ← NA,i ⊕ ri−1 ri ← NB,i ⊕ siri

End of rapid bit exchanges

open commit(mA)

open commit(mB)

NB,i ← ri ⊕ siNA,0 ← s0

NA,i ← si ⊕ ri−1

K ← gxA·xB K ← gxA·xB

Figure 2.10: Efficient key establishment protocol using distance bounding proto-cols

2.4. CONCLUSIONS 57

in the users’ device’s private space, is the fact that terrorist attacks cannot occur.It is sufficient to select a secure distance bounding protocol which precludes mafiafraud attacks (more information can be found in Chapter 3).

In our key establishment protocol, we chose to employ the MAD protocol ofCapkun et al. [34], which offers mutual device authentication. If errors due tonoise are likely to occur, one should preferably use a noise resilient secure distancebounding protocol (see Chapter 4). The distance bounding protocol consists ofa series of n fast bit exchanges, in which the following two steps are performed:

• Alice sends the bit si to Bob where s0 = NA,0 and si = NA,i ⊕ ri−1.

• Bob sends the bit ri to Alice where ri = NB,i ⊕ si.

During the n fast bit exchanges, the time between sending si and receiving ri

(or sending ri and receiving si+1) is measured. These measurements determinean upper-bound on the distance between Alice and Bob. This value should besmaller than the radius of the private space of Alice (or Bob), otherwise theprotocol fails.

Next, both devices compute the random nonces (NB and NA respectively) andopen the commitments sent in the beginning of the protocol. Alice and Bob checkeach other’s commitment and the values that were used in the distance boundingprotocol. If this verification is successful, both devices accept the messages mB

and mA (and hence the corresponding temporary public keys) as being authentic.Finally, Alice and Bob can compute the shared Diffie-Hellman key (gxA·xB ).

An attacker can try to impersonate Alice (or Bob). In order to be successful,the attacker has to guess all n responses right, and send them in advance to theother party. This way, the attacker can pretend to be closer than he really is (andappear to be in the user’s device’s private space). The probability of sending ncorrect responses is (1/2)n. This false-acceptance ratio determines the securityparameter n (e.g., 40 rounds of fast bit exchanges results in a false-acceptanceratio of 9.1 · 10−13). Security-critical applications require a higher number ofrounds n than other, less security-critical applications.

2.4 Conclusions

Key management is one of the most important security tools in Wireless PersonalArea Networks. Due to the dynamic characteristics of the ad hoc network, mo-bile devices in a WPAN that do not yet share any authenticated cryptographicmaterial cannot rely on a trusted third party to establish a secret session key.Moreover, because of node mobility, the devices in a wireless ad hoc network donot have a clear idea of the continuously changing network topology.

In this chapter, we have shown that the problem of establishing temporarysession keys between mobile devices in a Wireless Personal Area Network can


be solved by employing (enhanced) pairing protocols. These protocols are oftenconstructed by using out-of-band channels. In most cases, such a channel iseasy and inexpensive to setup and can be employed to securely bootstrap akey establishment protocol. An out-of-band channel can be authentic and/orprivate. It can be created in several ways, depending on the exact hardwareand (physical) characteristics of the devices in the network. During an initialhandshake protocol, the two nodes that are going to be paired will first negotiatewhich out-of-band channel to use. Next, the actual (enhanced) pairing protocolcan be executed. We have given an overview of the most common and interestingtechniques to construct such a secure out-of-band channel, and have discussedtheir main (security) properties.

Next, we have focused more in detail on two enhanced pairing protocols thatwe have designed. Our first pairing protocol combines the concept of MANAprotocols with elliptic curve cryptography. It is the first pairing protocol in theliterature that provides location privacy during the establishment of the sessionkey and that is user-friendly and energy-efficient. Our second enhanced pairingprotocol uses the concept of a user’s device’s private space. This is an environ-ment centered around the user, within which the user can visually verify thepresence of other trusted devices and the absence of untrusted nodes and ad-versaries. By combining the notion of a user’s private space and the concept ofsecure distance bounding protocols, which enable a verifying party to determinean upper bound on the distance between itself and a prover, we have designed akey establishment protocol that achieves mutual device authentication.

Chapter 3

Secure Distance Bounding

Protocols

In the previous chapter, we have introduced the notion of out-of-band chan-nels, and we have shown how they can be employed to securely bootstrap akey establishment protocol in a Wireless Personal Area Network. Two devicesthat want to start a secure communication session, send their public key via aninsecure wireless channel. To avoid man-in-the-middle attacks, they use the out-of-band channel to authenticate their public keys. Next, they can carry out aDiffie-Hellman key agreement protocol (or another equivalent protocol) to obtaina shared secret, from which a session key can be derived. Several techniques toconstruct an authentic out-of-band channel have been suggested in the literature,some of them more difficult to realize in practice than others.

One way to mutually authenticate mobile devices in a Wireless Personal AreaNetwork, is by using location (or proximity) information. Entities which are ina specific location or within a certain range of a particular device are grantedsome privileges, in contrast to all other entities. Distance bounding protocolscan be used to cryptographically enforce the concept of “proximity”. In thischapter, we explain the principles of distance bounding protocols, show how theywork and which attacks they should resist. Next, we introduce some interestingdistance bounding protocols that can be found in the literature, and discusstheir security properties. We also give an overview of the main applicationsof distance bounding protocols, among them mutual entity authentication andsecure location verification.

59

60 CHAPTER 3. SECURE DISTANCE BOUNDING PROTOCOLS


This chapter extends our research results that were published in [186, 193]. Themost important novel contributions presented here are:

• We discuss the weaknesses of several distance bounding protocols that canbe found in the literature, and show how certain attacks can be prevented.

• We analyze the security properties of the distance bounding protocol ofWaters and Felten and demonstrate that this protocol is vulnerable to aguessing attack.

• We propose a slightly modified version of the Waters and Felten protocolthat is resistant to terrorist fraud attacks when it is carried out in trustedhardware.

• We present a novel secure location verification scheme based on distancebounding protocols and give an extensive discussion on the technical detailsregarding the security of our solution.

3.1 Introduction

Distance bounding protocols have been introduced by Brands and Chaum atEurocrypt’93 [28] to preclude distance fraud and mafia fraud attacks, in which alocal impersonator exploits a remote honest user. They are employed to enhancemutual entity authentication protocols. In most scenarios, one would like todetermine an upper bound on the distance to another entity. The concept ofproximity based authentication is graphically depicted in Fig. 3.1. Authenticationrequests originating from devices that are located within the range d of the verifierV are accepted, all other requests are rejected. So in Fig. 3.1, authenticationrequests originating from device A are accepted (and as a consequence, A isgranted some privileges), while the requests of B are rejected.

Distance bounding protocols enable a verifying party to determine an upperbound on the distance between itself and a prover, who claims to be within acertain range. These protocols combine physical and cryptographic propertiesto determine an upper bound on the distance between verifier and prover. Theyallow the prover to authenticate itself to the verifier, and at the same time enablethe verifying party to check if the prover is located within a certain range. Byconstructing the protocol in a clever way, one can detect a dishonest prover whoclaims to be closer than he really is.

There are typically three techniques to measure the distance between two de-vices. A number of protocols measure the received signal strength (sometimesimplicitly) to determine an upper bound on the distance between prover and ver-ifier. Waters and Felten propose a solution based on network visibility [210]. A

3.1. INTRODUCTION 61

d

V

AB

Figure 3.1: The concept of proximity based authentication.

Microsoft research group has developed RADAR, a system that measures thesignal strength of the transmitted messages to determine an upper bound on thedistance [6]. Other distance bounding protocols measure the angle of arrival.Both techniques are typically discarded because of security reasons. An attackercan construct a powerful directional antenna to substantially increase the send-ing or receiving range (even up to more than a mile). Such an antenna is easyand inexpensive to construct [49, 39]. The attacker can also reflect or retransmitthe signal from a different direction. It is hence not secure when an attacker isphysically present. Another disadvantage of using the angle of arrival to measuredistances, is that it facilitates man-in-the-middle attacks. The third and lasttechnique to estimate the distance is measuring the time of flight. This is theonly technique that can be made secure, and hence it is the method of choicein a secure distance bounding protocol. As we will show later in this section,some time of flight distance bounding protocols can prevent man-in-the-middleattacks. Another advantage of using this technique, is that it is independentfrom the antenna used by prover and/or verifier. Using a special antenna (e.g.,a directional antenna) does not increase the propagation speed of the wirelesssignal. This is very important from a security point of view.

3.1.1 Time of flight distance bounding protocols

Secure distance bounding protocols measure the time of flight to determine anupper bound on the distance between prover and verifier. This measurementis typically performed during a challenge-response protocol, the main buildingblock of the distance bounding protocol. This challenge-response protocol isexecuted n times. During each of the n rounds, the time between sending achallenge and receiving the response is measured. Multiplying the time of flightwith the propagation speed of the communication medium gives the distance


between prover and verifier.One should however take into account some important details. It should be

impossible for the prover to send the response before receiving the challenge [28].Otherwise, the prover can pretend to be closer than he really is. This impliesthat the response should be dependent on the (random) challenge. A secondremark is that a challenge-response protocol is not sufficient. After execution ofthis protocol, the verifier only knows that some party is close. But how does oneknow that this entity is the prover? Otherwise, the distance bounding protocolis quite useless, since the verifier does not learn anything. E.g., this problemarises for example in the Echo protocol [171] proposed by Sastry et al. That iswhy the prover has to identify himself somewhere in the scheme (not necessarilyin the challenge-response protocol itself). Another important assumption is thatmultipath propagation does not influence the outcome of the challenge-responseprotocol. Otherwise, wireless signals transmitted in a particular round can in-terfere with later rounds, which could result in a failure of the protocol. Weassume that this interference does not take place. Finally, one should notice thatthe round trip time is not equal to the propagation time. It takes some timeto compute and transmit the response. The variation on the processing delayshould be as small as possible compared to the propagation time, because we areonly interested in the latter. In most practical scenarios, it is not possible to de-termine or control the processing delay exactly. Fortunately, one can sometimesignore the processing delay. This mainly depends on the propagation speed ofthe communication medium. As a rule of thumb: the slower the messages inthe challenge-response protocol travel, the less significant the processing delaybecomes.

Let us examine two common communication technologies: (ultra-)sound andelectromagnetic signals.

Ultra-sound: (Ultra-)sound is interesting to measure distances because it is rel-atively slow. The processing delay can hence be neglected compared to thepropagation time and the accuracy of the measurements is not very critical.An example of a protocol using this technique is described by Kindberg andZhang [112]. There are however some security problems. (Ultra-)sound isnot resistant to physically present attackers (i.e. attackers who are in thevicinity of the prover and/or verifier). Such an attacker can modify themedium (e.g., sound travels faster through metal than through the air)or use wormholes (e.g., by retransmitting the signal using electromagneticwaves) to claim that he is closer than he really is. By delaying the response,he can also claim to be further away. When it is impossible to exclude phys-ically present attackers, the use of ultra-sound signals in distance boundingprotocols should definitely be avoided.

Electromagnetic signals: An active attacker cannot use wormholes since the


signals travel with the speed of light and nothing propagates faster. Thismeans that an attacker can only claim to be further away than he reallyis (by delaying the response). This can be graphically depicted by a circlearound the verifier with radius d (corresponding to the propagation de-lay), as shown in Fig. 3.1. The verifier knows that the prover is definitelysomewhere inside this circle. There are however some practical issues. Theverifier has to be able to measure the round trip time with very high pre-cision. A small deviation of the time of flight has a strong influence on theestimated distance (because the speed of light is a very large constant). Asimilar problem is estimating the processing delay. One has to design thedistance bounding protocol in such a way that the processing delay can beneglected to the (very small) time of flight. Otherwise, the protocol cannotbe used in practice. This will be illustrated in Sect. 3.1.5.

3.1.2 Attack scenarios

By employing the principle of distance bounding attacks in a clever way, one canpreclude one or more fundamental attacks.

Distance fraud attacks

One wants to prevent a dishonest prover claiming to be closer than he really is.This attack is called distance fraud attack and is conceptually shown in Fig. 3.2.Just asking the location will not be sufficient because the verifier does not trustthe prover. It is relatively easy to design a distance bounding protocol whichprevents this type of attack. Bussard presents in [30] an overview of locationmechanisms that are resistant or partially resistant to distance fraud attacks.

Prover Verifier

Figure 3.2: Distance fraud attack

Mafia fraud attacks

Mafia fraud attacks, also called relay attacks, were first described by Desmedt [52].In this attack scenario, both prover and verifier are honest, but a malicious in-truder is performing the fraud. It is a man-in-the-middle attack where the in-truder I is modeled as a malicious prover P and verifier V that cooperate, asshown in Fig. 3.3. The name “mafia fraud attack” is derived from the fact thatthe malicious prover P and verifier V work together and belong to the same


“mafia-gang”. The malicious verifier V interacts with the honest prover P andthe malicious prover P interacts with the honest verifier V. The physical distancebetween the intruder and the verifier is small. This attack enables the intruder toidentify himself to V as P being close to V, without any of P and V noticing theattack. Mafia fraud attacks are particularly interesting when the result of a suc-cessful authentication is access to a service offered by the verifier. The classicalexample is an access control system in which the prover has to be close to a doorto open it. By relaying information from a genuine prover, an attacker can openthe door without being authorized to do this. Another interesting attack waspresented by Drimer and Murdoch [57]. The authors present a practical mafiafraud attack on the United Kingdom’s EMV [60] payment system Chip & Pin.

Prover Verifier

Intruder

V P

Figure 3.3: Mafia fraud attack

Terrorist fraud attacks

Terrorist fraud attacks [52] are an interesting extension of the mafia fraud attack.The intruder (being close to the verifier) and the prover will collaborate in thisattack. This implies that a protocol which is resistant to terrorist fraud attacks,also prevents mafia fraud attacks. The terrorist fraud attack is shown in Fig. 3.4.The name “terrorist fraud attack” is derived from the fact that the intruder andthe prover collaborate. Because of the help of the intruder, the prover can pretendto be somewhere else, and hence has a perfect alibi. The dishonest prover usesthe intruder to convince the honest verifier that he is close, while the prover isin fact located at a large distance. The intruder must not know the private orsecret key of the prover. This certainly has to be emphasized. If the intruderwould know this private or secret key, then it is impossible to make a distinctionbetween the intruder and the prover, and as a result, terrorist fraud attacks canno longer be prevented. They would be the same party from a cryptographicpoint of view, because distance bounding protocols only check if an entity thatknows the private key is close to the verifier. This requirement can be fulfilledby using trusted hardware that cannot be cloned. This way, the dishonest provercannot extract the secret key. If the attacker is not willing to give his private orsecret key to the intruder (because he does not have full control over the device),then the latter can be a small device (e.g., a sensor).


Prover VerifierIntruder

Figure 3.4: Terrorist fraud attack

3.1.3 Cryptographic design principles

To construct a secure distance bounding protocol, one has to take into accountseveral design principles. These principles can be split into 2 categories: crypto-graphic design principles and “physical” design principles. Let us first start withsummarizing the most important cryptographic design principles.

• In at least one of the messages of the distance bounding protocol, the proverhas to “identify” himself (e.g., by proving knowledge of a shared secret key).Otherwise, the verifier does not know which entity is in his proximity, andthere is hence no authentication at all (which is the main goal of employinga distance bounding protocol).

• To prevent mafia fraud attacks, the distance bounding protocol should con-tain a challenge-response protocol that consists of a series of rapid bit ex-changes (n bits and m rounds in total) [28]. By measuring the round triptime in each of the m rounds, the verifier can determine an upper boundon the distance between verifier and prover. To prevent the prover sendingthe response too soon, the challenge has to be random and unpredictable,and the response has to depend on this challenge.

• The complexity to compute the response should be very low. Ideally, thisshould be a simple hardware operation (e.g., an XOR, or reading the contentof a register). This is crucial to keep the processing delay as small aspossible.

• To avoid terrorist fraud attacks, one has to make sure that the fast bitexchanges and the phase in which the prover identifies himself, are inter-mingled in a cryptographic way [186]. It has to be impossible to split thedistance bounding protocol into these two distinct phases. Otherwise, bothphases could be executed by a different entity (e.g., the fast bit exchangesby the intruder, and the identification phase by the prover). There are atleast two ways to accomplish this: either one uses the private (or symmet-ric) key during the fast bit exchanges, or one uses trusted hardware. Wewill illustrate both solutions in Sect. 3.2.

By taking these principles into account, one can construct a secure distancebounding protocol. In Sect. 3.2, we will discuss some interesting distance bound-


ing protocols which have appeared in the literature, and demonstrate that theprinciples presented above are necessary to avoid certain attacks or security prob-lems.

3.1.4 “Physical” design principles

The cryptographic design principles described above are not sufficient. Clulowet al. show that one has to optimize the choice of communication medium andtransmission format according to the following four principles [40], if one wantsto prevent certain “physical” attacks:

• Use a communication medium with a propagation speed as close as possibleto the physical limit for propagating information through space-time (thespeed of light in vacuum), if attackers can be physically present.

• Use a communication format in which only a single bit is transmitted andthe recipient can instantly react on its reception. This excludes most tra-ditional byte- or block-based communication formats.

• Minimize the length of the symbol used to represent this single bit. Outputthe energy that distinguishes the two possible transmitted bit values withinas short a time as is feasible. This leaves the attacker little room to shortenthis time interval further.

• Design the distance bounding protocol to cope with bit errors taking placeduring the rapid bit exchanges.

As we will show in Sect. 3.2, not all distance bounding protocols proposed inthe literature comply with these design principles. More in particular, almost allexisting distance bounding protocols are not resistant to bit errors due to noise.In the rest of this chapter, we will only study protocols that do not cope withbit errors. The noise resistant distance bounding protocols will be discussed inChapter 4.

Since these “physical” design principles are very important, we will now il-lustrate them more in detail. The examples presented below are based on theresults presented by Clulow, Hancke, Kuhn and Moore [40, 77].

Propagation speed should be speed of light

If there is an attacker physically present, who can control (part of) the envi-ronment, the propagation speed of the wireless communication medium shouldbe the speed of light. This excludes the use of ultra-sound. Otherwise, an at-tacker could conduct a wormhole attack, as was already mentioned earlier in thischapter.


P VP’T1 T2

Figure 3.5: Wormhole attack

The wormhole attack is illustrated in Fig. 3.5. The prover P is assumed totransmit his responses via ultra-sound. Instead, he sends the data via ultra-sound(depicted with a solid line in the figure) to T1. This device, controlled by theattacker, forwards the response via electromagnetic radiation (depicted with adashed line in the figure) to T2. The latter then sends the response to the verifierV via ultra-sound. By employing the wormhole between T1 and T2, the maliciousprover can pretend to be at location P’, which is significantly closer that his reallocation. Note that T1 and T2 are controlled by the attacker. Without havingaccess to these devices, he cannot perform the wormhole attack. However, bothdevices do not have to contain secret data of the attacker, they only have toforward data. T1 and T2 can hence be very inexpensive devices (e.g., a sensor,which can easily be hidden in the proximity of the verifier V ).

Use single bit challenges and responses

Instead of using n rounds of fast single bit exchanges, it would be more efficientto have 1 round in which an n-bit challenge and response is used. Such a distancebounding protocol is not secure, since it is vulnerable to a guessing attack. Letus illustrate this attack on a distance bounding protocol proposed by Capkunand Hubaux [35, 36]. The protocol is shown in Fig. 3.6 and works as follows.The prover first generates n random 1-bit nonces Ni, concatenates them andsends a secure commitment to the verifier. The verifier then generates n random1-bit challenges Ci, concatenates them and sends these in reverse bitorder to theprover during the fast nonce exchange (so starting with the last bit Cn). Afterhaving received the n challenges Ci, the prover computes the responses Ri bytaking the XOR of Ci and Ni. These n bits are concatenated and sent in thecorrect order (so starting with bit R1) to the verifier. The latter measures thetime between sending the challenge and receiving the response. The goal is todetermine an upper bound on the distance between prover and verifier. Finally,the prover opens the commitment, and signs the concatenation of the n noncesNi. If the signature is correct, the protocol is successful.

Let us now focus on the fast nonce exchange phase of the protocol. Thispart is vulnerable to the guessing attack. The principle of this attack is that theadversary guesses the last bit transmitted by the verifier (C1). The probabilityof a correct guess is 1

2 . The attacker no longer has to wait until the bit C1 issent by the verifier, and can start to transmit its responses Ri in advance. By


Prover Verifier

Ni ∈R {0, 1} Ci ∈R {0, 1}commit(N1| . . . |Nn)

Start of rapid nonce exchange

Cn|Cn−1| . . . |C1

Ri ← Ci ⊕Ni R1| . . . |Rn−1|Rn

End of rapid nonce exchange

(open commit) , sign(Ni)

Verify commit

Verify sign(Ni)

Figure 3.6: Distance bounding protocol of Capkun and Hubaux


C2R2C1 R1

C2R2C1 R1

tp

tp

Verifier

Verifier

Prover

Attacker

Figure 3.7: Guessing attack

doing this, the attacker obtains a significant gain in time, equal to twice thebit period (since R1 can be guessed in advance). Even if this gain is the orderof microseconds (or less), this corresponds to a very large distance (for eachmicrosecond gained, the attacker gains a distance of 150 m when the propagationspeed of the communication channel is the speed of light). The attacker can hencepretend to be much closer than he really is.

The attack is conceptually depicted in Fig. 3.7. The top half of the figureillustrates the normal execution of the protocol. The time tp between receivingthe last challenge and sending the first response is determined by the processingdelay. The bottom half of the figure shows the attacker guessing the last bitC1 and transmitting the responses in advance. One can clearly observe that theattacker obtains a significant gain in time.

Instead of guessing the last bit, the attacker can also guess the last k bitsof the challenge. The success probability then becomes 2−k, but each extra bitguessed largely increases the gain in time. Guessing the last k bits results in thefollowing gain in distance:

dgain = k · tbit · cprop. (3.1)

In this equation, tbit corresponds to the bit period, k to the number of bitsguessed, and cprop the propagation speed of the wireless signals (preferably veryclose to the speed of light).

The security problems are caused by the fact that both challenge and responsehave a bitlength of n. The guessing attack can be avoided by employing n rounds


of fast bit exchanges, in which single bit challenges and responses are used.Another distance bounding protocol that is vulnerable to a guessing attack,

is the protocol of Waters and Felten, which will be discussed in Sect. 3.2.2.The same weakness is also present in the protocol of Hu et al. [84] (not furtherdiscussed in this thesis).

Minimize symbol length

It is best to minimize the symbol length of the bits transmitted during the fastbit exchanges. Spreading the transmission power over a long transmission slotenables the attacker to gain some time, and hence perform a distance fraudattack. Even if this gain is the order of microseconds (or less), this correspondsto a very large distance (a total gain of 1 microsecond corresponds to a gain indistance of 150 m if electromagnetic radiation is used). There are two types of“physical” attacks that make use of this principle.

In a first attack, the malicious adversary does not send anything during thefirst (m − 1)/m-th part of the transmission slot, and then sends the bit valueduring the final 1/m-th part of the available time, using a more powerful antenna(m times more powerful). Since the verifier typically uses a default receiver, thatintegrates the energy received over the entire symbol time, the observed resultwill be the same. But by delaying the transmission of the bit value by (m−1)/m-th of a transmission slot, the attacker has obtained a significant gain in time. Thelarger the symbol length, the more time an attacker can gain by performing thisattack (and the easier it becomes to perform the attack).

The attacker can use the same principle when receiving challenges from theverifier. Instead of waiting until the entire bit is received, an attacker can performan early bit detection. If the attacker has a more powerful receiver (m times morepowerful), he can terminate the integration of the received energy after 1/m-thof the transmission time and already start sending the corresponding response.By performing this attack, the attacker obtains a significant gain in time.

To avoid these two attacks, the energy to transmit bit values should be outputwithin as short time as possible. This leaves the attacker little room to shortenthe time interval further [40, 77]. An interesting communication technology whichminimizes the symbol length by default, is Ultra-Wideband (UWB). This radiotechnology emits the data in ultra-short pulses, which is exactly what one needsto carry out distance bounding protocols [164, 196, 213].

Distance bounding protocol should be resistant to bit errors due tonoise

As distance bounding protocols are conducted over noisy wireless ad hoc channels,they should be designed to cope well with substantial bit error rates during therapid single bit exchanges. If the distance bounding protocol is not robust to bit


errors that occur during the fast bit exchanges, one single bit error will cause theprotocol to fail. We will extensively discuss this “physical” design principle inChapter 4.

3.1.5 Practical use case

Let us make the principles of secure time of flight distance bounding protocolsmore concrete by a studying a practical use case. Suppose we have a prover Pand a verifier V that are located 3 m from each other. The verifier wants tocarry out a secure distance bounding protocol to determine an upper bound onthe distance between itself and the prover.

If the propagation speed of the communication channel over which the challenge-response protocol (which is the main part of the distance bounding protocol) isexecuted, is close to the speed of light in vacuum (e.g., if electromagnetic radiationis used), then it takes about 10 nanoseconds for the challenge (or the response)to travel between verifier and prover. If both devices can send and receive datawithout any delay and the prover can compute the response immediately, thenthe round trip time will be equal to 20 nanoseconds.

In practice, there will always be a delay. However important from a securitypoint of view is the uncertainty (i.e. variation) on this delay, and not the delayitself. E.g., a total delay of 10 seconds with a maximum variation of 1 picosecondresults in an inaccuracy of 0.15 millimeter. By exploiting all technical means, anattacker can hence only pretend to be 0.15 millimeter closer than he really is.

Let us now observe more into detail where delay can arise:

• The delay which results from sending a challenge, includes the overheadof passing a message to the radio hardware, creating the message at thephysical layer, and the delay of producing the correct pulse (this dependson the modulation technique being used). The larger the symbol length,the larger this delay becomes.

• It takes some time to receive a challenge. This delay includes the overheadof interpreting a message at the physical layer, passing it to the correcthardware, and the delay of observing the correct pulse (this depends onthe modulation technique being used). The larger the symbol length, thelarger this delay becomes.

• Computing a response results into processing delay.

• The delay which results from sending a response, includes the overheadof passing a message to the radio hardware, creating the message at thephysical layer, and the delay of producing the correct pulse (this dependson the modulation technique being used). The larger the symbol length,the larger this delay becomes.


• It takes some time to receive a response. This delay includes the overheadof interpreting a message at the physical layer, passing it to the correcthardware, and the delay of observing the correct pulse (this depends onthe modulation technique being used). The larger the symbol length, thelarger this delay becomes.

• The verifier measures the round trip time with a finite precision, which alsocauses extra delay.

The total uncertainty on the delay is equal to the sum of the variations on thedelays discussed above. Suppose the verifier wants to measure the distance tothe prover with a precision of 30 centimeter. This requirement would result intoa maximum allowed variation on the total delay of 2 nanoseconds, which is verysmall.

Without making assumptions on the usage of dedicated hardware (and mak-ing sure that no other hardware can be used to carry out the distance boundingprotocol), it is very difficult to determine the maximum variation on the de-lay. The attacker can modify and improve the hardware that has to execute theprotocol (e.g., overclock the hardware or use a more powerful receiver). In thisscenario, one often presumes that the total variation on the delay is equal to thedelay itself (one hence assumes that the attacker can reduce the total delay tozero). In this worst case scenario, measuring the distance with a precision of 30centimeter would result in a maximum allowed (total) delay of 2 nanoseconds.

The numerical example above illustrates that it is technically very challengingto measure small distances by conducting distance bounding protocols over acommunication channel of which its propagation speed is close to the speed oflight in vacuum. E.g., using UWB with a pulse width of 5 nanoseconds resultsinto an inaccuracy on the measured distance of 3 m (without even taking intoaccount the other delays such as the processing delay).

Fortunately, one can sometimes use ultra-sound when measuring relativelysmall distances. If the range between prover and verifier is sufficiently small(e.g., smaller than 1 m) and both devices are user-operated, then it becomeshard for an attacker to be physically present without this being noticed by theuser. Suppose that P and V (located 3 m from each other) carry out a distancebounding protocol that uses ultra-sound instead of electromagnetic radiation.The propagation speed of such a communication channel is 343 m/s (in dry airat 20 degrees Celsius). It then takes about 8.7 milliseconds for the challenge(or the response) to travel between verifier and prover. If both devices can sendand receive data without any delay and the prover can compute the responseimmediately, then the round trip time will be equal to 17.5 milliseconds. Supposethe verifier wants to measure the distance to the prover with a precision of 30centimeter. This requirement would result into a maximum allowed variation onthe total delay of 1.75 milliseconds. This can easily be achieved with the current

3.2. EXISTING DISTANCE BOUNDING PROPOSALS 73

state-of-the-art technology. E.g., a total delay of 5 microsecond would result intoan inaccuracy on the measured distance of 1.72 millimeter, which can easily beneglected.

3.2 Existing Distance Bounding Proposals

We now give an overview of three special distance bounding protocols. For eachof these unique protocols, we discuss how they work, show their main securityweaknesses, and demonstrate how they can be made resistant to certain attacks.None of the protocols presented in this section are resistant to all the physicalattacks of Clulow et al. [40]. The distance bounding protocols that have takenthese design principles into account, are discussed in Chapter 4.

3.2.1 Brands’ and Chaum’s protocol

The distance bounding protocol

In 1993, S. Brands and D. Chaum presented their distance bounding protocol [28].This clever protocol prevents mafia fraud attacks and embodies a series of nrounds (n is a security parameter). Each round consists of a single bit challengeand a rapid single bit response. The delay time for receiving the responses enablesthe verifier to compute an upper-bound on the distance. After correct executionof the distance bounding protocol, the verifier knows that an entity in possessionof a certain secret is in the vicinity. The protocol is shown in Fig. 3.8.

The protocol is carried out as follows. It contains 3 phases. First, the proversends out a secure commitment (see [46] for the required security properties) ton random bits mi. Next, a series of n fast bit exchanges is performed. Theverifier sends a random challenge bit αi to the prover. This challenge is XOR’edwith the value mi and the result (βi) is sent back to the verifier. During thesen rounds, the time between sending a challenge and receiving the correspondingresponse is measured, and used to determine an upper bound on the distancebetween prover and verifier. After the n fast bit exchanges, the prover opens thecommitment and signs the bitstring y, which embodies the concatenation of thechallenges αi and the responses βi. If the signature is correct, the protocol issuccessful. Note that in every one of the n rounds, the prover has to computethe XOR of two bits. This can be done very efficiently in hardware.

Capkun et al. extended the protocol to MAD, a mutual authentication pro-tocol using distance bounding [34]. This protocol has the advantage that bothparties can estimate an upper-bound on the distance between themselves, andlearn each others’ identity, which is not the case in the original protocol of Brandsand Chaum. All the advantages of the distance bounding protocol of Brands andChaum remain valid for MAD.


Prover Verifier

mi ∈R {0, 1} αi ∈R {0, 1}commit(m1| . . . |mn)

Start of rapid bit exchange

αi

βi ← αi ⊕mi βi

End of rapid bit exchange

y ← α1|β1| . . . |αn|βn y ← α1|β1| . . . |αn|βn(open commit) , sign(y)

Verify commit

Verify sign(y)

Figure 3.8: Distance bounding protocol of Brands and Chaum


Informal security analysis

The protocol of Brands and Chaum is designed to be resistant to mafia fraudattacks. In each round, the response depends on the challenge generated by theverifier. This prevents the prover from sending out the response too soon.

In order to perform a successful distance fraud attack , the attacker has toguess in each round the challenge, compute the corresponding response, andsend the response before having received the challenge. If all these guesses arecorrect, the prover appears closer than he really is. In each of the n rounds, theattacker has a 1/2 probability of guessing the challenge correctly.

In order to perform a successful mafia fraud attack , the attacker has to makesure that the verifier accepts the signature at the end of the protocol, and thecommitment is opened successfully (also at the end of the protocol). There aretwo attack scenarios to accomplish this:

In a first scenario, the attacker forwards the commitment from the proverto the verifier. Next, he guesses all the challenges αi, and performs a distancebounding protocol with the prover. By doing this, the attacker learns the bits mi.In a second phase, the attacker performs a distance bounding protocol with theverifier. As he learned the bits mi, all the responses will be correct. Finally, theattacker forwards the signature, generated by the prover, to the verifier. Thissignature will only be correct if all the guesses of the challenges were correct.This happens with probability 1/2n.

The second attack scenario is quite similar. The attacker first forwards thecommitment from the prover to the verifier. Next, he guesses all the bits mi,and performs a distance bounding protocol with the verifier. In a second phase,the attacker performs a distance bounding protocol with the prover, reusing thechallenges αi. Finally, the attacker forwards the signature, generated by theprover, to the verifier, and opens the commitment. The protocol is successfulwhen both the signature and commitment are accepted by the verifier. Thisis the case when all the bits mi were guessed correctly. This happens withprobability 1/2n. If an insecure commitment scheme is used, which is not atleast computationally hiding, the probability of a successful attack can increasedramatically.

The distance bounding protocol of Brands and Chaum is vulnerable to aterrorist fraud attack (this was already noted by the authors themselves). Theattack is performed by splitting the protocol into distinct phases, and by havingeach phase executed by another party. First, the prover generates n random bitsmi, computes a commitment on this bitstring, and forwards the commitment tothe verifier. Next, he also sends the bits mi to the collaborating intruder. In asubsequent phase, the intruder and the verifier perform the fast bit exchanges.All the responses will be correct, since the intruder knows the bits mi. After thesen rounds, the intruder sends the challenges αi to the prover. In the last phaseof the protocol, the prover opens the commitment, computes a correct signature


on the concatenation of the challenges αi and the responses βi, and forwards thissignature to the verifier. Since this signature is correct, the attack is successful.Note that the intruder does not need to know the private key of the prover, anddoes not obtain any information about this key.

Making the protocol resistant to terrorist fraud attacks

The distance bounding protocol of Brands and Chaum can be made resistant toterrorist fraud attacks by using trusted hardware. The trusted hardware shouldhave the following properties: it should be impossible for an attacker to extractvalues out of the trusted hardware or to change the protocol that it has toperform. It can only be used as a black–box by the attacker.

Using such hardware protects the distance bounding protocol of Brands andChaum to terrorist fraud attacks. The values mi are kept inside the secure device.A malicious prover cannot give them to a collaborating intruder. It is possible toextract these values by executing the protocol in advance (and hence using thetrusted hardware as a black–box). Fortunately, the attacker does not know yetthe correct values of βi at that moment. The attacker hence has to guess them,and succeeds with probability 1/2n. Of course, it is also not possible to extractthe private key which is used for signing messages.

3.2.2 Waters’ and Felten’s protocol


In 2003, Waters and Felten proposed their distance bounding protocol [210]. Itis special in the sense that it only contains one round in which the time betweensending a challenge and receiving the response is measured, in contrast to mostother distance bounding protocols (where n rounds of fast bit exchanges areused). Both challenge and response contain random nonces, each of them havinga bitlength of n. The protocol is shown in Fig. 3.9. The distance boundingprotocol is particularly designed to solve the following problem. A verifier wantsto know if the prover is in the proximity of a location manager at a particularmoment. By performing a distance bounding protocol, the location managerchecks if the prover is close. If the protocol succeeds, the location managersends a proof of location to the prover. Later on, this proof can then be sentto the verifier. The location manager is assumed to work correctly, and notcollaborating with the prover. Both the verifier and the location manager haveasymmetric encryption key pairs associated with them.

The protocol is carried out as follows. It contains four phases. First, theprover generates two random nonces (start and reply) and concatenates themwith the encryption of his identity (using the public key of the verifier). Theentire message is encrypted with the public key of the location manager, and is


Prover Location Manager

start , reply ∈R {0, 1}n echo ∈R {0, 1}nEKLM

(start , reply , EKV(ID))


start , echo

reply , echo


y ← (latency , c.t., EKV(ID))

sign(y)

Verify sign(y)

x← sign(y)

Prover Verifier

sign(ID , ′LM ′, x)

Verify sign(ID, ’LM’, x)

Figure 3.9: Distance bounding protocol of Waters and Felten

sent to this device. The location manager decrypts this messages, and obtainsthe two random nonces. It is not able to recover the identity of the prover (forprivacy reasons). Next, one round of fast nonce exchange is performed. Theverifier generates a random nonce (echo), concatenates it with the start nonce(obtained in the first phase of the protocol), and sends this to the prover. Theprover replies with the concatenation of the reply and the echo nonce. Thetime between sending the challenge and receiving the response is measured, andthis can be used to determine an upper bound on the distance between proverand verifier. After the fast nonce exchange, the location manager constructs amessage containing the round trip time, the current time (c.t.) and the encryptedidentity of the prover (which was sent in the first phase of the protocol). Thismessage is signed by the location manager and sent to the prover. After successful


verification of this signed message, it can be used by the prover in a later stage,to prove to the verifier that he was close to the location manager at a particularmoment. This is done by concatenating the signed message (received from thelocation manager) with the identity of the prover and the identity of the locationmanager. This message is signed by the prover, and sent to the verifier. Thelatter can then verify this “proof of proximity”.


The distance bounding protocol of Waters and Felten has some security weak-nesses. The most important problem is that there is no relation between thenonces exchanged in the second phase of the protocol, and the message that issigned by the location manager in the third phase of the protocol (and which isused to construct a “proof of proximity”). This opens the door to the followingtheoretical man-in-the-middle attack. In a first phase of the attack, the adversaryconducts the distance bounding protocol with the location manager, pretendingto be the genuine prover. As a result, he will receive a signed message fromthe location manager, containing the round trip time, the current time, and theencrypted identity of the prover. In the next phase of the attack, the adversaryforces the prover and the location manager to perform a distance bounding pro-tocol (or waits until this happens). The adversary blocks all messages and (afterthe fast nonce exchange) sends the signed message, received from the locationmanager in an earlier stage of the attack, to the prover. Unless the prover andlocation manager are synchronized and share the same clock signal, the formerwon’t notice that the signed message originated from another run of the distancebounding protocol. As a result, the prover accepts the message and constructsthe “proof of proximity” (containing the time that the attacker performed thedistance bounding protocol, and not the correct current time).

The idea of the attack described above can be used to perform a terrorist fraudattack. This can be easily demonstrated. The intruder generates two randomnonces, constructs the first message of the protocol, and sends it to the locationmanager. Next, the location manager and the intruder conduct the fast nonceexchange. The signed message from the location manager is then sent to theintruder, who forwards it to the prover. Finally, the prover constructs a “proofof proximity”, using the signed message received from the location manager.Note that this terrorist fraud attack cannot be prevented by carrying out theprotocol in trusted hardware. The prover (and hence also the (trusted) hardwareexecuting the protocol) cannot find out if the signed message it receives from thelocation manager really originates from the current run of the distance boundingprotocol, or from another run of the protocol (maybe even conducted by anotherparty).


Fixing the distance bounding protocol

Fortunately, the terrorist fraud attack described above can be prevented byslightly modifying the protocol and executing the protocol in trusted hardware.One can add a third nonce to the protocol (the session nonce), which has to beincluded in the first message of the protocol. The location manager puts thissession nonce in the signed message, which is constructed after the fast nonceexchange. The prover can then verify that the signed message of the locationmanager originates from the current run of the protocol, and not from an earlierrun (e.g., executed by the attacker). Because of the trusted hardware, the at-tacker cannot extract the nonces from the hardware. The intruder hence has toguess the reply or the session nonce. The probability of a correct guess is 1/2n.The modified distance bounding protocol is depicted in Fig. 3.10.

The distance bounding protocol of Waters and Felten (also the modified pro-tocol presented above) is however vulnerable to some “physical” attacks. Theattacker can send his response in advance, and hence appear to be closer thanhe really is. While he is receiving the echo nonce from the location manager, hecan already start transmitting the reply nonce. After having received the echononce, the remaining part of the response can also be sent back to the locationmanager. This way, the attacker obtains an important gain in time, since the dis-tance bounding protocol assumes that the prover only starts sending his responseafter having received the entire challenge. Changing the order of the nonces inthe response message, or sending the bits of the response in the reverse order (sostarting from the last bit of the echo nonce), won’t solve the problem entirely.The attacker can still perform a guessing attack, in which he guesses the lastbits of the challenge. He can hence start transmitting the response in advance.By guessing a few bits, the success probability is relatively high, and the gain intime is significant (since the messages are transmitted with the speed of light).These “physical” attacks can only be solved by redesigning the entire protocol,and using single bit challenges and responses.

3.2.3 Bussard’s protocol


Most distance bounding protocols are vulnerable to terrorist fraud attacks, unlesstrusted hardware is used. There is however an important exception. In 2004,Bussard published a distance bounding protocol that is resistant to terroristfraud attacks, even without trusted hardware [30]. The protocol requires thatthe private key of the prover is used during the fast bit exchanges (n rounds intotal). The protocol makes use of the discrete logarithm problem and is shownin Fig. 3.11.

The distance bounding protocol of Bussard assumes that there is a trusted


Prover Location Manager

start , reply , session ∈R {0, 1}n echo ∈R {0, 1}n

EKLM(start , reply , session, EKV

(ID))


start , echo

reply , echo


y ← (session, latency , c.t., EKV(ID))

sign(y)

Verify sign(y)

Verify session nonce

x← sign(y)

Prover Verifier

sign(ID , ′LM ′, x)

Verify sign(ID, ’LM’, x)

Figure 3.10: Modified distance bounding protocol of Waters and Felten

certification authority (CA) available. The CA is responsible for setting up thesystem’s global parameters during the initialization phase. It first chooses a largeenough strong prime p (i.e. there exist a large prime q such that p = 2q + 1).Next, it chooses a generator g (∈ Z

∗p) and an element h (∈R Z

∗p) of order q. The

only requirement is that neither the prover nor the verifier knows logg(h). Thisinitialization step only has to be executed once, and these parameters can beshared among several devices.

Before conducting the distance bounding protocol, the prover has to perform


Prover Verifier

key pair (x, y = gx)

u , k ∈R Zp−1 u

e← ux− k mod p− 1check u 6= 0

vk,i , ve,i ∈R Zp−1

Ck,i ← gki · hvk,i

Ce,i ← gei · hve,i

Ck,i , Ce,i


ai

bi ← aiki + aiei bi


aivk,i + aive,i

verify commitZero Knowledge Proof

Figure 3.11: Distance bounding protocol of Bussard


a registration procedure, in which he generates a random key x ∈ ]1, p − 1[ andthe corresponding public key y = gx. The prover then performs a key validationprocedure, in which he proves that the public key y possesses certain arithmeticproperties. If this process succeeds, then y is registered with the CA, who pub-lishes a certificate on this public key. Now, the prover is ready to perform theactual distance bounding protocol.

The protocol starts with a commitment phase, in which the following steps areperformed. First, the prover chooses a random integer u ∈R {1, 2, . . . , p−2}, andsends this integer to the prover. Next, the prover generates a random integer k ∈R

Zp−1, and computes e = ux−k mod p−1. The prover also generates 2n randomintegers vk,i, ve,i ∈R Zp−1 (i ∈ {1, . . . , n}), and constructs the commitmentsCk,i = gki ·hvk,i and Ce,i = gei ·hve,i (ki and ei denote the i-th bit of k respectivelye). These commitments are sent to the verifier.

The prover and the verifier are now ready to perform a series of n fast bitexchanges. In each round, the verifier sends a random bit ai to the prover. Thelatter responds with bi, which is equal to the i-th bit of ki when the challenge is0, and to the i-th bit of ei when the challenge is 1. The time between sending achallenge and receiving the response is measured and used to determine an upperbound on the distance between verifier and prover.

After the fast bit exchanges, the commitments of the released bits are opened.The prover sends the bits aivk,i + aive,i to the verifier, who then checks thecommitments by performing the following verification:

aiCk,i + aiCe,i?= gbi · haivk,i+aive,i (3.2)

In the last phase of the protocol, the prover performs a zero knowledge proofof knowledge with the verifier. The zero knowledge protocol is shown in Fig 3.12.During this proof, the prover demonstrates that he knows the key x. The verifierfirst computes an integer z by combining the commitments in a special way. Then,a challenge-response protocol is conducted t times (t is a security parameter).In each round, the prover generates two random integers r1 and r2, constructsthe witnesses w1 and w2 (see [140]), and sends these to the verifier. The latterfirst checks the freshness of w1 and w2, then sends a random 1-bit challengec back, and waits for the response (s1 and s2). The time between sending achallenge and receiving the corresponding response does not have to be measured.If the responses in each round are correct, the distance bounding protocol endssuccessfully.


The distance bounding protocol of Bussard is designed to be resistant to terroristfraud attack. In contrast to the other protocols discussed in this section, theprotocol of Bussard does not require trusted hardware if the attacker is not


Prover Verifier

v ←∑ni=0 2i · (vk,i + ve,i) z ←∏n

i=0(Ck,i · Ce,i)2i

Start of t rounds

r1 , r2 ∈R Zp−1

w1 ← gur1 · hr2

w2 ← gr1

w1 , w2

check w1 , w2

c ∈R {0, 1}c

s1 ← r1 − cx

s2 ← r2 − cv s1 , s2

c=0 ⇒ check w1?= gus1 · hs2

c=0 ⇒ check w2?= gs1

c=1 ⇒ check w1?= z · gus1 · hs2

c=1 ⇒ check w2?= y · gs1

End of t rounds

Figure 3.12: Zero knowledge proof of knowledge in Bussard’s distance boundingprotocol


willing to give his secret key to the intruder (if this is not the case, then onehas to make sure that the protocol is carried out in hardware that cannot becloned). This is achieved by using the secret key of the prover (x ) during thefast bit exchanges. In order to end the protocol successfully, one has to know thebits ei and ki during the fast bit exchanges. Guessing a bit wrongly results in afailed verification of the bit commitments (and hence in a failure of the protocol).As a consequence, an intruder performing a terrorist fraud attack has to possessthese bits ei and ki. This is however not possible, since one can compute thesecret key x from e and k (x = u−1(e + k) mod p − 1). The latter is based onthe assumption that gcd(u, p − 1) = 1. Note that we implicitly assumed thatthe intruder is not allowed to know this secret key x, and will hence not get thevalues e and k from the prover.

Since a terrorist fraud attack is a stronger version of a mafia fraud attack,the protocol of Bussard is also resistant to the latter. An attacker not knowingthe secret key x, has a 1/2n probability of guessing all the responses correctly.Executing the protocol in advance with the prover won’t help, since only halfof the commitments (corresponding to the challenges sent during the fast bitexchanges) are opened. Because of the discrete logarithm problem, an attackerhas a low probability of opening a commitment successfully without knowingthe values vk,i and ve,i in advance. Note that the verifier is not able to checkthe responses immediately during the fast bit exchanges. An attacker could havegenerated random bits ei and ki, and computed the corresponding commitments.That is why the zero knowledge proof of knowledge, at the end of the protocol,is conducted. By performing this zero knowledge protocol, the verifier can checkthat the entity who has sent the responses during the fast bit exchanges, knowsthe secret key x. A more formal security analysis of the protocol is given in [30].

3.3 Applications

Distance bounding protocols have been introduced to preclude distance fraud,mafia fraud, and sometimes also terrorist fraud attacks. They are employed toenhance mutual entity authentication protocols. Secure distance bounding pro-tocols enable a verifying party to determine an upper bound on the distancebetween itself and a prover, who claims to be within a certain range. In this sec-tion, we give an overview of some applications in which secure distance boundingprotocols can be used.

3.3.1 Proximity based authentication

A prover convincing a verifier of some assertion is a frequently recurring elementin many applications. The assertion is often the identity of the prover, but itcan also be more general. Successful authentication provides privileges (e.g.,

3.3. APPLICATIONS 85

access to a network). In conventional networks, authentication is often basedupon something you know (e.g., a password or a secret key), something you have(e.g., a smart card) or something you are (biometrics). In daily interactions,other assertions, such as the distance to the proving entity, occur commonly. Forinstance, one has to be present in a room to be able to use the light switch. Toenter a building, one has to open the (locked) door. This is only possible whenone stands before the door and has the correct key. These examples show thatproximity based authentication is used very commonly in our daily interactions.

Distance bounding protocols may also be useful in wireless (ad hoc) networks.E.g., a node in a sensor network would only like to communicate to its neigh-bors. In order to have secure access control, one could conduct a cryptographicidentification protocol using contactless smartcards at the entrance to a building.Another example is a user who wants to print confidential documents. How doeshe know that he is talking to the trusted printer in front of him and not to amalicious one somewhere further away? The wireless data packets can be easilyintercepted by a distant eavesdropper. One can easily think of other applicationsof proximity based authentication in wireless (ad hoc) networks.

To construct a proximity based authentication scheme based on distancebounding protocols, one should first start by specifying an upper limit d on theallowed distance between verifier and prover, based on the security requirementsof the application. This defines a sphere (in the 3-dimensional case, assumingdiffuse transmission) with radius d. All authorized entities located in this areawill be granted access to the services offered by the verifier. Next, one has toselect the wireless communication medium that is going to be used. In a strictlycontrolled environment, one can choose to use ultra-sound. When attackers canbe physically present in the sphere with radius d, electromagnetic radiation hasto be used.

By combining the propagation speed of the communication medium with ra-dius d, one obtains the upper limit on the round trip time between challengeand response. In practice, one has to slightly increase this limit, in order toincorporate the processing delay. The variation on this processing delay shouldbe very close to zero. Otherwise, the uncertainty on the upper limit on thedistance between prover and verifier becomes too large. To achieve this goal,dedicated hardware should be used. This hardware should be designed in such away that the time of receiving a challenge, computing the corresponding responseand transmitting this response is not variable (up to a very high precision). Au-thorized entities should use this dedicated hardware to authenticate themselvesto the verifier. It should not be possible for a prover to carry out the distancebounding protocol in other hardware, to make the dedicated hardware run fasteror to extract the private (or secret) key (i.e. clone the hardware). Otherwise, amalicious prover could run the distance bounding protocol on faster hardware,and hence pretend to be closer than he really is. This is particularly important


if the distance bounding protocol is conducted over a wireless communicationchannel of which its propagation speed is close to the speed of light in vacuum.

3.3.2 Key establishment

In Sect. 3.3.1, we have discussed how to use distance bounding protocols toachieve (mutual) entity authentication (based on proximity). One can howeveruse the same principles to achieve mutual data authentication based on proximity.By employing distance bounding protocols in a clever way, devices in a wirelessad hoc network can verify that the data which they have received, originatedfrom a device in its proximity. This is a nice feature to be integrated in keyestablishment protocols. Two devices that are close to each other and do not yetshare any authenticated cryptographic material, can establish a common sessionkey. After the correct execution of the key establishment protocol, each mobiledevice knows that it shares a key with the device located in its proximity.

A key establishment protocol that uses distance bounding protocols, andenables mutual device authentication through presence, has been presented inSect. 2.3. Since we assumed that no attackers are physically present in the prox-imity of the two devices that perform the key establishment protocol, one can useultra-sound to transport challenges and responses during the fast bit exchanges.For a detailed description of the protocol, we refer to Sect. 2.3.

3.3.3 Secure location verification

In this chapter, we have discussed how to employ distance bounding protocols todetermine an upper bound on the distance between prover and verifier. After thecorrect execution of the protocol, the verifier knows that the prover is somewherelocated in a circle (in the 2-dimensional case) with a radius d centered aroundthe verifier. This parameter d is determined by the round trip time betweenchallenge and response in the distance bounding protocol.

One can easily extend this idea to a scenario with multiple verifiers. Byemploying distance bounding protocols with at least three distinct verifiers, onecan securely determine the location of a prover in a 2-dimensional plane. We willnow show how such a secure location verification scheme can be constructed, anddiscuss some important technical details that have to be taken into account. Thissection extends the research results that we have published in [186]. We limitourselves to secure location verification in a 2-dimensional plane. The solutionspresented in this section can be expanded to a secure location verification schemein the 3-dimensional space.


General principle

In order to establish the exact location of the prover in a 2-dimensional plane,we need at least three collaborating, non-collinear verifiers. To make the securelocation verification protocol more robust and accurate, one could use more thanthree verifiers, although this is not strictly necessary from a security point ofview. The prover performs a secure distance bounding protocol with each of thethree verifiers (e.g., one of the protocols described earlier in this chapter). Thisway, each verifier can determine an upper bound on the distance to the prover.Next, the verifiers send their measurements via a secure channel to each other(or to a trusted third party). These results are combined, and by performingsome basic triangulation, one can easily find the exact location of the prover. Inorder to have a correct result, the three verifiers should trust each other, andwork correctly. The location of each verifier is fixed, and known to the otherverifiers (or the trusted third party). Another requirement is that each verifier isable to verify the identity of the prover. Otherwise, three cheating provers couldcollaborate, and each perform a distance bounding protocol with the verifier whois located in their proximity. In order to identify himself, the prover shouldshare a key with each verifier. The easiest and most efficient solution is that thethree verifiers use the same key distribution center, or share the same memorycontaining the secret keys.

Consider first the ideal scenario, in which the processing delay is zero (or canbe neglected), and the prover does not delay his responses. We also assume fornow that the prover is not mobile during the execution of the distance boundingprotocols. In this theoretical case, each verifier Vi can construct a circle withradius di. These three circles intersect in one point, which is the exact locationof the prover. The situation is depicted in Fig. 3.13. This theoretical scenariohas also the nice property that the three verifiers do not have to be synchronized,and that the three distance bounding protocols can be executed independentlyfrom each other (as long as the prover stays at the same location).

Of course, the scenario described above is not very realistic. The processingdelay cannot always be neglected, hence one gets an area instead of a point (theradii of the circles increase, and there is no longer an intersection in one point).This is demonstrated in Fig. 3.14. The larger the area, the less one knows aboutthe location of the prover. This can however be solved when the processing delayis not too variable. Another issue is that the prover can be mobile during thefast bit exchange phase of the distance bounding protocols. We will come backto these issues later in this section.

A more important issue is that the prover will not always behave ideally andcan delay his responses. This can cause some security problems. If there areno restrictions on the location of the prover, then performing distance boundingprotocols with three verifiers independently, without any extra countermeasures,is not sufficiently secure: an attacker can pretend to be at any other location, as


V1 V2

V3

d1

d3

d2

P

Figure 3.13: Secure location verification: the ideal scenario

V1 V2

V3

d1

d3

d2

P

Figure 3.14: Effect of the processing delay in secure location verification


long as this is located further away from all three verifiers. This corresponds tothe area outside the three circles (with the three verifiers in the center of thesecircles).

By carefully selecting the delay in every distance bounding protocol, the ver-ifiers will believe that the prover is at a certain point, different from the reallocation of the prover. The attack is illustrated in Fig. 3.15. Instead of replyingimmediately during the fast bit exchanges, the attacker waits for a specific time.This way, he can add some well chosen delay to the round trip time. This causesthe radii of the circles to increase from di to d′i. As a result, the verifiers willbelieve that the prover is located at P’ (the intersection of the three larger circles(denoted with a dashed line on the figure)), which is a different location thanP (the real location of the prover). This attack is possible because the threedistance bounding protocols are executed independently from each other.

V1 V2

V3

d1

P

d2

d3

P’

d’1 d’2

d’3

Figure 3.15: Attacker delays responses to cheat on his location

It is however unclear how a dishonest prover can take advantage of this attack.The attacker can only pretend to be further away from the verifiers than he reallyis and this is not always beneficial. In some scenarios, there could be an upperlimit on the allowed distance to the verifiers. If the prover is the further away,the location claim will be rejected. However in all other scenarios, where thereis no restriction on the prover’s location, the attack will be successful.


V2

V1

V3

P

d’3

d’1

d’2

Figure 3.16: Secure location verification: broadcast mode

Broadcast mode

Fortunately, the problems caused by adding delay to the round trip time, can besolved by employing broadcast mode. In this mode, the prover executes a distancebounding protocol with the three verifiers simultaneously. This requires that thethree verifiers are tightly synchronized and share the same clock signal. Oneof the verifiers takes the role of the master-verifier, the others are slaves. Theformer actively communicates with the prover during the execution of the securedistance bounding protocol, while the other two verifiers only observe. Theseroles can be assigned randomly among the verifiers, or based on certain poli-cies. During each round of the fast bit exchange phase of the distance boundingprotocol, the master-verifier sends a challenge to the prover. The latter gener-ates the corresponding response, and broadcasts it. The verifiers will receive thetransmitted response at a different moment. After the execution of the distancebounding protocol, the slaves send the received responses, together with the ex-act time they received these messages, to the master-verifier. The latter can thencombine this information, and compute the exact location of the prover.

Broadcast mode has the nice geometrical property that when a dishonest


prover would insert extra delay, this delay would be equal for all three the veri-fiers. This is true as long as an attacker does not succeed in sending the responseto each verifier separately, without the other two verifiers receiving the message.If this attack would be possible, an attacker could still insert well chosen delays,and pretend to be somewhere further away. If this can be prevented, and theinserted extra delay is equal for all three the verifiers, the result of the locationverification protocol will always be an area, and never a single point in space(unless the extra delay is zero). This is demonstrated in Fig. 3.16. The threesmall circles (denoted with a solid line on the figure) are the result of the securelocation verification protocol, if the extra delay would be zero. However becauseof the extra delay, the three verifiers measure the distance d′

i. The intersectionof these larger circles (denoted with a dashed line on the figure) is the shadedarea on the figure. The larger the delay, the bigger the area becomes.

Variable processing delay

In a realistic scenario, there will be a (small) variation on the processing delay.As a consequence, the round trip time measured by each verifier in each of therounds of the fast bit exchanges, will slightly vary. How to combine these differentround trip times? In principle, it is best to select the maximum round trip timemeasured by each verifier. This is more secure than computing the average roundtrip time, as the maximum round trip time is not affected in the scenario wherean attacker cheats in a few rounds. Only when the responses in all of the roundsare sent in advance, the maximum round trip time will change.

Fortunately, since the response of the prover is broadcasted, the processingdelay equally affects the round trip times measured by the three verifiers (thisis true as long as the prover does not move during the fast bit exchanges). Sothe maximum round trip time will be measured in the same round for all threeof the verifiers. And the three verifiers will have measured exactly the sameprocessing delay in this round. As a result, there is conceptually no differencein delay caused by the processing delay, and extra delay added by the attacker.This is a necessary requirement to geometrically and analytically compute theexact location of the prover.

Geometrical properties of broadcast mode

Even if the area, resulting from combining the measurements of the three verifiers,becomes quite large, this would not be problematic. Because of the broadcastmode, this area has some nice geometrical properties, which can be used to obtainmore information on the exact location of the prover.

Suppose one would construct a connection line between the position of oneof the verifiers Vi and the prover. If the distance between both points is di (e.g.,as is shown in Fig. 3.13), then the distance between the position of the prover


V1

V2

V3

Pdd

d

Figure 3.17: Geometrical properties of broadcast mode

and the contour of the area (following the prolongation of this connection line)would be d. This geometrical property is valid for all three the contours (and thecorresponding verifiers) and is partially shown in Fig. 3.17. The shaded area isthe result of the prover delaying the response and the point P in the center ofthis area is the exact position of the prover. The length of the three arrows is d.

If each the radii of the three circles would be reduced with length d, thecircles would intersect in exactly one point (the prover’s location). This pointof intersection is the radical point of the three circles (also called power center).The radical point is defined as the intersection of the radical lines of the threecircles [211]. This point has several interesting geometrical properties [42, 56,111], but these are outside the scope of this thesis.

Analytical properties of the broadcast mode

We will now express the geometrical properties of the broadcast mode analyt-ically. By doing this, one can compute the prover’s “exact” location (or anapproximation of this location). Because the location of the three verifiers isfixed and known by all entities, one can simplify the formulas to compute theprover’s location. For this purpose, one employs translations and rotations onthe axes of the coordinate system that is being used in the secure location ver-ification protocol. The result of this transformation should be that verifier V1

is located in the origin of the coordinate system, and verifier V2 somewhere on


V (0,0)1V (x ,0)2 2

V (x ,y )3 3 3

Figure 3.18: Transformation of the coordinate system

the X-axis. The result of this pre-computation step, which has to be performedonly once, is shown in Fig. 3.18. The coordinates of verifier V1, V2 and V3 in thisnew coordinate system are respectively (0, 0), (x2, 0) and (x3, y3). By carefullyselecting which verifiers are denoted by V1 and V2, one can make sure that bothx2 and y3 are strictly positive.

During the execution of the distance bounding protocol, the three verifiershave measured the distances d′i (this equals the maximal round trip time, mea-sured by verifier Vi, multiplied with the propagation speed of the wireless com-munication medium in which the distance bounding protocol is employed). Byemploying the geometrical properties of broadcast mode, one can express thelocation of the prover P (with unknown coordinates (x, y)) as follows:

x2 + y2 = (d′1 − d)2

(x− x2)2 + y2 = (d′2 − d)2

(x− x3)2 + (y − y3)

2 = (d′3 − d)2.(3.3)

The parameter d denotes the total amount of delay, caused by the prover and/orby the processing delay. The goal of the secure location verification protocol isto find the unknown values (x, y).

There is exactly one value d for which the three circles intersect in one point.This point of intersection is the exact location of the prover. Using a smallervalue d in Eq. (3.3) results in an area of intersection, and when using a largervalue d, the three circles no longer intersect. After finding the correct value d,one can easily compute the coordinates (x, y) (the prover’s location). If thereis a small error on the measurements (e.g., this can be caused by the mobilityof the prover, as we will show later in this section), it is no longer possible tofind an exact solution for Eq. (3.3). Fortunately, it is still possible to find anapproximation of the prover’s location. One first computes the three intersectionpoints that define the boundary of the area in which the prover is located. Thesepoints (denoted by A, B and C ) are shown in Fig. 3.19. Next, one constructs


Pdd

dA

B

C

Figure 3.19: Intersection points defining the area where prover is located

the triangle {A, B, C}, and searches for the value of d for which the area ofthe triangle is minimal. As an approximation of the prover’s location, any pointin this small triangle can be taken. More information on how to analyticallycompute the prover’s location can be found in Appendix A.

Special situations

In Fig. 3.16 and 3.17, we implicitly assumed that the prover was located inthe triangle {V1, V2, V3}. It is also interesting to study the situation wherethe prover is located outside the triangle formed by the three verifiers. In thatcase, the geometrical properties described above still hold, and one is still able tocompute the exact location of the prover. However, the shape of the area formedby the intersection of the three circles changes. This is shown in Fig. 3.20 (wherethe prover is located at a random position outside the triangle {V1, V2, V3}), andin Fig. 3.21 (where the prover is located outside the triangle {V1, V2, V3} andcollinear with two verifiers (V1 and V3 on the figure)).


V1V2

V3

P

Figure 3.20: Broadcast mode: prover is outside the triangle {V1, V2, V3}

P

V1

V2

V3

Figure 3.21: Broadcast mode: prover collinear with verifiers V1 and V3


Hyperbola attack

Unfortunately, there is a drawback in allowing the prover to be located anywhere(so also outside the triangle formed by the verifiers). There exists one specialsituation in which the prover can delay messages and still enforce the result of thetriangulation to be one point (instead of an area, as described above). Supposethe three verifiers are on a hyperbola and the prover is located exactly on oneof the foci of the hyperbola. The distance between the prover P and the threeverifiers is respectively d1, d2 and d3. Then the distance between the other focusof the hyperbola P’ and the three verifiers is respectively d1+d, d2+d and d3+d.The parameter d is a specific parameter for each hyperbola. So the only thingthe prover has to do to perform this hyperbola attack , is carefully selecting thedelay to correspond to this distance d. This is depicted conceptually in Fig. 3.22.By adding the specific delay d, the malicious prover can pretend to be at locationP’.

V1

V2

V3

PP’

d1

d1

d2

d2

d3

d3

d

d

d

Figure 3.22: Hyperbola attack

Since it is always possible to construct a hyperbola through a collection ofthree random, non-collinear points, the hyperbola attack cannot be prevented byputting the verifiers on a specific location. However it has to be noted that theimpact of the hyperbola attack is very minimal. It can only be conducted if theattacker is situated in one particular point (the focus located the closest to the


three verifiers), and the outcome of the attack is the attacker pretending to bein another particular point (the other focus of the hyperbola), further away fromthe verifiers.

If the hyperbola attack is however still in the advantage of the attacker, onecan prevent it by rejecting all the location claims in which the prover pretendsto be located in the focus the furthest away from the verifiers. The disadvantageof this approach is that this can result in false negatives (in case the proveris really located on this particular focus of the hyperbola), although this willoccur with low probability. A more elegant solution to avoid hyperbola attackstaking place, is to only allow the location of the prover to be inside the triangle{V1, V2, V3}. This countermeasure also has an another advantage. It makes thesecure location verification protocol resistant to attackers that can circumvent thebroadcast mode by sending the responses of the distance bounding protocol toeach verifier separately (and hence insert different extra delays for every verifier).

Mobile prover

In the geometrical and analytical analysis described above, we have assumed thatthe prover does not move during the fast bit exchanges. If there is a movementduring this phase, this will have an influence on the computation of the prover’slocation. Fortunately, this effect will have minor consequences, as we will shownow. W.l.o.g., let us assume that the Brands–Chaum distance bounding proto-col is executed during the secure location verification protocol, and there is nounnecessary delay between the different rounds. The exact number of roundsdepends on the required security level, but is typically in the order of a smallmultiple of ten.

As a numerical example, let us assume that there are 50 rounds of fast bitexchanges (this offers a security level of 250, which is quite high), and that elec-tromagnetic radiation is used (so the propagation speed is the speed of light).We will neglect the processing delay and the delay between the different rounds.The prover is initially located 30 m from each of the three verifiers. The totaltime to execute the fast bit exchange phase of the protocol (so the time betweensending the first challenge and receiving the 50th response), is then 10−5 s. Letus now assume that the prover moves at a constant speed of 10 m/s towards oneof the verifiers (e.g., verifier V1). During the execution of the fast bit exchangephase, the prover will have covered 10−4 m. As a consequence, the round triptime measured in the 50th round will be shorter for V1. To be exact, both chal-lenge and response will have to cover a distance of 299.9999 m, instead of 300 m.The influence of the movement of the prover on the measured round trip time ishence 3.33 · 10−4 %. As a consequence, this can definitely be neglected. Evenif the processing delay and the delay between two consecutive rounds would betaken into account, the effect of the movement on the round trip time would stillbe very small.


A moving prover during the fast bit exchange phase also has another con-sequence. The effect of the variation on the processing delay will no longer beequal for the three verifiers. By moving towards one verifier, the effect of a smallincrease of the processing delay can be (partially) canceled out because of thesmaller propagation delay (due to the shorter distance). This effect is not validfor the other two verifiers (they will measure a higher round trip time due tothe increase of the processing delay). As a consequence, the three verifiers couldmeasure their maximum round trip time in a different round during the fast bitexchange phase. The effect will be minimal (as show above in the numericalexample), but in principle it will cause Eq. (3.3) to have no longer an exact solu-tion. One can however still compute an approximation of the prover’s location.More information can be found in Appendix A.

Secure location verification protocol: summary

To conclude this section, we will now summarize how our secure location verifi-cation protocol works, and give an overview of the corresponding requirementsthat are necessary in order to guarantee the security.

To compute the “exact” location of a prover in a 2-dimensional plane (inpractice, one will compute an approximation of the prover’s location), one needsat least three collaborating, non-collinear verifiers. These three verifiers trusteach other and are assumed to work correctly. They share a secure communi-cation channel, which can be used to exchange their measurements. They alsohave access to the same key distribution center. This is necessary to make surethat all the verifiers can check identification claims originating from a particularprover. The verifiers are assumed to be tightly synchronized and share the clocksignal.

For security reasons, broadcast mode is employed. In this mode, the proverexecutes a distance bounding protocol with the three verifiers simultaneously.One of the verifiers takes the role of the master-verifier, the others are slaves.The former actively communicates with the prover during the execution of thesecure distance bounding protocol, while the latter only observe. These roles canbe assigned randomly among the verifiers, or based on certain policies. Duringeach round of the fast bit exchange phase of the distance bounding protocol,the master-verifier sends a challenge to the prover. The latter generates thecorresponding response and broadcasts it. The verifiers will receive the trans-mitted response at a different moment. These responses are stored in memory,together with the exact time they were received (this should be measured withvery high precision). After the execution of the distance bounding protocol, theslaves send these measurements (responses and times they were received) to themaster-verifier. The latter first verifies the responses. If they are correct, themaximum round trip time measured by each verifier is selected, and multipliedwith the propagation speed of the wireless communication medium (e.g., speed of

3.4. CONCLUSIONS 99

light when electromagnetic radiation is employed) to get the maximal measureddistance to each verifier (this is denoted by d′

i). By solving Eq. (3.3), one cancompute the coordinates (x, y) of the prover’s location. More information on howto do this, can be found in Appendix A.

The prover is assumed to broadcast his responses during the fast bit exchangephase of the distance bounding protocol, and not being able to send his responseto each verifier separately. The prover is allowed to be mobile, as this hardlyinfluences the round trip times measured by the three verifiers. Not all locationclaims in the 2-dimensional space are accepted. In order to avoid hyperbolaattacks, the prover should be inside the triangle {V1, V2, V3}. If the outputof the secure location verification protocol is a location outside this area, thelocation claim is rejected by the verifiers.

3.4 Conclusions

Distance bounding protocols have been introduced by Brands and Chaum atEurocrypt’93 to preclude distance fraud and mafia fraud attacks, in which a localimpersonator exploits a remote honest user. They can enhance mutual entityauthentication protocols in wireless ad hoc networks. By combining physical andcryptographic properties, distance bounding protocols enable a verifying partyto determine an upper bound on the distance between itself and a prover, whoclaims to be within a certain range. Secure distance bounding protocols shouldbe resistant to distance fraud, mafia fraud, and sometimes also to terrorist fraudattacks. To design such a secure protocol, one should take into account severalcryptographic and “physical” design principles.

We suggest to conduct the distance bounding protocol on dedicated (trusted)hardware. This hardware should be designed in such a way that the time ofreceiving a challenge, computing the corresponding response and transmittingthis response is not variable (up to a very high precision). Authorized entitiesshould use this dedicated hardware to authenticate themselves to another entity.It should not be possible for a prover to make the hardware run faster, neitherto extract the private (or secret) key, used in the distance bounding protocol.This is particularly important if the distance bounding protocol is conductedover a wireless communication channel of which its propagation speed is closeto the speed of light in vacuum. The use of ultra-sound is recommended whenthe distance between prover and verifier is relatively small and physically presentattackers can be excluded.

We have illustrated the cryptographic and “physical” design principles byintroducing some interesting distance bounding protocols that can be found inthe literature, and by discussing their main security properties. An overview ofpractical applications of distance bounding protocols was presented in this chap-ter, among them mutual entity authentication and secure location verification.


We have demonstrated that a secure location verification scheme can be con-structed by conducting a distance bounding protocol simultaneously with threecollaborating, tightly-synchronized, non-collinear verifiers. For security reasons,broadcast mode has to be used and all location claims originating from the areaoutside the triangle formed by the three verifiers, are rejected.

None of the distance bounding protocols presented in this chapter are resistantto all the physical attacks presented in [40]. More in particular, none of them isable to cope with bit errors occurring during the rapid single bit exchanges. Thisis however important since these protocols are conducted over noisy wireless adhoc channels. The noise resistant distance bounding protocols will be discussedin Chapter 4.

Chapter 4

Employing Distance

Bounding Protocols in

Noisy Environments

As demonstrated in the previous chapter, distance bounding protocols are em-ployed to preclude distance fraud and mafia fraud attacks, in which a local im-personator exploits a remote honest user. They can be used to enhance mutualentity authentication protocols in wireless ad hoc networks. By combining physi-cal and cryptographic properties, distance bounding protocols enable a verifyingparty to determine an upper bound on the distance between itself and a prover,who claims to be within a certain range.

As these protocols are conducted over noisy wireless ad hoc channels, theyshould be designed to cope well with substantial bit error rates during the rapidsingle bit exchanges. Bit errors can also be caused by interference. In this chapter,we present two secure distance bounding protocols that are resistant to bit errors:the RFID protocol of Hancke and Kuhn (SECURECOMM ’05), and our noiseresilient MAD protocol (ESAS ’07). Both protocols make use of a parameter x,which denotes the total number of errors that are allowed to occur during thefast bit exchanges. This parameter will play a very important role in the analysisof the protocols. In this chapter, we will study the main statistical propertiesof both noise resilient distance bounding protocols, and compare the requirednumber of fast bit exchanges in the (practical) scenario where the bit error rateis moderately low. Next, we will also investigate the robustness of both protocolsto very high bit error rates. We will demonstrate that to satisfy the specifieddesign criteria, the bit error rate should not exceed a particular threshold value.The results of this analysis help to choose the appropriate design parameters,such as the minimal required number of fast bit exchanges.

101

102 CHAPTER 4. DISTANCE BOUNDING IN NOISY ENVIRONMENTS


This chapter extends our research results that were published by us in [191, 194].The most important novel contributions presented here are:

• We present the noise resilient MAD protocol. This is a secure distancebounding protocol that is resistant to bit errors occurring during the fastbit exchanges.

• We give a detailed overview of the main statistical properties of the Hancke–Kuhn protocol and the noise resilient MAD protocol.

• We demonstrate that the noise resilient MAD protocol requires about halfof the number of fast communication rounds to obtain the same false accep-tance ratio as the Hancke–Kuhn protocol. If mutual entity authenticationis required, the number of fast bit exchanges required in the Hancke–Kuhnprotocol becomes the quadruple of the number of rounds needed in thenoise resilient MAD protocol.

• This chapter investigates the robustness to high bit error rates of bothsecure noise resilient distance bounding protocols.

• In order to satisfy the requirements on the false rejection and false ac-ceptance ratio, the bit error rate should not exceed a particular thresholdvalue. This upper bound will be computed in this chapter.

• We derive a lower limit on the required number of fast communicationrounds, and compare this limit for both secure noise resilient distancebounding protocols.

4.1 Noise Resilient Distance Bounding Protocols

Most distance bounding protocols are not robust to bit errors that occur duringthe fast bit exchanges. One single bit error causes the protocol to fail. As theseprotocols are conducted over a wireless channel, which is typically very noisy,distance bounding protocols should be designed to cope well with substantial biterror rates during the rapid single bit exchanges, as was first noted by Clulow etal. in 2006 [40]. Fortunately, there are some secure distance bounding protocolswhich have taken this design criteria into account. Hancke and Kuhn proposeda distance bounding protocol [76] for RFID which can easily be extended to dealwith bit errors. In 2007, we presented the noise resilient MAD protocol [191],which is an extended version of the MAD protocol [34] of Capkun et al. Bothdistance bounding protocols make use of a parameter x, which denotes the totalnumber of errors that are allowed during the n fast bit exchanges (for which the

4.1. NOISE RESILIENT DISTANCE BOUNDING PROTOCOLS 103

Prover Verifier

NP ∈R {0, 1}z NV ∈R {0, 1}zNV

NP

R← MACK(NV , NP )

v(0) ← R1| . . . |Rn

v(1) ← Rn+1| . . . |R2n

R← MACK(NV , NP )

v(0) ← R1| . . . |Rn

v(1) ← Rn+1| . . . |R2n

Ci ∈R {0, 1}


Ci

Ci · v(0)i + Ci · v(1)

i


Figure 4.1: Distance bounding protocol of Hancke and Kuhn

protocol should still end successfully). This parameter x will play an importantrole in the statistical analysis of both protocols, as will be demonstrated later inthis chapter. We will now give a brief overview of both protocols.

4.1.1 The RFID protocol of Hancke and Kuhn

To the best of our knowledge, Hancke and Kuhn were the first to propose adistance bounding protocol [76] that can easily be extended to deal with bit er-rors. This is important for noisy wireless environments like RFID. Their originaldistance bounding protocol is shown in Fig. 4.1.

The RFID protocol of Hancke and Kuhn is carried out as follows. First,the prover and verifier exchange a random nonce (NP and NV respectively).Both parties then use a pseudo-random function (popular constructions suchas HMAC [12] and CBC-MAC [95] have been shown to be pseudo-randomfunctions [140]) to compute two n-bit sequences v(0) and v(1) (more in detail:MACK(NV , NP ) = v(0)|v(1)). Next, a series of n fast bit exchanges is per-formed. In each round, the verifier sends a random single bit challenge Ci to


the prover. If this challenge equals 0, then the prover responds with the i-th bitof v(0). If the challenge equals 1, then the prover sends the i-th bit of v(1). Ineach round, the verifier measures the time between sending Ci and receiving thecorresponding response. The maximum round trip time is selected and this mea-surement determines an upper bound on the estimation of the distance betweenprover and verifier. If all responses are correct, the protocol succeeds. A cleverattacker can perform a mafia fraud attack, and execute the protocol in advancewith the correct prover. This way, the attacker has in each round a probabilityof 3

4 to send a correct response [76], and hence wrongfully convincing the verifierthat an entity in possession of the secret key K is in the vicinity.

If we compare the Hancke and Kuhn distance bounding protocol with theBrands and Chaum protocol, we notice that the latter requires a signature tobe sent at the end of the protocol, while the former stops after the executionof the n fast bit exchanges. So the Brands and Chaum protocol requires morebits to be interchanged on the slower communication channel, while the Hanckeand Kuhn protocol needs more rounds of rapid single-bit exchanges (for an equallevel of security). The latter is caused by the high success probability of a mafiafraud attack. Munilla et al. proposed to use “void challenges” in the Hancke andKuhn protocol [143] to improve the security. However the disadvantage of theirsolution is that is requires three (physical) states: 0, 1 and void.

The Hancke and Kuhn protocol can be easily adapted to make it noise re-silient, by choosing an appropriate value of the security parameter x, which de-notes the number of bit errors that are allowed during the n fast bit exchanges. Itdepends on the bit error rate. The distance bounding protocol succeeds if at least(n − x) of the responses sent by the prover are correct. The security parameterx has to be chosen very carefully. Incrementing the number of allowed errors xincreases the false acceptance ratio dramatically, as will be demonstrated laterin this chapter.

4.1.2 Noise resilient mutual authentication with distance

bounding

As discussed in Sect. 3.2.1, the MAD protocol of Capkun et al. has the niceproperty that in each of the n rounds of the fast bit exchanges, an attacker onlyhas a 1/2 probability of replying to the verifier with a correct response. It alsooffers mutual entity authentication. On the other hand, the distance boundingprotocol of Hancke and Kuhn can be easily made resilient to bit errors occurringduring the fast bit exchanges, which is a very desirable feature. It would be idealto combine the good properties of both distance bounding protocols.

A trivial way of making the MAD protocol noise resilient, is exchanging allchallenges and responses again on a slower communication channel with errorcorrection (of course, this has to be done after the fast bit exchanges). However,


this is not very efficient. We will now present an efficient modification of theMAD protocol, which is also resilient to some bit errors (we allow x bit errors intotal) during the fast bit exchanges. Our protocol will be denoted as the noiseresilient MAD protocol.

Assumptions

Before discussing our noise resilient MAD protocol, we first give a brief overviewof some (security) assumptions we implicitly made during the design of our pro-tocol (see the protocol description for more details).

The protocol consists of n rounds in which a single bit challenge-responseprotocol is carried out. It will be executed by two personal devices (denoted byAlice and Bob). We assume that these devices share a secret key K and that bothdevices can carry out precise timing measurements (and hence measure the roundtrip time in each of the n rounds accurately). During each round, Alice and Bobhave to compute the XOR of 2 bits. We assume that this can be calculated veryefficiently in hardware. We also expect Alice and Bob not to be able to computean (n, k) error correcting code in non-negligible time. The fast communicationchannel used during the rapid bit exchanges is presumed to be symmetric. So abit error is as likely to occur in a challenge as in a response. The cryptographicalgorithms (such as a MAC function or a commitment scheme) used in our noiseresilient MAD protocol are expected to be cryptographically secure. Our protocolis designed to be secure against an active attacker, who can perform man-in-the-middle attacks and start an instance of the distance bounding protocol with Aliceand/or Bob. The attacker is assumed to be computationally bounded and notable to carry out wormhole attacks. However, he can intercept all communication,even if it originates from a large distance.

Protocol description

Our protocol, in which two devices will mutually authenticate each other, isshown in Fig. 4.2. The protocol presented below extend the research results thatwere published by us in [191].

The protocol is carried out as follows. First, both parties agree on an (n, k)Error Correcting Code (ErCC). To correct at least x bit errors during the fastbit exchanges, this binary code should have a minimal Hamming distance dmin

such that x = ⌊(dmin− 1)/2⌋. More information on which (n, k) error correctingcode to use for a given distance dmin can be found in [101, 129, 134, 162]. Notethat we consider both linear and nonlinear codes1.

Next, Alice and Bob generate k random bits (r1, . . . , rk and s1, . . . , sk respec-tively). These k bits are extended to n-bit strings (r1, . . . , rn and s1, . . . , sn) by

1An (n, k) ErCC is defined as an error correcting code that transforms a k -bit informationword into an n-bit code word.


Alice Bob

r1, . . . , rk ∈R {0, 1} s1, . . . , sk ∈R {0, 1}Apply (n, k) ErCC to obtain:

r1, . . . , rk, rk+1, . . . , rn

Apply (n, k) ErCC to obtain:

s1, . . . , sk, sk+1, . . . , sncommit(r1| . . . |rk)

commit(s1| . . . |sk)

Start of rapid bit exchangeα1 ← r1 α1

β1 ← s1 ⊕ α1β1

. . .

αi ← ri ⊕ βi−1 αi

βi ← si ⊕ αiβi

. . .

αn ← rn ⊕ βn−1 αn

βn ← sn ⊕ αnβn


si ← αi ⊕ βi r1 ← α1 and ri ← αi ⊕ βi−1

Use ErCC to correct errors:⇒ s1, . . . , sk

Use ErCC to correct errors:⇒ r1, . . . , rk

yA ← MACK(r1|s1| . . . |rk|sk) yB ← MACK(s1|r1| . . . |sk|rk)(open commit) , yA

(open commit) , yB

Verify commit

Verify yB

Verify commit

Verify yA

Figure 4.2: Noise resilient MAD protocol


applying the error correcting code described above. A secure commitment to thek-bit string r1, . . . , rk (or s1, . . . , sk) is sent to the other party. Several securecommitment schemes can be used in our distance bounding protocol. E.g., onecould first generate a 128-bit random string, then concatenate it with the k-bitstring r1, . . . , rk (or s1, . . . , sk) and apply a cryptographic hash function to the re-sulting string of bitlength 128+k. The output of this function is sent to the otherparty. To open the commitment, one should reveal the 128-bit random string.This commitment scheme is unconditionally hiding and conditionally binding.Other secure commitment schemes can also be used. More information can befound in [46].

During the n fast bit exchanges, the following two steps are repeated n times:

• Alice sends the bit αi to Bob where α1 = r1 and αi = ri ⊕ βi−1.

• Bob sends the bit βi to Alice where βi = si ⊕ αi.

In each round, the time between sending αi and receiving βi (or sending βi

and receiving αi+1) is measured. The maximum round trip time is selected andthis measurement determines an upper bound on the estimation of the distancebetween Alice and Bob. After the fast bit exchanges, both parties use the (n, k)ErCC to correct bit errors (each party can correct a maximum of x bit failures)and this way recover the bits s1, . . . , sk and r1, . . . , rk respectively. Finally, Aliceand Bob compute a MAC on the concatenation of ri and si (or si and ri) andopen the commitment sent in the beginning of the protocol. If the MAC and thecommitment are correct, the protocol is successful. Note that our protocol onlyrequires low-cost cryptographic primitives, and hence is perfectly suitable to beemployed in resource constrained wireless networks.


The noise resilient MAD protocol is quite similar to the original MAD protocolof Capkun et al. [34] However an important difference is that only the first kdata bits ri (or si) are independent, the other n-k bits are redundant to correctup to x errors. So in the worst case scenario, where no bit errors occur but theother party expects a maximum of x bit errors, the attacker has in each of thefirst k rounds a probability of 1/2 to send a correct response. In the other n-krounds, the attacker will send a correct response with a probability of 100% (sincethese last n-k bits depend on the fist k data bits and can hence be computedin advance). The more bit errors due to noise are expected (so the higher theparameter x ), the more fast communication rounds n are needed to achieve aparticular security level. So noise has a negative impact on the security of thenoise resilient distance bounding protocol. A more detailed discussion on theinfluence of noise (e.g., on the security of the noise resilient distance boundingprotocol) will follow in the rest of this chapter.


The noise resilient MAD protocol achieves mutual authentication. So both Al-ice and Bob can verify the identity and presence of the other party. To avoid man-in-the-middle attacks and achieve mutual authentication, both parties shouldcarry out precise timing measurements and measure the round trip time accu-rately. Otherwise, an attacker can guess 2x bits wrongly (instead of x ), and stillfinish the protocol successfully. This attack, which is demonstrated by Munillaand Peinado [144], would lower the security level of the protocol.

The attack, which is depicted in Fig. 4.3, is executed during the fast bitexchanges, and works as follows. Let us assume that only Alice is able to measurethe round trip time. During the first phase of the attack, the attacker guesses thechallenge αi and sends this to Bob. The latter replies with the correct responseβi. Next, the attacker receives the correct challenge αi from Alice. If his guessof αi was correct, he replies with the bit βi, otherwise he sends the inverse ofthis response. In the latter case, the attacker sends the inverse of his guess ofαi+1 to Bob during the next round (round i + 1), pretending that a bit errorhad occurred in the previous round (round i). This is repeated until the attackermade x wrong guesses. From that moment on, the second phase of the attackstarts. In this phase, the attacker waits for a challenge αi originating from Alice,and immediately guesses the reply βi. Next, he forwards the challenge αi to Bob.In the second phase of the attack, the attacker can again make x wrong guesses,since the errors made in the first phase of the attack were only detected byBob. After and before the fast bit exchanges, the protocol is conducted normally,without interference of the attacker (so the commitments sent in the beginningof the protocol, and the MAC in the end of the protocol, are sent from Alice toBob and vice versa).

As a result, the attacker can make up to 2x wrong guesses. The attack ispossible since the attacker can switch from the first phase of the attack to thesecond, without this being noticed. To preclude this attack, both parties shouldmeasure the round trip time accurately, such that Bob would notice that theattacker switches to the second phase of the protocol (because the next challengeαi would arrive after too long a delay), and the protocol would fail. Because ofthis requirement, the implementation of the noise resilient MAD protocol shouldbe excluded for RFID devices and contactless smart cards with limited resources.These devices typically do not have accurate timing mechanisms.

We implicitly assumed that the error correcting code, employed in the noiseresilient distance bounding protocol, cannot be computed in a negligible shorttime. Otherwise the attacker can perform an interesting man-in-the-middle at-tack. This attack starts by guessing the first k responses and sending these toAlice. Simultaneously, the attacker forwards the challenges, received from Alice,to Bob and observes the responses. After having received the k-th response ofBob, the attacker starts computing the last (n− k) redundant bits of ri (or si).This will take some time.


Alice BobAttacker

First phase of the attack

α∗i

βi

αi

β∗i ← βi ⊕ αi ⊕ α∗

i

β∗i

. . .

Second phase of the attack

αi

βi

αi

βi

. . .

Figure 4.3: Man-in-the-middle attack on the noise resilient MAD protocol


Let us assume that these bits are computed in a time needed to conduct q fastcommunication rounds (starting to count from round k + 1). By employing the(n, k) error correcting code, up to x errors can be corrected after the executionof the n fast communication rounds. Since the last (n − k − q) responses willdefinitely be correct (they make use of the (n − k) redundant bits of the errorcorrecting code, computed by the attacker), the adversary is allowed to make xerrors during the first k + q rounds. So the man-in-the-middle attack succeedsif less than x responses guessed during the first k + q rounds were wrong. Thishappens with probability:

x∑

i=0

(

k + q

i

)

·(

1

2

)k+q

. (4.1)

This man-in-the-middle attack is a security problem when it becomes more effi-cient than the best known attack on the noise resilient MAD protocol, which isjust guessing the first k bits ri (or si). Otherwise, the attack could be neglected.This can be translated to the following important requirement:

x∑

i=0

(

k + q

i

)

< 2q . (4.2)

As a result, one should avoid that an attacker succeeds in computing the (n− k)redundant bits of the error correcting code in q rounds, with q not satisfyingthe requirement formulated in Eq. (4.2). Let us illustrate this with a numericalexample. If x equals 1 and k equals 56, then q should be larger or equal than6. Otherwise, the man-in-the-middle attack described above applies. To avoidthis problem, the noise resilient MAD protocol should use electromagnetic signalsto transport data during the fast communication rounds. The processing delayshould also be as small as possible. Upon receiving a challenge, the responseshould be sent almost immediately. This way, the time to execute one round isas small as possible, which causes q to be large.

Note that the implications of a successful man-in-the-middle attack are quitelimited. To forward challenges from Alice to Bob, and make sure that both runsof the protocol (between the attacker and Alice, and between the attacker andBob) are synchronized, the attacker has to delay one of the protocol runs. As aresult, the nearest an attacker can pretend to be is exactly in the middle betweenAlice and Bob. Otherwise, the probability of a successful attack decreases by afactor 2. This limits the consequences of the attack.

The rest of the security analysis is very similar to the one of the protocol ofBrands and Chaum in Sect. 3.2.1. The probability of performing a successfuldistance fraud or mafia fraud attack is in the worst case 1/2k. The noise resilientdistance bounding protocol is vulnerable to a terrorist fraud attack . This can besolved by executing the protocol in trusted hardware.

4.2. STATISTICAL PROPERTIES 111

4.2 Statistical Properties

As already stated, both noise resilient distance bounding protocols contain a se-ries of n fast bit exchanges. In each round, both the challenge and the responsehave a bit length of 1. This limits the modulation techniques that can be used (amodulation symbol should represent a single bit). In the Hancke and Kuhn pro-tocol, all the n rounds are independent of each other, while in the noise resilientMAD protocol, at least k rounds are independent. The consequence is that itdoes not matter if bit errors are uniformly spread among the n rounds, or occurin bursts (as is typically the case in wireless channels). Only the total numberof bit errors affects the false acceptance and false rejection ratio. This simplifiesour statistical evaluation of the noise resilient distance bounding protocols. Thebit error rate is denoted by Pb.

Some of the challenges and/or responses will be corrupted by noise. Theprobability that a round fails is denoted by ε. A round fails if the verifyingparty receives an incorrect response, or if one of the parties in the noise resilientMAD protocol gets a corrupted bit ri or si. Let us first have a look at the Hanckeand Kuhn protocol. A bit error can appear in the challenge, or in the response(both with probability Pb). If the prover receives an incorrect challenge, he stillhas a probability of 1/2 to send the correct response (this event happens whenthe responses for both the challenges 0 and 1 are equal). If the verifier receivesa corrupted response, the round fails certainly. So one can easily compute theprobability εH that a round fails in the Hancke and Kuhn distance boundingprotocol:

εH =3

2Pb − P 2

b . (4.3)

In the noise resilient MAD protocol, a round fails by definition with a prob-ability of 100% when a bit αi or βi is corrupted. The probability εMAD that around fails in the noise resilient MAD protocol is equal to

εMAD = 2Pb . (4.4)

Note that the probability εMAD is always higher than εH for an equal bit errorrate.

An honest prover is falsely rejected if more than x bit errors occur during thefast bit exchanges (which consist out of n rounds). The false rejection ratiodepends on the probability ε and is equal to

PFR =

n−x−1∑

i=0

(

n

i

)

· (1− ε)i · ε(n−i) . (4.5)

This expression is valid for both distance bounding protocols. The variable ε isequal to εH (when the Hancke–Kuhn protocol is employed) or εMAD (when thenoise resilient MAD protocol is employed).


An attacker can use the uncertainty of which bits are corrupted by noise, tohis advantage. In the worst case, no bit errors occur, but the (honest) verifierexpects a maximum of x bit errors. As a consequence, an attacker only has toguess (n−x) responses right in the Hancke and Kuhn distance bounding protocolto perform a successful attack (if no bit errors due to noise are expected, anattacker would have to guess all n responses correctly to be successful). Thefalse acceptance ratio of the Hancke and Kuhn protocol equals

PFA =n∑

i=n−x

(

n

i

)

·(

3

4

)i

·(

1

4

)(n−i)

. (4.6)

The situation is slightly different in the noise resilient MAD protocol. Sincethe first k bits of ri and si are independent and uniformly distributed in {0,1},the two sequences αi and βi are independent up to index k (and by consequence,the first k rounds of rapid single-bit exchanges are also independent). If thecommitments sent in the beginning of the protocol are (un)conditionally hidingand binding, it is infeasible for a computationally bounded attacker to determinethese bits in advance. The last (n− k) bits of ri and si depend of the first k bitsand can be easily computed by applying the (n, k) error correcting code. In theworst case scenario (no bit errors occur), the last (n − k) bits of the sequencesαi and βi can be computed in advance (from the moment the first k rounds areconducted) and do not offer extra security. To be successful, an attacker hencehas to correctly guess the first k independent data bits ri (or si). The falseacceptance ratio of the noise resilient MAD protocol equals

PFA =

(

1

2

)k

. (4.7)

4.3 Performance Analysis at Low Bit Error Rates

Both noise resilient distance bounding protocols have some interesting character-istics. We will now compare both protocols when the bit error rate is moderatelylow (maximally in the order of 0.01). In Sect. 4.4, we will investigate the ro-bustness of both protocols to higher bit error rates (e.g., in the order of 0.1and higher). The results presented in this section extend our research resultspresented in [191].

4.3.1 Influence of bit errors on the false acceptance ratio

In the worst case scenario, an honest verifier expects to receive some corruptedbits due to noise, while in fact there is no noise at all. As a direct consequence, anattacker can obtain a major advantage. Whenever he guesses a response wrongly,he can blame it to the noise. Allowing bit errors to occur hence helps the attacker

4.3. PERFORMANCE ANALYSIS AT LOW BIT ERROR RATES 113

Table 4.1: Influence of the number of allowed errors x on the false acceptanceratio for n = 37 and Pb = 0.01

# allowed errors Hancke–Kuhn Noise Resilient MAD

x PFA (n, k) ErCC PFA

4 0.0284 (37, 16) 1.5259 · 10−5

3 0.0089 (37, 22) 2.3842 · 10−7

2 0.0021 (37, 26) 1.4901 · 10−8

1 3.1784 · 10−4 (37, 31) 4.6566 · 10−10

0 2.3838 · 10−5 (37, 37) 7.2760 · 10−12

and decreases the security level. This is expressed by the false acceptance ratio.This parameter is inversely related to the security level of the noise resilientdistance bounding protocol. If it becomes too high, an attacker is quite likely toperform a successful attack.

As long as an attacker has a maximum of x wrong guesses, the Hancke andKuhn distance bounding protocol will end successful (because the verifier be-lieves that the incorrect bits were corrupted by noise). The more errors that areallowed, the larger the false acceptance ratio. The same property is also valid forour noise-resilient MAD protocol. For a fixed number n of rounds, the more errorsx have to be corrected, the smaller the parameter k has to be [101, 129, 134, 162].And because only the first k rounds of the fast bit exchanges contribute to thesecurity, the false acceptance ratio will increase with decreasing k (this is alsodemonstrated by Eq. (4.7)). This property is illustrated for both distance bound-ing protocols in Table 4.1. In this numerical example, n = 37 and the bit errorrate Pb is 0.01. The error correcting codes for our noise resilient MAD protocolhave been selected based on the information published in [101]. The results inTable 4.1 clearly show that the false acceptance ratio increases significantly withthe number x of allowed errors. One can also notice that the false acceptanceratio is remarkably smaller in the noise resilient MAD protocol (several orders ofmagnitude). We will discuss this observation more in detail in Sect. 4.3.3.

4.3.2 Comparison of the false rejection ratio

Whereas noise helps an attacker to deceive an honest verifier, it is disadvanta-geous for an honest prover behaving correctly. The higher the bit error rate Pb,the higher the probability that the distance bounding protocol will fail becauseof too many bit errors during the fast bit exchanges. If no bit errors occur duringthe fast bit exchange phase, an honest prover will always be able to authenticate


Table 4.2: Comparison of the false rejection ratio for n = 37 and Pb = 0.01

# allowed errors x Hancke–Kuhn: PFR Noise Res. MAD: PFR

x = 6 1.1337 · 10−6 7.7770 · 10−6

x = 5 1.7107 · 10−5 8.7314 · 10−5

x = 4 2.1512 · 10−4 8.1806 · 10−4

x = 3 0.0022 0.0062x = 2 0.0176 0.0375x = 1 0.1051 0.1689x = 0 0.4262 0.5265

himself successfully. To decrease the false rejection ratio, one has to allow morebit errors to take place (parameter x ) for a fixed number n of rounds, or decreasethe number of rounds (without changing x ). The choice of the parameter x hasto be in accordance to the expected number of errors, which depends on thenumber n of rounds and the bit error rate Pb.

The observation above nicely illustrates the typical trade-off between usabilityand security. Increasing the parameter x improves the usability (a honest proveris more likely to successfully authenticate himself), but at the same time reducesthe security level (an attacker is more likely to perform a successful attack).Choosing a lower value of the parameter x reduces the false rejection ratio (theusability of the protocol), but raises the false acceptance ratio (the security levelof the protocol). The most appropriate choice of the parameter x depends on thespecifications of the entity authentication protocol, in which the noise resilientdistance bounding protocol is employed. In Sect. 4.4, we will show that thistrade-off becomes problematic in the extreme scenario where the bit error rate isvery high.

As demonstrated in Sect. 4.2 by Eq. (4.3) and Eq. (4.4), the probability εMADof a round to fail in the noise resilient MAD protocol is always higher than inthe Hancke and Kuhn distance bounding protocol (εH). Since the false rejectionratio is directly related to the probability of a round failure (see Eq. (4.5)), thisratio will be lower in the Hancke and Kuhn protocol (for equal number n ofrounds and allowed errors x ). This property is demonstrated in Table 4.2. Inthis numerical example, n = 37 and Pb = 0.01. Note that the difference in falserejection ratio between both distance bounding protocols is relatively small. Byallowing a few more errors to occur in the noise resilient MAD protocol, thefalse rejection ratio becomes (more or less) equal for both distance boundingprotocols (e.g., for n = 47 and Pb = 0.01: PFR(Hancke, x = 9) = 1.6879 ·10−9 ≈PFR(MAD,x = 10) = 1.8353 · 10−9).

4.3. PERFORMANCE ANALYSIS AT LOW BIT ERROR RATES 115

Table 4.3: Comparison of the false acceptance ratio for n = 63 and Pb = 0.02

# allowed errors Hancke–Kuhn Noise Resilient MAD

x PFA (n, k) ErCC PFA

13 0.2611 (63, 12) 2.4414 · 10−4

10 0.0584 (63, 18) 3.8147 · 10−6

7 0.0052 (63, 28) 3.7253 · 10−9

5 5.1111 · 10−4 (63, 37) 7.2760 · 10−12

3 2.3004 · 10−5 (63, 47) 7.1054 · 10−15

1 2.9599 · 10−7 (63, 57) 6.9389 · 10−18

4.3.3 Comparison of the false acceptance ratio

As demonstrated above in Sect. 4.3.1, to decrease the false acceptance ratio, onehas to allow fewer bit errors (denoted by x ) for a fixed number n of rounds, orincrease the number of rounds (without changing x ).

Table 4.1 already showed that the false acceptance ratio is remarkably higherin the Hancke and Kuhn protocol. The main reason is that an attacker has a 3/4probability of guessing a response correctly in the Hancke and Kuhn protocol(by performing a mafia fraud attack), but only a 1/2 probability in the noiseresilient MAD protocol. This difference is amplified exponentially, and not en-tirely compensated for the fact that an attacker has to guess more bits correctlyin the Hancke and Kuhn protocol ((n− x) bits, compared to k bits in the noiseresilient MAD protocol). This property is also demonstrated in Table 4.3. Inthis numerical example, n = 63 and Pb = 0.02. The error correcting codes havebeen selected based on [129] (some of these codes are non-linear).

4.3.4 Required number of fast communication rounds

By observing the numerical examples shown in Sect. 4.3.1 and Sect. 4.3.3, onecan easily notice that the difference in false acceptance ratio is quite large: evenallowing a slightly lower number of allowed bit errors x in the Hancke and Kuhnprotocol does not really help to remove this inequality (e.g., if we have a lookat Table 4.3: PFA(Hancke, x = 1) = 2.9599 · 10−7 > PFA(MAD,x = 7) =3.7253 · 10−9).

Instead of varying the parameter x, one could also fix the number of allowedbit errors, and compare the required number n of fast bit exchanges. Increasingthe number of fast communication rounds makes the distance bounding moreexpensive, as the cost is directly related to the number n of rounds. Figure 4.4shows the relation between the false acceptance ratio and the number of rounds


10−20

10−18

10−16

10−14

10−12

10−10

10−8

10−6

10−4

10−2

20

40

60

80

100

120

140

160

180

200

220

False−acceptance ratio

Nu

mb

er

of

rou

nd

s n

Hancke and Kuhn

Noise Res. MAD

Figure 4.4: Relation between the false acceptance ratio PFA and the number nof rounds for x = 5 and Pb = 0.005

n, for a fixed number of allowed errors x. In this numerical example, we fixed thenumber x of allowed errors to 5, the bit error rate Pb is 0.005, and the informationon which error correcting code to use (in the noise resilient MAD protocol) isbased on [129]. Figure 4.4 demonstrates that the Hancke and Kuhn protocolneeds about twice as many rounds n to obtain the same false acceptance ratio.This increases the cost, and also causes the false rejection ratio to rise severalorders of magnitude.

One should note that the distance bounding protocol of Hancke and Kuhndoes not offer mutual authentication, while the noise resilient MAD protocol does.If mutual authentication is required, one has to employ the distance boundingprotocol of Hancke and Kuhn twice (in the second run of the protocol, the rolesof the prover and verifier are swapped). This doubles the number of rounds. Andas a result, the required number n of fast bit exchanges becomes the quadrupleof the number of rounds needed in the noise resilient MAD protocol.

Compared to the Hancke and Kuhn protocol, the noise resilient MAD protocolrequires slightly more bits to be exchanged on the slower communication channel.This also influences the cost of the protocol. To determine the exact total cost

4.4. CONSTRAINTS DUE TO HIGH BIT ERROR RATES 117

of both noise resilient distance bounding protocols, one has to take into accountthe technical characteristics of the wireless communication medium. If the biterror rate is expected to be very high (in the order of 0.1), one also has to focuson the results discussed in Sect. 4.4 to decide which distance bounding protocolis the most appropriate for the particular application.

4.4 Constraints Due to High Bit Error Rates

As demonstrated in Sect. 4.3, both the false rejection and the false acceptanceratio depend on the number of allowed errors x, and hence (indirectly) also onthe bit error rate Pb. In order not to endanger the correct operation of the entityauthentication protocol, in which the noise resilient distance bounding protocolis employed, one wants the probabilities PFR and PFA not to exceed a certainthreshold (not necessarily the same for both parameters). The designer of thesystem has to choose the values n and x in such a way that both criteria aresatisfied. As has already been discussed before, these two design goals (reducingPFR and PFA) are contradictory. For a fixed number n of rounds, increasing thenumber of allowed errors x reduces the probability PFR, but at the same timeraises PFA.

Fortunately, this is not a problem when the bit error rate is small. The marginis then large enough and one can easily find a value of the parameter x (for agiven number n of rounds), in such a way that all the specifications are met.The problem arises when the bit error rate increases, and the margin becomessmaller. As we will demonstrate, there is an upper limit on the bit error ratePb, for any given threshold on the false rejection ratio PFR and false acceptanceratio PFA. From the moment Pb exceeds this limit, it is impossible to create anoise resilient distance bounding protocol with parameters n and x, that satisfiesboth design criteria simultaneously (PFR and PFA below the given threshold).This is import to decide which noise resilient distance bounding protocol is bestsuited to be used in the particular entity authentication protocol.

4.4.1 Upper limit on the bit error rate

We will now derive this upper limit for both noise resilient distance boundingprotocols and study the most interesting properties. Note that in our statisticalanalysis, which is based on our results that are published in [194], we will im-plicitly assume that linear error correcting codes are used in the noise resilientMAD protocol. The results of our analysis are not valid for non-linear codes.


Statistical analysis

Let us denote the thresholds on the false rejection ratio and the false acceptanceratio by AFR and AFA respectively. To simplify our statistical evaluation, weassume that the number n of rounds is large enough. We will come back tothis issue in Sect. 4.4.2. When n > 5/ε, Eq. (4.5) can be approximated bya normal distribution. The larger the number of rounds, the more accuratethis approximation (and the rest of our statistical evaluation) becomes. Sincethe false rejection ratio PFR is normally distributed, we first transform it to astandard normal variable Z. The requirement that the false rejection ratio shouldnot exceed the threshold AFR can be denoted by the following equation:

Pr(Z ≤ −z1) ≤ AFR . (4.8)

Combining this expression with Eq. (4.5) results in the following inequality:

x ≥ z1 ·√

n · ε · (1− ε) + n · ε− 1/2 . (4.9)

where ε is the probability that a round fails (equal to εH or εMAD ). Thisexpression is valid for both distance bounding protocols.

The requirement that the false acceptance ratio PFA is below a thresholdAFA leads to a second inequality. However, this expression is different for bothnoise resilient distance bounding protocols.

Let us start with the RFID protocol of Hancke and Kuhn. Since weassume that the number n of rounds is large enough, Eq. (4.6) can also be ap-proximated by a normal distribution. This property holds if n > 20, and becomesmore accurate when the number of rounds increases. We can hence transformthe false acceptance ratio PFA to a standard normal variable Z. The requirementthat PFA should not exceed the threshold AFA can then be formulated by thefollowing equation:

Pr(Z ≤ −z2) ≤ AFA . (4.10)

Combining this expression with Eq. (4.6) results in the following inequality:

x ≤ n− z2 ·√

3n

4− 1/2 . (4.11)

To make sure that both parameters PFR and PFA are below their respectivethreshold values, one has to combine Eq. (4.9) and Eq. (4.11). The result is anupper limit on the bit error rate Pb for the RFID protocol of Hancke and Kuhn,which is equal to

Plim,H =3

4−

√

√

√

√ 1

16+

n + z2 ·√

3n + z1 ·√

3n + 4z21 − 2z2 ·

√3n− 3z2

2

4(n + z21)

. (4.12)


Let us now compute this limit for the noise resilient MAD protocol. Westart by combining the Plotkin bound [163] of a linear (n, k) error correcting codewith the fact that x = ⌊dmin−1

2 ⌋. This results in the following inequality

x ≤ n · 2k−2

2k − 1− 1/2 . (4.13)

Note that k directly determines PFA, as shown in Eq. (4.7). Applying a stricterbound on the minimal Hamming distance yields to a stricter bound on the numberof errors x. For small values of k/n, the Plotkin bound is sufficiently tight. Theratio k/n is small in our analysis, since we are particularly interested in thescenario where many bit errors occur during the n fast bit exchanges. To makesure that both parameters PFR and PFA are below their respective thresholdvalues, one has to combine Eq. (4.9) and Eq. (4.13). The result is an upper limiton the bit error rate Pb for the noise resilient MAD protocol, which is equal to

Plim,MAD =z21 · (2k − 1) + n · 2k−1 − z1 ·

√

z21 · (2k − 1)2 + n · 2k · (3 · 2k−2 − 1)

4(n + z21)(2k − 1)

.

(4.14)Both Eq. (4.12) and Eq. (4.14) can be significantly simplified when the number

n of rounds is very large compared to the values of z1 and z2 (or k). In thisspecial case, the simplified upper limit on the bit error rate Pb for the RFIDprotocol of Hancke and Kuhn becomes

Plim,H,simpl =3

4−

√

5

16+

√3 · (z1 + z2)

4√

n. (4.15)

The larger the value n, the more accurate this approximation becomes, and theless the upper limit on the bit error rate Pb gets determined by the constraints onthe false rejection and acceptance ratio. When the number of rounds is severalorders of magnitude larger than the parameters z1 and z2, the upper limit on thebit error rate becomes constant and reaches its maximal value, which is equal to3−

√5

4 ≈ 0.19.If the number n of rounds is very large compared to the values of z1 and k,

the simplified upper limit on the bit error rate Pb for the noise resilientMAD protocol becomes

Plim,MAD,simpl =2k−3

(2k − 1)− z1 · 2

k2−2 ·√

3 · 2k−2 − 1√n · (2k − 1)

. (4.16)

The larger the value n, the more accurate this approximation becomes. Whenthe number of rounds is several orders of magnitude larger than the parametersz1 and k, the simplified upper limit on the bit error rate equals

Plim,MAD,simpl =2k−3

2k − 1. (4.17)


0

20

40

60

0

2

4

6

0.05

0.1

0.15

0.2

0.25

kz

1

Pb

Figure 4.5: Influence of z1 and k on Plim,MAD (NR MAD) for n = 500

For larger values of k (k > 5), this equation approximates 18 = 0.125.

In the rest of this chapter, we will only use the most general and accurate ex-pressions of the upper limit on the bit error rate, being Eq. (4.12) and Eq. (4.14).

Characteristics of the upper limit

Both noise resilient distance bounding protocols have some interesting propertieswhen the bit error rate is relatively high. We will now have a closer look at themost interesting characteristics of the upper limit on the bit error rate Pb.

It is important to note that the number of fast communication rounds n, inthe analysis below, is assumed to be very high (in the order of 500 and higher).This is necessary to make sure our statistical results apply. For a given bit errorrate Pb (which is assumed to be high) and thresholds on the false acceptance andfalse rejection ratio AFA and AFR, there is a certain minimal required numberof rounds n (this lower bound will be derived in Sect. 4.4.2). Choosing a lowernumber of rounds in combination with a relatively high bit error rate resultsin a failure to meet the required specifications. Since we are investigating theresilience of distance bounding protocols to high bit error rates, we have to avoidthis situation and choose n large enough. More details on the lower bound onthe number of rounds will be given in Sect. 4.4.2.

Let us now have a closer look to the upper limit on Pb. A first observation


is that this upper limit depends on the number n of rounds, and the thresholdsAFR (indicated by z1) and AFA (indicated by z2 or k). As one could expect,the upper limit on Pb decreases when the thresholds on PFR and PFA

become more strict. This is demonstrated in Fig. 4.5 (for the noise resilientMAD protocol). To make it more concrete, let us have a look to a numericalillustration, where we select a threshold value of 2−20 for both PFR and PFA,and fix the number of rounds to 500. For this example, the upper limit on Pb

is 0.0850 for the noise resilient MAD protocol. This upper limit is surprisinglylow. When the entity authentication protocol, in which the noise resilient dis-tance bounding protocol is employed, requires such a strict threshold value AFA

from a security point of view, and such a strict threshold value AFR from anuser-friendliness point of view, this will impose severe technical constraints onthe wireless communication medium that is being used. Noisy channels with arelatively high bit error rate (above the upper limit) cannot be used.

Even when the restrictions on the false rejection and false acceptance ratioare very relaxed, one still has to make sure that the bit error rate of the noisywireless channel is not too high. If we assume that the threshold values of PFR

and PFA are fixed to a level of 50% (a higher value would not make sense froma practical point of view, and even 50% is definitely too high to be used inpractice), the upper limit on Pb reaches its maximal value. In this scenario, the

value of the upper limit on Pb equals 3−√

54 ≈ 0.19 for the Hancke–Kuhn

protocol, and 1/4 for the noise resilient MAD protocol. If the bit errorrate of the noisy wireless channel exceeds this bound, one cannot employ any ofthe noise resilient distance bounding protocols, irrespective of the restrictions onPFR and PFA. Fig. 4.6 shows the influence of PFR on the upper limit on Pb,when PFA ≤ 50% and n is 500.

Another observation is that the upper limit on Pb for the noise resilientMAD protocol becomes independent of k for large values of k (k > 10).This is a very interesting property from a practical point of view. One can selecta stricter threshold on the false acceptance ratio (so choose a higher level ofsecurity), without having a reduced upper bound on the bit error rate. Thisobservation is however only valid as long as the ratio k/n remains small enough.Otherwise, the Plotkin bound is no longer tight, and Eq. (4.14) becomes tooinaccurate. If we take into account that k is large, Eq. (4.14) can be reduced toEq. (4.18).

Plim,MAD =z21 + n/2− z1 ·

√

z21 + 3

4n

4(n + z21)

. (4.18)

This equation illustrates the observation made above. Fig. 4.7 shows the influenceof PFR on the upper limit on Pb, when k is large (k > 10) and n is 500.


0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 50.12

0.14

0.16

0.18

0.2

0.22

0.24

0.26

z1

Pb

NR MAD

Hancke

Figure 4.6: Influence of z1 on Plim,H (Hancke–Kuhn) and Plim,MAD (NR MAD)for PFA ≤ 50% and n = 500

0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 50.08

0.085

0.09

0.095

0.1

0.105

0.11

0.115

0.12

0.125

0.13

z1

Pb

Figure 4.7: Influence of z1 on Plim,MAD (NR MAD) for large values of k (k > 10)and n = 500


0 5 10 150.08

0.1

0.12

0.14

0.16

0.18

0.2

0.22

0.24

k

Pb

NR MAD

Hancke

Figure 4.8: Influence of PFA on Plim,H (Hancke–Kuhn) and Plim,MAD (NRMAD) for PFR ≤ 2−7 and n = 500

Comparison of the upper limit

It is interesting to compare the upper limit on the bit error rate forboth noise resilient distance bounding protocols, for a fixed numbern of rounds. Fig. 4.6 shows the upper limit on Pb for both protocols whenthe threshold on PFA is fixed (PFA ≤ 50%), while Fig. 4.8 demonstrates theupper limit on Pb for both noise resilient distance bounding protocols when thethreshold on PFR is fixed (PFR ≤ 2−7). In both examples, the number n ofrounds is set to 500. Let us now have a closer look to Fig. 4.8. For very loosethresholds on PFA (very small k), the upper limit on Pb is the largest for the noiseresilient MAD protocol. However, this limit decreases rapidly when k increases.In this situation (3 ≤ k ≤ 10), the upper limit on the bit error rate is slightlybetter for the Hancke–Kuhn protocol. When k is large enough (k > 10), theupper limit on Pb for the noise resilient MAD protocol remains constant (asdemonstrated earlier in this section), and is larger than the upper limit for theHancke–Kuhn protocol. The difference between both upper bounds increaseswith k.


4.4.2 Reducing the number of rounds

Lower limit on the required number of rounds

Sect. 4.4.1 discusses if it is possible to employ a specific noise resilient distancebounding protocol for a given number n of rounds, bit error rate Pb, and thresh-olds on the false rejection and false acceptance ratio. However in most scenarios,the number n of rounds is not fixed, and can be chosen by the designer of theauthentication scheme in which the distance bounding protocol will be employed.One wants to decrease this number in order to reduce the communication cost(which is directly related to n), but in such a way that all the design criteria arestill met. We will now compute for both protocols the minimal required numbern of rounds, for a given bit error rate Pb (below the upper limit derived in theprevious section), and thresholds on the false acceptance and false rejection ratio.

Let us start with the RFID protocol of Hancke and Kuhn. By combiningEq. (4.9) and Eq. (4.11), one can easily find the following bound on the numbern of rounds. Note that the result only remains valid as long as both the falserejection and false acceptance ratio can be approximated by a normal distribution(so when n > max (20, 5/εH)).

n ≥(

4 · z1 ·√

εH · (1− εH) +√

3 · z2

1− 4 · εH

)2

. (4.19)

Let us now compute this bound for the noise resilient MAD protocol.By combining Eq. (4.9) and Eq. (4.13), one can find the following bound on thenumber n of rounds. The result only remains valid as long as the false rejectionratio can be approximated by a normal distribution (so when n > 5/εMAD ).

n ≥(

2k − 1)2 · z2

1 · εMAD · (1− εMAD )(

2k−2 − εMAD · (2k − 1))2 . (4.20)

Both results can be used as long as the probability that a round fails (ε) is be-low 0.25. Otherwise, the denominator in Eq. (4.20) and Eq. (4.19) approximateszero, and the equations are no longer correct.

Comparison of the lower limit

Figure 4.9 compares both noise resilient distance bounding protocols in the casethe bit error rate Pb varies between 0.05 and 0.1. The Hancke–Kuhn protocolrequires more rounds n compared to the noise resilient MAD protocol, until thebit error rate reaches a certain value (in this case, 0.095). From that momenton, the number of rounds required in the noise resilient MAD protocol starts toincrease more rapidly, and surpasses the number of rounds in the Hancke–Kuhnprotocol.


0.05 0.055 0.06 0.065 0.07 0.075 0.08 0.085 0.09 0.095 0.10

200

400

600

800

1000

1200

1400

1600

1800

Pb

n

NR MAD

Hancke

Figure 4.9: Minimal required number n of rounds for the Hancke-Kuhn and NRMAD protocol when PFR ≤ 2−23 and PFA ≤ 2−23


0.06 0.065 0.07 0.075 0.08 0.085 0.09 0.095 0.1 0.105 0.110

200

400

600

800

1000

1200

1400

1600

1800

2000

Pb

n

NR MAD

Hancke


The noise resilient MAD protocol is more susceptible to false negatives. Thiscauses the number of rounds required in the noise resilient MAD protocol toincrease more rapidly from a certain value of the bit error rate. Certainly at highbit error rates, the number of rounds has to increase a lot to meet the requirementon the false rejection ratio. This is less the case in the Hancke–Kuhn protocol.Imposing a looser threshold on the false rejection ratio hence causes the pointof intersection between the two curves to move to a higher bit error rate, asillustrated in Fig. 4.10.

On the other hand, the security level radically influences the required numberof fast communication rounds in the Hancke–Kuhn protocol, while this influenceis smaller in the noise resilient MAD protocol. So imposing a looser thresholdon the false acceptance ratio (i.e. decreasing the security level) has no significantimpact on the number n of rounds required in the noise resilient MAD protocol,but drastically influences this parameter in the Hancke–Kuhn protocol. As aresult, the point of intersection between the two curves moves to a lower bit errorrate, as illustrated in Fig. 4.11.

If we impose a looser threshold on the false acceptance and false rejectionratio, the required number n of rounds in both protocols decreases, due to the


0.05 0.055 0.06 0.065 0.07 0.075 0.08 0.085 0.09 0.095 0.10

200

400

600

800

1000

1200

1400

1600

1800

Pb

n

NR MAD

Hancke



0.05 0.055 0.06 0.065 0.07 0.075 0.08 0.085 0.09 0.095 0.10

100

200

300

400

500

600

700

Pb

n

NR MAD

Hancke


reasons described above. This is illustrated in Fig. 4.12. However, the pointof intersection between the two curves is hardly influenced. E.g., this can beobserved by comparing Fig. 4.9 and Fig. 4.12.

Note that figures above can also be used to find the upper limit on Pb (shownon the x-axis) for a given number of rounds n (shown on the y-axis) and fixedthresholds on PFA and PFR. As a numerical example, let us take n equal to 500,and fix both thresholds AFA and AFR to 2−23. One can compute, or verify onFig. 4.9, that in this case the upper limit on the bit error rate Pb equals 0.0593for the Hancke–Kuhn protocol, and 0.0822 for the noise resilient MAD protocol.

Minimal required number of rounds: three regions

Let us now compare the minimal required number n of rounds for both noiseresilient distance bounding protocols more in detail. The figures presented aboveshow that the range of the bit error rate Pb can be divided into three interestingintervals, as depicted on Fig. 4.13: the interval before the two curves intersect(region 1 on the figure), the interval after the two curves intersect (region 3 onthe figure), and the point of intersection itself (region 2 on the figure). We willnow have a closer look at these three regions:


0.05 0.055 0.06 0.065 0.07 0.075 0.08 0.085 0.09 0.095 0.10

100

200

300

400

500

600

700

Pb

n

1 2 3

Figure 4.13: Three regions of the bit error rate

Interval before the two curves intersect: As long as the bit error rate issmall enough, the two curves do not intersect. In this case, the minimalrequired number of rounds in the Hancke and Kuhn protocol is about thedouble as in the noise resilient MAD protocol. This observation correspondsto the results presented in Sect. 4.3.4. So as long as the two curves do notintersect, the conclusions made when the bit error rate is relatively smallremain valid.

Point of intersection: The point of intersection depends on the requirementson the false acceptance and false rejection ratio. Imposing a stricter orlooser threshold causes the point of intersection to move to a higher orlower bit error rate, as has been discussed earlier in this section. In thisregion, both noise resilient distance bounding protocols require about thesame number of fast communication rounds. To decide which distancebounding protocol to employ, one have to compare other parameters thatdetermine the cost.

Interval after the two curves intersect: From the moment the two curvesintersect, the Hancke–Kuhn protocol requires a lower number of fast com-munication rounds than the noise resilient MAD protocol. When the bit


error rate raises even more, the number of rounds required in the noiseresilient MAD protocol starts to increase very rapidly, and the differencein the lower limit on n for both protocols becomes very large. In this inter-val, the Hancke–Kuhn protocol should preferable be employed in the entityauthentication protocol.

To determine the exact total cost of both noise resilient distance boundingprotocols, one should not only consider the number of fast communication rounds,but also take into account the other technical characteristics of the wireless com-munication medium, as has already been mentioned in Sect. 4.3.4. In somescenarios, the number of bits exchanged on the slower communication channelcan largely influence the total cost of the authentication system, while in otherscenarios, the cost is mostly determined by the number of bits exchanged on thefast communication channel.

4.5 Conclusions

As distance bounding protocols are conducted over noisy wireless ad hoc channels,they should be designed to cope well with substantial bit error rates during therapid single bit exchanges. In this chapter, we have presented two secure distancebounding protocols that are resistant to noise: the RFID protocol of Hancke andKuhn (SECURECOMM ’05), and our noise resilient MAD protocol (ESAS ’07).The latter is an extended version of the mutual authentication distance bounding(MAD) protocol of Capkun et al. It employs binary codes to correct bit errorsoccurring during the fast bit exchanges, the main building block of the distancebounding protocol.

We have investigated the robustness to high bit error rates of both securenoise resilient distance bounding protocols. As long as the bit error rate doesnot exceed a particular threshold, one can choose an appropriate value of theparameter x (the number of allowed errors) to meet the specified requirements onthe false rejection and the false acceptance ratio for a given number n of rounds.This upper limit, which is remarkably low, decreases when stricter requirementson the false rejection and false acceptance ratio are imposed. The maximal value

of the upper limit on Pb equals 3−√

54 ≈ 0.19 for the Hancke–Kuhn protocol, and

1/4 for the noise resilient MAD protocol. If we compare the upper limit on the biterror rate for both noise resilient distance bounding protocols, for a fixed numbern of rounds, we can observe that the upper limit on the bit error rate is slightlybetter for the Hancke–Kuhn protocol, unless the threshold on PFA is very loose(k < 3) or very strict (k > 10). For large values of k, the upper limit on Pb forthe noise resilient MAD protocol remains constant. These results are import totake into account when deciding which noise resilient distance bounding protocolis best suited to be used in the particular entity authentication protocol.

4.5. CONCLUSIONS 131

We have also compared the minimal required number of fast communicationrounds for both protocols. This is important from a practical point of view, sincein most scenarios, the number n of rounds is not fixed, but can be chosen by thedesigner of the protocol. As a general conclusion, one can state that the noiseresilient MAD protocol requires about half of the number of fast communicationrounds compared to the Hancke and Kuhn protocol. However, compared tothe Hancke and Kuhn protocol, it requires slightly more bits to be exchangedon the slower communication channel. If mutual authentication is required, thenumber n of fast bit exchanges needed in the Hancke–Kuhn protocol becomes thequadruple of the number of rounds needed in the noise resilient MAD protocol.These results remain valid as long as the bit error rate does not exceed a particularvalue (typically in the order of 0.1), which depends on the thresholds on the falseacceptance and false rejection ratio. From that moment on, the noise resilientMAD protocol needs a very large number of rounds n, and should preferably notbe used. By imposing looser or more strict requirements on the false acceptanceand/or rejection ratio, the upper bound on the bit error rate can be made largeror smaller.

To decide which noise resilient distance bounding protocol is the best to em-ploy, one should not only consider the minimal required number of fast com-munication rounds, but also consider other technical parameters. By combiningall the necessary technical characteristics of the wireless communication mediumand the required level of security and user-friendliness, one can determine thetotal cost, and decide which distance bounding protocol should preferably beused.


Chapter 5

Location Privacy in Wireless


Location privacy is one of the major security problems in a Wireless PersonalArea Network (WPAN). An eavesdropper can keep track of the place and timemobile devices are communicating. To make things even worse, the attacker doesnot have to be physically close to the communicating devices, he can use a devicewith a stronger antenna. The unique hardware address of a mobile device canoften be linked to the identity of the user operating the device. This representsa violation of the user’s privacy. The user should decide when his/her location isrevealed and when not.

In this chapter, we investigate the location privacy problem more in detail.There are several ways to track mobile personal devices (and hence the usersoperating them) in a WPAN. Most attacks focus on observing the informationcontained in the headers of the transmitted packets. There are however alsoattacks that concentrate on the payload of the packets itself, or on mechanismsapplied on the physical layer (such as the hopping pattern in a Bluetooth pico-net). We will explain these attacks more in detail, and formulate the exactproblem we try to solve. Next, we present several communication scenarios andpropose for each of these scenarios practical techniques that make use of tem-porary pseudonyms. In order to avoid re-initializations and the loss of pairinginformation, these pseudonyms must not be stateless. Our solutions are alsouser-friendly and energy efficient. In a second part of this chapter, we constructa formal model of location privacy for WPAN, and use it to evaluate severalprotocols published in the literature.

133

134 CHAPTER 5. LOCATION PRIVACY IN WPANS


This chapter extends our research results that were published in [189, 192, 195].The most important novel contributions presented here are:

• We define the notion of untraceability and unlinkability, and argue whyboth these design goals are necessary to solve the location privacy problem.

• Four communication scenarios in WPAN will be discussed. For each of thesescenarios, we propose practical solutions to the location privacy problemwhich make use of temporary pseudonyms. We also demonstrate that twoscenarios are directly related (and can be reduced) to the two other ones.

• A formal model of location privacy for Wireless Personal Area Networksis proposed. To ensure location privacy, a protocol should be resistant tocertain attack games.

• We apply this formal model to several privacy–enhancing protocols pub-lished in the literature (including the protocols proposed in this chapter).This way, we can evaluate and analyze the potential weaknesses of theseprotocols.

• We suggest several improvements to some privacy–enhancing protocols tosolve the weaknesses that were discovered by applying our formal model oflocation privacy in WPAN.

5.1 Location Privacy Problem

5.1.1 Tracking mobile users

One of the most important security problems in Bluetooth, and in Wireless Per-sonal Area Networks in general, is location privacy [103, 190]. When two or moreBluetooth devices are communicating, the transmitted packets always containthe Bluetooth hardware address of the sender and the destination (or an identi-fier which is directly related to this address). When an attacker eavesdrops onthe transmitted data, he knows the unique hardware addresses of these devices.As these addresses can often be linked to the identity of the user operating themobile devices, this corresponds to a violation of the privacy of the user. Anattacker can obtain data on the time and place a user is located, and use thisinformation to his benefit. This should definitely be avoided, the user has todecide when his location is revealed and when not.

Even when a Bluetooth device is in non-discoverable mode (in this mode, itdoes not respond to inquiries of other devices) or in non-connectable mode (inthis mode, it does not respond to page scans of other devices), an eavesdropper

5.1. LOCATION PRIVACY PROBLEM 135

observing transmitted data can obtain the unique hardware address of the mobiledevice. To make things even worse, the attacker does not have to be physicallyclose to the communicating devices: he can use a device with a stronger (direc-tional) antenna (e.g., it is very easy to construct an antenna which can interceptBluetooth communication from more than one mile away [39, 49]) or just placea small tracking device near the two mobile devices.

Tracking users of mobile devices can have serious consequences. E.g., with-out location privacy, a terrorist could be capable of discovering in which hotel(and even in which room) an important politician stays. This would certainlyentail serious security problems. Another example of an attack is to track userson a specific location and use this information for location dependent commer-cial advertisements (e.g., a shop can send advertisements to everybody that isnearby). This location based service can be desirable in some cases, but theuser should be able to decide when his/her location is revealed and when not.Receiving such commercial messages on a mobile device could be quite annoying(e.g., comparable to SPAM sent via email).

Since Bluetooth is the most common technology to create a WPAN, and someattacks are particularly designed for Bluetooth devices, we will mainly focus onthis technology in the rest of this chapter. One should however note that mostof the attacks are also valid for mobile devices using another communicationtechnology than Bluetooth. As long as unique and fixed identifying informationis used somewhere in (the header of) a message or in the construction of a certainsequence or pattern, it can be abused by an attacker to track the mobile device.Note that we will only consider protocol-level location privacy issues. Trackinga user by the physical “shape” of the device’s radio signal is out of the scope ofthis doctoral thesis.

5.1.2 Attack strategies

There are several ways for an attacker to obtain the unique hardware addressof a mobile device in a WPAN. To make things more concrete, let us have acloser look at the Bluetooth standard [25], and discuss the attack strategies ofan adversary. Some of these attacks can be prevented by proper configuration ofthe mobile device, other require the deployment of privacy–enhancing techniques(such as the use of temporary pseudonyms).

When a Bluetooth device is configured in discoverable mode, it will respondto inquiries with its Bluetooth hardware address (among other information). Itis hence trivial for an attacker to obtain this unique hardware address and trackthe device. Configuring a device in discoverable mode is clearly a privacy risk,and it is recommended to turn the discoverability off when it is not needed.

Bluetooth devices which are configured in non-discoverable mode, do not re-spond to inquiry scans. However, when they are in connectable mode, they stillrespond to page scans. This page scan works as follows. When a device observes


its unique and permanent Device Access Code (DAC ), which is derived from 24bits of its Bluetooth hardware address, it will respond with a packet containingthe same DAC. From the moment one knows the DAC and/or the hardware ad-dress of a device, this mechanism can be used to check if this particular device ispresent. Even when the hardware address is not known, one can always conducta brute force attack, and try all 224 possible DACs. The only way to avoid thisattack, is to change the configuration of the device to non-connectable mode.

When two Bluetooth devices are paired and start communicating, each mes-sage will contain a Channel Access Code (CAC). The CAC is computed from (24bits of) the Bluetooth hardware address of the master in the pico-net. Althoughthe CAC is not unique for a device, collisions are rare. An attacker eavesdroppingthe communication between two mobile devices can hence use the CAC to trackmobile devices (and hence the user operating it) [103, 215]. This problem cannotbe easily avoided, since the CAC is permanent and is always used in the headersof Bluetooth communication. It can be solved by using temporary pseudonyms,as we will show later in Sect. 5.2.

An attacker can also focus on the payload of the message itself, and try to linkit to a particular mobile device. This is possible if it contains unique data thatis specific for each device. E.g., when the payload contains encapsulated packetsoriginating from a higher layer, there can be identifying information available.We will not focus on this attack in the rest of this chapter, as it can be easilyavoided by encrypting the payload of the message.

When (part of) the unique hardware address of a mobile device is used ina certain procedure, there is a possible privacy risk. This is certainly the casein Bluetooth. The Bluetooth hardware address is deeply entangled into certainparts of the protocol stack. E.g., the hardware address of the master is used todetermine the hopping sequence in the frequency hopping scheme. This leads toa vulnerability. Wong and Stajano [215] demonstrate that one can recover theBluetooth hardware address via the frequency hop pattern of the device. Thisattack only requires the collection of six packets and a work factor of 228. Evenwhen the device is in non-connectable mode, the attack is still possible. To avoidit, one should derive the frequency hopping pattern from other public parameters,which are not unique (and fixed) for a device and do not relate to the Bluetoothhardware address (or other permanent identifying information).

5.1.3 Problem statement and design goals

In the discussion above, we demonstrated that the use of a fixed identifier (orinformation that is directly related to it) in the header of a message, and/or usingthe fixed hardware address as the input of a certain procedure, results to loca-tion privacy vulnerabilities. This can be solved by using temporary pseudonymsinstead of the fixed identity. In the rest of this chapter, we will discuss severaltechniques to establish such pseudonyms in a WPAN.

5.1. LOCATION PRIVACY PROBLEM 137

Before presenting several pseudonym schemes, it is important to define theexact problem one needs to solve. In the location privacy problem, one tries toprevent other parties from learning one’s current or past location by observingthe protocol flow [20]. Note that location privacy is different than traditionalrequirements such as anonymity or unobservability[80, 161].

More in detail, we want to solve the following scenario. There are two mobiledevices, called A and B, that want to communicate privately (we assume that Astarts the communication). We implicitly assume that both devices are personaldevices, belonging to a specific user (this does not have to be the same user).A sends a message to B using a wireless communication technology (e.g., Blue-tooth). Such a message consists of a header and a payload. The header containsidentification information (typically the address of the sender and receiver or in-formation that is directly related to these addresses), the payload just plain data(encrypted or not). We want to investigate how A can send a message to B, insuch a way that B still knows the message was intended for him, but that anattacker (and any third party) has no information about the identity of A andB.

The goal of location privacy–enhancing techniques is to establish untraceabil-ity and unlinkability at the protocol level. These concepts can be informallydefined as follows:

• It should be computationally hard for an attacker, who observes the ex-changed messages, to detect which specific device is participating in thecommunication. This property is called untraceability. Note that it isnot a problem that an attacker detects a device is sending and/or receivingdata, and that the attacker is even allowed to know the precise locationof this device. However, the attacker should not be able to determine theexact identity (i.e. the unique hardware address) of this device. Since weonly consider protocol-level location privacy issues, we ignore attacks wherethe adversary uses the physical properties of a device’s radio signal to trackit.

• It should be computationally hard for an attacker to link messages to onesender and/or receiver (even without knowing the exact identity of thisdevice). This property is called unlinkability. If one can detect whena certain (unknown) device is communicating, one could maybe use thisinformation to discover the unique hardware address of the device (e.g.,by observing certain specific communication patterns) and hence track it.Note that unlinkability covers untraceability, but not vice versa.

In the design of our location privacy–enhancing techniques, we assumed thatthe attacker is omnipresent, has significant computational resources (but is com-putationally bounded), and is able to mount active attacks (such as replay attacks


or inserting dummy traffic). The communication range of the attacker is not lim-ited, as he can modify the antenna of his device to intercept communicationfrom a large distance. We also implicitly assume that the attacker has no priorknowledge about which devices are communicating (see also Sect. 5.2).

5.2 Location Privacy–Enhancing Techniques

The location privacy problem in Wireless Personal Area Networks can be solvedby using temporary pseudonyms instead of fixed identities. It is important thatthese pseudonyms are not completely stateless. Otherwise, pairing information,relationships between the different mobile devices and network configurationswould be lost every time the pseudonym is updated. This would require manyre-initializations, which is definitely not efficient and user-friendly. Traditionalpseudonym systems (e.g., as has been proposed by Lysyanskaya et al. [132]) or thetemporary identity scheme used in the Global System for Mobile Communications(GSM) [73] cannot be employed in a WPAN, as one cannot make use of a centraltrusted server.

The mobile devices themselves have to make sure that location privacy isensured. They will use shared data to compute a temporary pseudonym that re-places the fixed identifier in the header of the message. This random pseudonym,which certainly has to be variable, will appear as random data for an eaves-dropper, but the other party will recognize it and hence know the message wasintended for him. The location privacy–enhancing techniques presented belowwere also partially published in [189, 192].

5.2.1 Overview of WPAN communication scenarios

There are several ways to compute a temporary pseudonym. The exact tech-nique depends on the data the devices share. We envision four communicationscenarios, as depicted in Fig. 5.1:

• Scenario 1: the mobile devices share a symmetric key. This keycan be the result of a key establishment protocol applied during a secureinitialization phase. It can also be a session key that has been used before tocommunicate securely. For efficiency reasons, we only consider symmetrickeys, as public key cryptography is far more energy consuming (as has beendemonstrated by Potlapally et al. [166]).

• Scenario 2: A knows the address of B. This address could have beenentered by a user, or B could have sent it during a secure inquiry (orinitialization) phase. Another possibility is that A knows this address fromprevious communication rounds. Note that the only conceptual distinction

5.2. LOCATION PRIVACY–ENHANCING TECHNIQUES 139

Mobile devicesshare key?

Mobile devicesshare key?

Mobile devicesknow each others’

address?

Mobile devicesknow each others’

address?

Secure OOBchannel

available?

Secure OOBchannel

available?

Scenario 1Scenario 1

Scenario 2Scenario 2

Scenario 3Scenario 3 Scenario 4Scenario 4

Yes

Yes

Yes

No

No

No

Figure 5.1: Four WPAN communication scenarios


between an attacker and device A, is that the former has no prior knowledgeabout the address of B.

• Scenario 3: a secure out-of-band channel is available. This out-of-band channel can be private and/or authentic. Information on how toestablish and use such an out-of-band channel can be found in Chapter 2.We will show that this third scenario can be converted to scenario 1.

• Scenario 4: the mobile devices share no data. In this scenario, thepersonal devices have not communicated before or have not stored anyinformation from previous communication rounds (e.g., keying material).The devices also do not know each others’ addresses. We will demonstratethat in certain circumstances, this fourth scenario can be converted toscenario 2.

5.2.2 Temporary pseudonym schemes

For each of the communication scenarios presented above, we will present anappropriate solution to create location privacy. The goal of our temporarypseudonym schemes is to avoid that a remote attacker can track a particulardevice by observing the data in the headers of a message. We especially focuson user-friendliness and the energy cost. Enabling location privacy should onlycause a minor increase in the total energy consumption, as mobile devices ina WPAN are typically energy constrained. We will also demonstrate that thefirst two scenarios are basic scenarios, and that the other two scenarios can beconverted (and hence reduced) to one of these basic scenarios.

As will be shown later in Sect. 5.3, our solutions require some small modifi-cations to (theoretically) provide location privacy. We will now first present oursolutions, as they were originally proposed by us in [189, 192].

Scenario 1: Mobile devices share a symmetric key:

In this first basic scenario, we assume that A and B share a symmetric key k(e.g., established via a secure pairing protocol). For efficiency reasons, we do notconsider public key cryptography.

Every mobile device has in its memory a list of symmetric keys it shareswith the other devices in the WPAN. These keys will be used to compute thetemporary pseudonyms. For each key k in the device’s memory, the pseudonymscheme is initialized by computing an identifier R as follows:

R = PRF k(IV ) . (5.1)

In this equation, PRF is a pseudo-random function,1 k the shared key, and IV

1A computationally bounded attacker can not distinguish the output of a pseudo-randomfunction from a random bitstring [69].


a publicly known random bitstring. Popular constructions such as HMAC [12]or CBC-MAC [95] have been shown to be pseudo-random functions [140]. Seethe security reports of the NESSIE project [147] for an overview of other recom-mended pseudo-random functions. We recommend that the output of the PRFfunction, the key k and the bitstring IV each have a bitlength of at least 128bits. If the pseudonym scheme will be deployed in Bluetooth, the output of thePRF function can be truncated to a bitlength of 48 bits (e.g., keep the first 48bits of the output). This way, the pseudonyms have the same bitlength as theBluetooth hardware address, which is important for compatibility reasons. It isimportant that both mobile devices, which share the secret key k, use the sameIV. Otherwise, they will not have computed the same pseudonym R. It is nota problem if the value of IV is reused by other mobile devices (sharing anothersecret key). The value of IV should be negotiated during the pairing procedure,in which the key k is also established.

The (initial) identifiers R are stored in memory. When A wants to start thecommunication and send a message to B, it puts the corresponding identifier R inthe header of the message (in the address field of the destination and the sender).Each device that receives this message, performs a memory look-up and checks ifthe pseudonym R is stored in its memory. B will find a match, and hence knowit was the intended receiver.

Next, both devices (A and B) update their identifier R as follows:

Rnew = PRF k(Rold) . (5.2)

This way, a chain of pseudo-random values is computed. Updating R every mes-sage is necessary to avoid tracking. All consecutive messages will contain differentidentifiers R, and only a device that knows k can link the related pseudonymsto each other, or calculate the next value in the chain. An eavesdropper justsees random values R and has no idea which pseudonyms are related to eachother. An attacker cannot even verify if a specific device (with its hardwareaddress known by the adversary) is participating in the communication. Whenusing 48-bit pseudonyms and a good pseudo-random function, the probability ofa collision occurring in a WPAN is relatively low. Such a collision could result inboth devices being unsynchronized (if this happens, then A and B would needto reestablish a new session key).

A device does not have to wait until it receives a message to compute thenext identifier R, it can calculate the entire chain on beforehand. However, if themobile device is memory constrained, then it should only store a few values. Onealso has to take into account that some messages will not be received properly,due to communication errors. If one receives an identifier R which is alreadyfurther ahead in the chain, one knows with a very high probability that one didnot receive some messages and one could ask for retransmission (and in the sametime update the pseudonym to the next value in the chain). Of course, there


should be a (practical) limit to this. One should only accept pseudonyms upto a particular value ahead in the chain. If this fails and too many messagesare not received properly, the devices get unsynchronized and should reestablisha new session key (and corresponding pseudonym chain). The old pseudonymchain should then be discarded. Note that one should definitely avoid reusingold pseudonyms (e.g., when retransmitting some old messages). Otherwise, anattacker could abuse this mechanism to force a device to always use the same (old)pseudonym, and hence track the device. Other details about (re)synchronizationare out of the scope of this doctoral thesis.

Our solution based on a chain of pseudo-random values is very efficient. Sup-pose one uses the CBC-MAC algorithm to calculate the pseudonyms. Exper-iments performed by Potlapally et al. [166] on an Intel SA-1110 StrongARMprocessor clocked at 206 MHz show that this CBC-MAC function consumes1.62 µJ/Byte when a 128-bit key is used. Computing a pseudonym of 16 byteshence introduces an extra energy cost of 25.92 µJ. The effect of the reductionin bitlength can be neglected. This cost of 25.92 µJ is completely negligibleto the cost of transmitting or receiving a 48-bit identifier on the Intel SA-1110StrongARM processor, which is 1007 µJ and 670 µJ respectively. So the extracomputation cost introduced by our pseudonym scheme can be neglected to thecommunication cost.

Scenario 2: Address known by other mobile device:

In this second basic scenario, we assume that A knows the address of B, the deviceit wants to send a message to. This address could have been entered by the user,B could have sent it during a secure inquiry (or initialization) phase, or it canbe known from previous communication rounds. To make things more concrete,let us consider a typical use case scenario where this pseudonym scheme can bedeployed. A user wants to send a document on his PDA (device A) wireless to aBluetooth printer (device B) without revealing the Bluetooth hardware addressof his device to the outside world. To enable location privacy, a vendor couldfabricate Bluetooth printers with a small output interface (this is often alreadyavailable on a printer) and a limited input interface (e.g., a button). When theuser wants to communicate to the printer, he presses this button. The printerthen generates a temporary random 48-bit address and outputs this address inhexadecimal format (this corresponds to 12 digits) on its output interface. Theuser enters this address on his device, and the technique described below canthen be used to enable location privacy during the communication. The addressshown on the output interface of the printer (represented by addrB in the restof this section) should have a limited lifetime (e.g., one hour from the moment itis generated).

We assume that both Bluetooth devices do not share a secret key. Otherwise,the solution described in scenario 1 could be employed. We will not use Identity


Based Cryptography (IBC) [181], as this technique requires a (trusted) third partyand is too energy consuming.

As in the previous scenario, we want to put an identifier RB in the header ofthe message, such that B knows it is the intended receiver. To avoid tracking,the identifier RB has to be different in every message, and it should be com-putationally hard for an attacker, who does not know the address of B, to linka specific identifier RB to previous pseudonyms or to device B itself. When Awants to send a message to B, it computes RB as follows:

RB = h(addrB, nonce) . (5.3)

In this equation, h() is a cryptographic hash algorithm (preimage and secondpreimage-resistant), addrB the (temporary or fixed) hardware address of deviceB, and nonce a random value. For security reasons, the length of the nonce shouldbe at least the same as the length of the hardware address. If this pseudonymscheme will be deployed in Bluetooth, both the hardware address addrB, thenonce and the output of the cryptographic hash function can have a length of48 bits. This way, the pseudonyms have the same bitlength as the Bluetoothhardware address, which is important for compatibility reasons.

To avoid tracking, the nonce should be different in every message that is sentto the same destination. Otherwise, one would reuse the same identifier RB

(since the address addrB does not change) and an attacker would detect thatboth messages are sent to the same device. There are several methods to ensurethat the nonce is random and variable:

• One could assign 48 bits of the payload to the nonce. This is the mostefficient solution, but one has to be careful. As several messages oftentend to start with the same bit sequence (e.g., some bits that indicate theapplication that is running on top of Bluetooth), it would be best not touse the first bits of the payload to generate the nonce. Otherwise, thenonce would not be variable and tracking would still be possible. If thepayload is encrypted (by using a randomized encryption technique), thenit is perfectly safe to use the first 48 bits of the message.

• Instead of assigning 48 bits of the payload to the nonce, one could take theentire payload as the nonce. After all, there is no maximum length of thenonce. This solution is more energy consuming than just using 48 bits, butit increases the probability of the nonce being variable.

• One could also generate a random 48-bit number (the nonce) and use thefirst 48 bits of the payload to transmit this random nonce. This way, theprobability of reusing the same nonce is relatively low (224). It is howeverby far the most expensive solution, as one can send fewer bits of “real” data(one would lose 48 of the 2745 bits of the payload if Bluetooth is used).


• Another solution would be to assign the value of a counter to the nonce.Every time a message is sent, the counter is incremented. Of course, onecannot include the value of the counter in the message, as this would enablean attacker to link messages. Assigning the value of a counter to the noncehas several drawbacks. Both devices have to keep the counter synchronized,otherwise communication will fail. Another disadvantage is that the devicehas to store the counter of every device it is communicating with. Thisresults in an extra cost.

For every message that a device in the WPAN receives, it computes the hashvalue of its own address and the nonce. If this value corresponds to the temporarypseudonym Ri in the header of the message, then it knows the message wasintended for him. If the value does not correspond, the device has no informationabout the destination of the message.

Note that an attacker, who does not know the address of B, can alwaysperform a brute force attack, and try all possible 48-bit addresses to find thecorrect one. This attack can never be avoided when the fixed hardware addressof B is the only secret information that is shared between A and B. The adversarycan also track a specific device from whom he knows the exact hardware address.This can be done by checking if the hash value of this particular hardware addressand the nonce corresponds to the identifier RB . This attack cannot be avoided(unless addrB would have a limited lifetime, as in the use case scenario presentedearlier in this section), because the only conceptual difference between an attackerand device A is that the latter knows the address of the destination (B).

The header of a message does not only contain an address field of the destina-tion (which encloses the identifier RB), it also embodies the address field of thesender. Of course, device A does not put its Bluetooth hardware address in thisfield. Instead, it generates a random identifier RA (with a bit length of 48 bits incase of Bluetooth) and inserts this in the address field. To avoid Denial-of-Serviceattacks, this address field should definitely be integrity protected.

Device B can use this random pseudonym RA to reply to the message. It firstcomputes an identifier Rreply as follows:

Rreply = h(RA, addrB, nonce) . (5.4)

In this equation, h() is a cryptographic hash algorithm, RA the random pseudonymof the destination (A), addrB the Bluetooth hardware address of the sender (B)and nonce a random value. The nonce should be variable and hence definitelydifferent from the nonce used in Eq. (5.3). In order to ensure that the nonceis random and variable, one could use one of the methods described above. Bputs the identifier Rreply in the address field of the destination. The sender fieldof a reply contains random data, generated by B. For every reply A receives, itcomputes the hash value of RA, addrB and the nonce. If this value correspondsto the identifier Rreply in the header of the message, then A knows the message


was intended for him. If one would not include addrB in the hash, then every-body could have generated the reply. Now A knows that the other device hasknowledge of the address of B, and probably will be device B itself.

An eavesdropper who does not know addrB, is not able to link Rreply toRB. Note that using the identifier Rreply instead of RA avoids tracking. Thiscan easily be demonstrated. Suppose an attacker performs a replay attack andcontinuously broadcasts an old message he intercepted (sent from A to B andcontaining RA in the address field of the sender). Since B would put RA in thedestination address field of the reply, this identifier would be reused every timethe attacker broadcasts the old message. This way, one can easily detect whendevice B is present (however, one would not know its exact hardware address).As Rreply is based upon a random variable nonce, it will always be different. Asa result, an attacker replaying an old message will never see emerging the sameidentifier and will not be able to detect that B sends a reply to his message.

If A now wants to send a reply back to B, it computes the identifier Rreply asshown in Eq. (5.5):

Rreply = h(addrB,RA, nonce) . (5.5)

Note that this is exactly the same way as shown in Eq. (5.4) (device B is nowthe destination and A the sender). B has stored the random identifier RA andcan hence detect that the reply comes from A (without knowing the real identityof A). The sender field of the reply contains random data, generated by A.

We implicitly assume that it is “reasonably safe” to communicate with adevice that knows your address, because normally only trusted devices in theWPAN will know this. Note that addrB is never transmitted in the clear. Itis used as a secret input for the computation of the identifiers RB and Rreply.This scenario is especially useful when there is a certain amount of asymmetry inthe communication behavior (e.g., one device (B) offering a service and anotherdevice (A) that wants to use this service). B then generates a temporary addressaddrB and A receives this address via a secure (or insecure) channel. B does notlearn anything about A’s identity (which is in fact also not necessary), as addrAis not used.

An interesting observation is the following. One could wonder why the samesolution as in scenario 1 is not employed. At first sight, its looks interesting touse the Bluetooth hardware address of device B as a secret key to compute achain of pseudo-random values:

R = PRF addrB(IV ) . (5.6)

Rnew = PRF addrB(Rold) . (5.7)

This would however cause a serious privacy problem. Every time a device startscommunicating with device B for the first time, it uses the identifier R, as shownin Eq. (5.6). If the value IV has already been used before, an attacker would


detect that R is being reused and hence is able to link the messages to each other.Also the next values in the chain will appear frequently. This problem does notoccur in scenario 1, as B uses a different key for every device it communicateswith. Replacing the value IV by a random, variable nonce (that is never reused)would solve this linkability problem, but is still not a good idea. Every timea device then sends a message to B, it reuses the same secret key addrB. Anactive eavesdropper can hence perform a replay attack. Suppose the attackerwould continuously broadcast an old message he intercepted (sent from A to Band containing an identifier R1). If B is in the neighborhood, it would respondwith a message embodying the identifier R2, as shown in Eq. (5.8).

R2 = PRF addrB(R1) . (5.8)

The next time the attacker broadcasts a message containing R1, B will againuse the identifier R2. This hence enables the attacker to detect the presence ofdevice B (without knowing the exact hardware address of B) and accordinglytrack it. The cause of this problem is that only the first input of the chain isvariable. Reusing this first input results in the same chain of pseudo-randomvalues. Storing the current pseudonym is not possible, since device B has noinformation about the device it is communicating with (device A). The responseof B has to include a variable input. By doing this, one gets a solution completelyequivalent to the default technique to solve scenario 2 (as has been describedearlier in this section).

As already indicated above, an adversary knowing the address of device B canalways check if a certain message is sent to this particular device, and can hencestill track the device when our pseudonym scheme is employed. This cannot beprevented, as devices A and B share no secret data that is not available for theadversary. Even more, such an attacker can also perform active attacks. He cansend random messages to device B (which will think it is the intended receiver),and send replies to device A pretending to be B. This impersonation attack canonly be prevented by the use of digital signatures or Message AuthenticationCodes (MAC). But these mechanisms require the use of a private or sharedsymmetric key. If such a key is available, one should employ the technique ofscenario 1.

Energy consumption is also taken into account. In our solution, we computecryptographic hash values and use the result as an identifier (instead of theBluetooth hardware address). This technique is very efficient. Suppose one usesthe SHA-1 algorithm to calculate the hash values. Experiments of Potlapally etal. show that this hash function consumes 0.76 µJ/Byte on the Intel SA-1110StrongARM processor [166]. Assuming that a 48-bit nonce is used, the cost ofcomputing the pseudonyms RB and Rreply is 9.12 µJ and 13.68 µJ respectively.The cost of transmitting or receiving two 48-bit identifiers (one of the sender andone of the destination) on the Intel SA-1110 StrongARM processor is 2016 µJ


and 1340 µJ respectively. One can hence conclude that the extra computationcost of our scheme, introduced by computing temporary pseudonyms, can becompletely neglected compared to the communication cost.

Scenario 3: Secure out-of-band channel available:

In this third scenario, we assume that both devices do not yet share any data,but that there is a secure out-of-band channel available. This is conceptuallyshow in Fig. 2.1. An overview of the different types of out-of-band channels andtheir main security properties, and how to use these extra channels in a pairingprotocol, is already extensively discussed in Chapter 2.

By exchanging data via the out-of-band channel, one can establish a secretsession key. There are two ways to solve the location privacy problem in thisscenario. Or one first establishes a secret session key, and then employs thetechnique of scenario 1. A second solution is to combine the establishment of asecret session key and an initial pseudonym in the pairing protocol. Next, oneapplies the technique of scenario 1 to update this pseudonym in every message,by using a key that is derived from the secret session key.

We will now focus on this second solution. A trivial way to agree on an initialpseudonym, is to send it via the out-of-band channel. This solution is howevernot always elegant and user-friendly.

Another way to establish a temporary pseudonym, is to exchange it via theinsecure broadcast channel (as the pseudonym is not confidential), and authen-ticate it via the (authentic) out-of-band channel. A protocol that makes use ofthis principle, is discussed in Sect. 2.2. The protocol is user-friendly (the useronly has to enter 3 small hexadecimal values on the input-interface of a mobiledevice), energy efficient (both devices carry out the Diffie-Hellman protocol inthe group of points defined by an elliptic curve) and enables location privacy.After the execution of the protocol, both devices share a session key K and aninitial pseudonym R. Next, one should apply a key derivation function to thiskey K to derive an encryption key and a “pseudonym key.” The latter is thenused to update the pseudonym R. So the technique of scenario 3 is used to ini-tialize the communication, and the solution of scenario 1 is applied to update thepseudonym.

Scenario 4: No shared data available:

In this fourth scenario, we assume that the mobile devices have never commu-nicated before or did not store any information from previous communicationrounds (e.g., a session key). The devices also do not know each others’ addresses.Normally, both devices would perform an insecure inquiry protocol to obtaineach others’ addresses. However, this causes privacy problems, as demonstratedin this chapter.


One way to solve this problem, is try to transform it to scenario 2. Althoughit is quite practical, there is a (non-negligible) risk that the attacker is able totrack the mobile device temporarily when applying this technique. It works asfollows. If a device (B) wants to offer some services, it could generate a temporaryrandom identifier RB and try to transport it to the other device (that wants tomake use of these services). If it cannot be displayed on a screen or put on a labelattached to the device (in that case, it will not be variable), it could be broadcastduring the inquiry phase. This solution only works if the attacker is not presentduring this inquiry phase. To limit the risk, one could limit the lifetime of thetemporary identifier. If an attacker obtained it, he can only track the mobiledevice for a very short period of time. This limits the privacy risk. After thatthe temporary identifier RB has been transported, it will be considered as theaddress of device B, and the technique of scenario 2 can be applied.

However the default solution for this fourth scenario is to broadcast everymessage and not to use any identifiers at all. This also enables location privacy,but has the disadvantage that a mobile device has to check the content of everymessage it receives and decide if it is the intended receiver. This can be quiteenergy consuming. It is however the only solution that can guarantee locationprivacy when the devices do not share any data and still want to communicateprivately.

5.2.3 Practical observations

In the discussion above, we demonstrated that location privacy can be enhancedin each of the four WPAN scenarios. Scenario 3 can be used to initialize sce-nario 1, and if a random identifier is generated, scenario 4 is very related toscenario 2. One can hence focus on the two basic scenarios (1 and 2). In themost general use case scenario, both basic scenarios will occur simultaneously.A device can share symmetric keys with some devices, and know the (fixed)hardware addresses of some other devices in the network.

Let us again assume that device A wants to send a message to device B.Sending a message is quite straightforward. Device A knows exactly what datait shares with B, and can immediately employ the correct technique to enablelocation privacy. Receiving a message is less trivial. If both the address fieldof the sender and the destination, in the header of the message, contain thesame identifier, then a chain of pseudo-random values is computed to assurelocation privacy (the technique used in scenario 1). If both address fields containa different identifier, then the technique proposed for scenario 2 is employed.

After having detected the technique that has been used to enable locationprivacy, B still does not know which device has sent the message. That is whyB has to perform some computations to figure this out. When the techniqueof scenario 1 is used, B has to perform a memory look-up, and check if thepseudonym R appears in its memory. If it does, it knows which device has sent

5.3. THEORETICAL LOCATION PRIVACY MODEL 149

the message, and it can update the pseudonym R (which will be put in theheader of the reply). When the technique of scenario 2 is used, B first computesRB = h(addrB, nonce) and checks if this corresponds to the pseudonym in theaddress field in the header of the message. If this test does not succeed, B verifiesif the message is a reply to a previous message by computing for each identifierRA in memory the corresponding Rreply. Performing such computations is not aproblem. Computing the output of a pseudo-random function or a cryptographichash function is several orders of magnitude less energy consuming than receivinga message, as shown in the previous section.

The location privacy problems however still remains if the Wireless PersonalArea Network is very dense. If there are only two devices (A and B) in the net-work that are communicating, then it is very easy for an attacker to link all themessages to each other. All traffic is going from A to B or vice versa. This is thelimitation of our location privacy–enhancing solution. Traffic analysis can neverbe avoided, and is sometimes easy to perform in a WPAN. The reason is that aWPAN has a small range, and is often employed on small-scale. The more devicesthat are present in the network, the more difficult traffic analysis becomes. How-ever because of the cryptographic techniques used in our temporary pseudonymschemes, an attacker cannot link messages from different communication roundsto each other.

5.3 Theoretical Location Privacy Model

In order to evaluate and analyze location privacy–enhancing schemes for WPAN,one needs a theoretical framework. Such theoretical models already exist forRFID (e.g., the theoretical model proposed by Avoine [5], by Juels and Weis [105],or by Vaudenay [208]), but not yet for WPANs. We adapted these models, andincorporated the specific properties of a Wireless Personal Area Network. E.g., inRFID communication, there is always a reader and a tag, while in a WPAN thenodes have equal functionality. The result of applying these models in a differentsetting is a theoretical location privacy framework for WPAN, which containsa formal definition of (the different types of) location privacy, and models theaccess to the communication channels from a set of oracles. Note that we will onlyconsider protocol-level location privacy issues. In the real world, there could bemany possible side channels which enable an attacker to trace a particular user.

We will now discuss our theoretical model more in detail. This section extendsour research results that were published in [195].

5.3.1 Overview of the different entities

Before proposing a formal definition of location privacy in WPAN that can modela variety of security protocols and attacks, we need to define the different entities


that appear in a system. A WPAN is formed by a group of mobiles nodes Ri.Each of the nodes has equal functionality (in the sense that there is no client-server relation), they form a peer network. Typically, the WPAN contains acluster of nodes that “intensively” communicate with each other, and alwaystravel together in time and place. Such a cluster is called a communicatingconstellation. An example is the cluster of personal devices that a user carrieswith him every day (a mobile phone, PDA, watch, . . . ). In the rest of thischapter, we assume that all the devices in the communicating constellation areoperated by the same user.

In the system, there is also an attacker present who wants to track a particularuser by the devices the latter is carrying. In our theoretical location privacymodel, this will be modeled by some attack games. An attack game alwaysstarts with the attacker being challenged. During this phase, the attacker choosesa particular node Rj (at random, or really a specific node). This node Rj is calledthe target node T. The goal of the adversary in an attack game is to distinguishbetween two different nodes, one of them being the target node T, within thelimits of its computationally power and taking into account other restrictions(related to the attack game). More information on the different attack gameswill be presented in Sect. 5.3.4.

The concept of a communicating constellation and a target node is depictedin Fig. 5.2. The attacker is not shown in this figure. Note that we assume thatall nodes Ri know the node T (in the sense that they can recognize it duringcommunication). Nodes that have never communicated with T before, are notinteresting from an attacker point of view (they do not offer any new information),and are hence discarded.

5.3.2 Identification protocol

During communication, nodes in a WPAN need to identify the source and desti-nation of a message. There are several methods to do this. One can put the fixedidentifier of a node in the address field in the header of a message. Of course,this causes privacy problems. One can also apply a more advanced locationprivacy–enhancing protocol which uses pseudonyms instead of the fixed hard-ware addresses. An example of the latter is the solution presented in Sect. 5.2.

In our theoretical model, the protocol used to identify the source and desti-nation of a message is modeled as an identification protocol P . Such a protocolP is always conducted between two nodes of the network. Each of the nodesRi can however run several instances of P. In each round of P, one of the nodesinitiates the communication, the other responds. To model the initiator and theresponder, we can use the abstract messages “start protocol” and “stop protocol”.When a node receives the message “start protocol”, it will take the role of theinitiator. When the last message of the protocol P is sent to a certain node, thisnode will reply with the abstract message “stop protocol”.


Ri+1

R3

Rn

R2

R1

Ri

R=Tj

Figure 5.2: Communicating constellation in the WPAN

In our theoretical model, we make no assumptions on which entity takes therole of the initiator, neither about the number of messages in the protocol P.The consequence is that our theoretical model can be applied to a large set ofprotocols.

5.3.3 Adversarial model

A theoretical framework of location privacy requires a formalization of the ad-versarial model. Such a model consists of the means of the adversary and hisgoals. The means of the attacker are represented using the following oracles:

• Query target T : The attacker sends a message to T , and observes theresponse.

• Query node Ri: The attacker sends a message to Ri, and observes theresponse.

• Execute (Ri, Rj): The attacker forces Ri and Rj to perform a completeround of the identification protocol P, and eavesdrops on the messages sendbetween the two nodes. One of these nodes can be the target node, butthis is not necessary.


• Reveal node (T , trev): By employing this oracle, the attacker obtainsthe entire content of the memory of T at time trev. This oracle can onlybe used once and the other oracles can no longer be used on node T aftertime trev.

During an attack game, the attacker is allowed to make a particular numberof queries to each (or some) of the oracles. We parameterize the number ofQuery target messages by qt, the number of Query node messages by qr and thenumber of Execute messages by qe. An adversary with these means is denoted byA[qt , qr , qe] in the rest of this section. The more queries an attacker is allowed tomake, the more powerful he is. It is interesting to note that one execute query isequivalent to m consecutive query node messages, with m denoting the numberof messages in the identification protocol P.

5.3.4 Attack games

We will now define several parameterizable attack games. The goal of an ad-versary in an attack game is to distinguish between two nodes of the WPAN,one being the target node T, within the limits of his computationally power andnot exceeding the number of allowed queries to the oracles presented above. Toanalyze the security of an identification protocol P , we assume that its securitylevel can be parameterized by a security parameter k. In the definition of ourparameterizable attack games, we will use the notation poly(k) to represent anypolynomial function of degree k.

Attack game 1

The goal of this attack game is to distinguish between a specific target T , chosenby the attacker, and another random node. The attack game goes as follows:

1. The attacker selects a specific node Rj = T from a particular communicat-ing constellation. This will be the target node for the challenge.

2. The attacker can query the three oracles (Query target T , Query node Ri,and Execute (Ri, Rj)), as described in Sect. 5.3.3. The number of allowedqueries to these oracles are parameterized by qt, qr and qe respectively.

3. The adversary selects two nodes, T0 and T1. One of these nodes is equal tothe target T , the other node is a random node Rx. The goal of the attackeris to indicate which one of these two nodes Tb is the target node T .

4. The attacker can query the three oracles (Query target Ti, Query node Ri,and Execute (Ri, Rj)), as described in Sect. 5.3.3. The number of allowedqueries to these oracles are parameterized by qt, qr and qe respectively.


5. The attacker has to decide which node Tb (so T0 or T1) is equal to thetarget T . The attacker wins when his guess of the bit b was correct.

Definition 1 ((qt, qr, qe)-location privacy) An identification protocol P ex-ecuted in a WPAN with security parameter k is (qt, qr, qe)-location private if:

∀A[qt , qr , qe] : Pr(A[qt , qr , qe] wins attack game 1 by guessing b) ≤ 1

2+

1

|poly(k)|

Attack game 2

The goal of this attack game is to detect that a certain node belongs to a specificcommunicating constellation. The attacker does not want to make a distinctionbetween the nodes in the communicating constellation, detecting that a node ispart of the group is already enough. This attack makes sense from a practicalpoint of view, since an attacker is typically not interested in detecting a specificdevice, but the user operating the device. And since a user is often carrying thesame devices, which form a communicating constellation, this attack is sufficientto track the user.

The game goes as follows:

1. The attacker selects a particular communicating constellation, formed bythe group of nodes Ri. This group is the target of the attacker.

2. The attacker can query the two oracles Query node Ri and Execute (Ri,Rj), as described in Sect. 5.3.3. The number of allowed queries to theseoracles are parameterized by qr and qe respectively.

3. The adversary (randomly) selects one of the nodes Ri. This node is removedfrom the communicating constellation. The attacker also selects anothernode, which is not part of the communicating constellation (and hence notknown by the nodes Ri). These two nodes are randomly defined as T0 andT1. The goal of the attacker is to indicate which one of these two nodesTb belongs to the communicating constellation (and is hence known by theother nodes Ri).

4. The attacker can query the three oracles (Query target Ti, Query node Ri,and Execute (Ri, Rj)), as described in Sect. 5.3.3. The number of allowedqueries to these oracles are parameterized by qt, qr and qe respectively.

5. The attacker has to decide which node Tb (so T0 or T1) belongs to thecommunicating constellation formed by the nodes Ri. The attacker winswhen his guess of the bit b was correct.


Definition 2 ((qt, qr, qe)-constellation location privacy) A protocol P ex-ecuted in a WPAN with security parameter k is (qt, qr, qe)-constellation locationprivate if:


2+

1

|poly(k)|

Relation between the attack games

Since distinguishing between two nodes of the WPAN is a stronger requirementthan detecting that a certain node belongs to a particular communicating con-stellation, we have the following relation between the two attack games:

Game1⇒ Game2 . (5.9)

In other words, a protocol P that is (qt, qr, qe)-location private is also (qt,qr, qe)-constellation location private.

5.3.5 Forward security

Since the mobile devices in a WPAN can easily get lost or stolen, or affected bya virus, it is important to incorporate forward security in our theoretical modelof location privacy. A protocol is forward secure if an attacker who obtainsthe memory content of a mobile device (and hence the current secret keys andidentifiers), is not able to track it in the past. The notion of forward securityresults in the following attack game.

Attack game 3

In this attack game, the attacker selects a specific target T and another randomnode at a particular time (trev). The goal of the attack game is to distinguishbetween these two nodes somewhere in the past (so before time trev). The attackgame goes as follows:

1. At a particular time (trev), the attacker selects a specific node Rj = T froma particular communicating constellation. This will be the target node forthe challenge.

2. The attacker can query the four oracles (Query target T , Query node Ri,Execute (Ri, Rj)), and Reveal node (T , trev), as described in Sect. 5.3.3.The number of allowed queries to the first three oracles are parameterizedby qt, qr and qe respectively. The adversary is only allowed to make onereveal query on the target node T . The queries to the four oracles takeplace at time trev.

5.4. ANALYSIS AND EVALUATION OF SEVERAL LOCATIONPRIVACY–ENHANCING SCHEMES 155

3. The adversary selects two nodes, T0 and T1. One of these nodes is equal tothe target T , the other node is a random node Rx. The goal of the attackeris to make a distinction between these two nodes somewhere in the past (ata time tj , where tj < trev). The attacker has to decide which one of thetwo nodes Tb is the target node T .

4. The attacker can query the three oracles (Query target Ti, Query nodeRi, and Execute (Ri, Rj)), as described in Sect. 5.3.3. These queries areonly allowed to take place at times ti, where ti < trev. The number ofallowed queries to these three oracles are parameterized by qt, qr and qerespectively.

5. The attacker has to decide which node Tb (so T0 or T1) is equal to thetarget T , at a time tj (where tj < trev). The attacker wins when his guessof the bit b was correct.

Definition 3 ((qt, qr, qe)-forward location privacy) A protocol P executedin a WPAN with security parameter k is (qt, qr, qe)-forward location private if:


2+

1

|poly(k)|

5.4 Analysis and Evaluation of Several Location

Privacy–Enhancing Schemes

We will now examine and evaluate several location privacy–enhancing schemesfor WPAN that were proposed in the literature, using our theoretical framework(see Sect. 5.3 for the details of this theoretical model). The protocols that willbe analyzed are:

• Bluetooth anonymity mode, proposed by Gehrmann et al. [68]

• The location privacy protocol of Wong and Stajano [215].

• Our location privacy–enhancing scheme, as discussed in Sect. 5.2 and pub-lished in [189].

Before we start analyzing these protocols, we first have to discuss why randomresponses are important and necessary in location privacy–enhancing schemes forWPAN. This important observation causes some modifications to all the locationprivacy–enhancing schemes that will be discussed in this section (and to the bestof our knowledge, even to all the location privacy–enhancing schemes for WPANthat have been published in the literature).


5.4.1 Necessity of random responses

Many identification protocols for WPAN contain a procedure that describes howto deal with incorrect identification claims. For efficiency reasons, there will beoften no response. A time-out will then take place in the other device, and theprotocol fails. Another procedure that is used in several protocols, is to send anerror message (e.g., “identification claim not accepted”) back to the device wherethe incorrect identification claim originated from.

Both procedures cause severe location privacy issues. They enable an attackerto distinguish in an attack game between a target node and a random node inthe WPAN. The attacker only has to obtain a correct identification claim (whichis very trivial, it requires one query node Ri message). In the next phase, theattacker sends the message obtained from this oracle to both nodes. The targetnode will reply with a correct response (the attacker does not have to be able toread this response, it can be encrypted), the other node will not reply or send anerror message. The fact that a node responds or not (irrespective of the contentof this message) can already be enough to identify that node. Node silence orsending error messages hence precludes location privacy protection.

To avoid these problems, a node should send a random response back when itreceives an incorrect identification claim. Of course, this creates a vulnerabilityto Denial-of-Service attacks. Nevertheless, it is a well known fact that achievinguntraceability is infeasible unless avoiding Denial-of-Service attacks is given up.Replying with a random message results in an explosion of the communication inthe network. One incorrect message causes a random message to be broadcasted,which causes other nodes also to send a random message, etc.

To avoid this attack, each message should contain a number that indicateswhich message of the protocol it is (e.g., if a protocol P has 4 messages, eachmessage should contain a number between 1 and 4). This still causes extrarandom messages to be broadcasted in the network, but only a limited quantity.In each round of protocol P, each of the n nodes in the network replies to eachmessage it receives from the (n− 1) other nodes in the network. One can hencecompute the maximum number of extra random messages t (in the worst case).This is denoted in Eq. (5.10).

t = n ·m∑

i=1

(n− 1)(i−1) . (5.10)

In this equation, m denotes the number of messages in the protocol, and n thenumber of nodes in the network. E.g., a protocol P consisting of 2 messages,that is executed in a network with 10 nodes, results in the worst case to 100extra random messages every time an incorrect identification claim is inserted inthe network. Putting more information in the messages of the protocol causesless extra random messages to be sent in the network, but also results in a larger


location privacy risk. This trade-off should be taken into account when designinglocation privacy–enhancing schemes for WPAN.

In the rest of this section, we will assume that the modifications discussedabove are carried out in each of the location privacy–enhancing schemes that willbe analyzed (so replying with a random response when an incorrect message isreceived, and having each protocol message numbered).

5.4.2 Bluetooth anonymity mode


To avoid different types of location tracking attacks against Bluetooth devices,Gehrmann et al. [68] presented the Bluetooth anonymity mode. The authorspropose to use three types of addresses: the fixed Bluetooth address, the activeBluetooth address and the alias address. Bluetooth devices working in anony-mous mode(the mode that is applied to prevent location tracking) use the activeaddress for connection establishment and communication. It is a random 48-bitaddress that is changed regularly. Each time the active address is updated, itis sent to all the devices it is communicating or connected with. The use of thefixed Bluetooth hardware address is still supported in the Bluetooth anonymitymode. This is done to allow direct connections between two trusted devices.However, the authors suggest to combine page scanning based on the fixed Blue-tooth hardware addresses with alias authentication. The latter is carried out asfollows. During pairing, trusted devices will exchange a random alias address.These alias addresses are then used to authenticate each other after the pagescanning phase. If no or an incorrect alias address is received, a warning is sentto the user of the device. The alias addresses are updated every time a newconnection is established.

Location privacy analysis

The Bluetooth anonymity mode does not provide full protection to location pri-vacy attacks. Since the messages exchanged during a page scan contain the fixedBluetooth hardware address and are not encrypted, a passive eavesdropper caneasily detect that a particular device is present. Alias authentication is also notsufficient to avoid active tracking attacks. An adversary can perform a replay at-tack and force two devices to reuse old alias addresses. Since Bluetooth does notprovide mechanisms to protect the integrity and freshness of its communication,such replay attacks cannot be prevented. Blocking updates of alias addresses alsoresults in the reuse of these addresses. An attacker can then perform an activepage scan for a particular device, and reuse an old alias address to successfullyauthenticate himself.

The active Bluetooth address was introduced in the Bluetooth anonymity


mode to avoid the use of a fixed, unique address. There are however someimportant details missing in the protocol description. The authors do not statehow the active address should be updated. If the new active address is sent inplaintext to all the other devices in the Bluetooth network, it does not provideany location privacy protection. A global passive eavesdropper (as defined inour theoretical model) also obtains the updated active address, and can continuetracking the device. Encrypting the updates of the active address is not sufficientto solve the problem. The adversary can perform the following active replayattack. He impersonates a device in the network that is going to update itsactive address. Next, he sends to the target device (that he wants to identifyin the attack game) an old version of the active address of the impersonateddevice. Each time a page scan is performed with this old active address, theadversary knows the target device is present. In other words, the attacker can“mark” particular devices by sending old active addresses to them. The samegoal can be obtained by blocking updates of the active address that are sent to aparticular device. It will then reuse the old active address in its page scans, andthis enables the adversary to detect its presence.

In order to avoid the privacy problems discussed above, the devices shouldupdate the temporary identifier used in their communication (such as the activeaddress) each time a message is sent. This update should be variable (by includingsome random information that is different in each round of the protocol, andcannot be influenced by the attacker) or should be done automatically. One hasto avoid that devices have to inform the other devices in the network that theirtemporary identifiers have been updated. We will now study and evaluate twoprotocols that have carried out this design strategy.

5.4.3 Our location privacy–enhancing scheme


Our location privacy–enhancing scheme, which uses temporary pseudonyms, hasbeen described in Sect. 5.2. More precisely, we will analyze the solution of sce-nario 1 (mobile devices share a symmetric key) and the solution of scenario 2(mobile devices know each others’ fixed addresses). We will denote these twosolutions as the SP-1 protocol and the SP-2 protocol respectively.

Location privacy analysis of the SP-1 protocol

The SP-1 protocol is not (1, 2, 0)-location private. An adversary can win attackgame 1 (see Sect. 5.3.4) with a probability close to 100% by performing thefollowing adversarial algorithm:



2. The attacker sends two queries to a node Ri, which shares an unknown keyK with the target T . The current pseudonym shared by Ri and T is R.Each of the two queries contains the “start protocol” message. In the firstquery, the node Ri will reply with the pseudonym R. In the second query,the node Ri will reply with the pseudonym PRFK(R).

3. The adversary selects two nodes, T0 and T1. One of these nodes is equal tothe target T , the other node is a random node Rx.

4. The attacker sends a query to the nodes T0 and T1. This target querycontains the pseudonym R.

5. One of the nodes will reply to this query with a message containing thepseudonym PRFK(R), the other node with a random message X1. Thenode that has replied with PRFK(R) is the target node T.

The problem above is caused by the chain of pseudonyms being deterministicand not variable. The values in the chain only depend on the initial value and theshared key K. By performing two consecutive queries to the same node Ri, theattacker obtains two consecutive values in the chain. This is sufficient to identifythe target node T . In other words, the attacker desynchronizes two nodes (onebeing the target node), and abuses this in a later stage of the attack.

Because of this problem, the SP-1 protocol is also not (2, n−1, 0)-constellationlocation private. The parameter n denotes the number of nodes in the communi-cating constellation. An adversary can win attack game 2 (see Sect. 5.3.4) witha probability close to 100% by performing the following adversarial algorithm:

1. The attacker selects a particular communicating constellation, formed bythe group of nodes Ri. This group is the target of the attacker.

2. The adversary (randomly) selects one of the nodes Ri. This node is removedfrom the communicating constellation. The attacker also selects anothernode, which is not part of the communicating constellation (and hence notknown by the nodes Ri). These two nodes are randomly defined as T0 andT1.

3. The attacker sends two queries to both the nodes T0 and T1. Each of thetwo queries contains the “start protocol” message. One of the nodes willreply with the pseudonym R in the first query, and with the pseudonymPRFK(R) in the second query. The other node will reply twice with arandom message (denoted by X1 and X2).

4. The adversary randomly selects one of the nodes Tb (T0 or T1), and sendsthe response of this node’s first query (so R or X1) in a query to each ofthe remaining (n− 1) nodes Ri of the communicating constellation.


5. If one of the nodes Ri replies with the pseudonym PRFK(R), the node Tb

is equal to the target node T . If all the nodes Ri send a random replyback (not equal to PRFK(R)), node Tb is not part of the communicatingconstellation and hence not the target node. The target node T is thenequal to Tb.

The SP-1 protocol is not (1, 0, 0)-forward location private. The reason is thatthe key K, used to compute the chain of pseudonym values, is not frequentlyupdated (at least not every time a new pseudonym is generated). This can beabused by an adversary, who can win attack game 3 (see Sect. 5.3.4) with aprobability close to 100% by performing the following adversarial algorithm:


2. The attacker executes a reveal query on the target node T at time trev.Because of this query, the attacker knows the secret key K and the currentpseudonym R.

3. The adversary selects two nodes, T0 and T1. One of these nodes is equal tothe target T , the other node is a random node Rx of the communicatingconstellation. The attacker wants to identify which one of these two nodesis the target node T , at a particular time before trev. This time of attackis denoted by ti and should be chosen in such a way that the key K is notupdated between ti and trev.

4. The attacker sends a query to the nodes T0 and T1 at time ti. This querycontains the “start protocol” message. One of the nodes will reply with thepseudonym R′, the other node with a random message X1.

5. The adversary uses the key K, obtained earlier in the attack, to compute achain of pseudonym values. The initial value of the chain is the value thatwas received from the node Tb (so R′ or X1).

6. The pseudonym R will only appear in the chain that started from the valueR′, and not in the chain that started from the value X1. The node thathas sent this value R′ is the target node T .

Note that the adversarial algorithm described above fails if the value X1

appears in the chain that started from the value R′, or vice versa. Both chainsof pseudonym values will then overlap and contain the value R. As a result, theattacker has a 50% chance of making an incorrect guess. The probability of thisevent (both chains of pseudonyms overlapping) is however very small and can beneglected.


Alice Bob

Random N1

R1 = PRFK(N1|R0)N1|R1

Verify R1

K ′ = h(K) K ′ = h(K)

Random N2

R2 = PRFK′(N2|R1)N2|R2

Verify R2

K ′′ = h(K ′) K ′′ = h(K ′)

Random N3

R3 = PRFK′′(N3|R2). . .

Figure 5.3: Improved SP-1 protocol

Repairing the SP-1 protocol

Fortunately, the attacks described above can be prevented by carrying out somesmall modifications. To solve the location privacy problem of the SP-1 protocol,one needs to insert a random nonce in the computation of the pseudonyms. Thisnonce, which should be sent together with the pseudonym itself, will be differentin each run of the protocol and makes pseudonyms obtained by sending queriesto a node Ri useless. The probability that the target node T uses the same nonceas the node Ri is very small. If another nonce is used, the pseudonym will bedifferent, and the adversary will no longer be able to recognize it. This solutionalso prevents the constellation location privacy problem of the SP-1 protocol.

To solve the forward location privacy problem, the key K should be updatedin each round of the protocol (as frequently as the pseudonym itself is updated).This updating has to be done in such a way that it is easy to compute the nextvalue of the key, but hard to compute an old value of the key. This property canbe achieved by applying a cryptographic hash function h(). We hence suggest toupdate the key K to a key K ′ = h(K) in each round of the protocol.

The improved SP-1 protocol is shown in Fig. 5.3.


Location privacy analysis of the SP-2 protocol

In this analysis, we assume that the fixed address of device B (addrB) is notknown in advance by an attacker. Otherwise, the SP-2 protocol does not provideany location privacy protection at all. We also assume that the nonce, that isused to compute the pseudonym, is random and has not yet been used before.

We note that in the SP-2 protocol, a pseudonym R is computed by applyinga cryptographic hash function to the concatenation of several inputs. Some ofthese inputs are random and publicly known (the nonce), others are fixed butsecret (the address addrB). Since the cryptographic hash function is applied toa (partially) secret input, it can be modeled as a random oracle. By definition,the output of such a random oracle cannot be distinguished from a truly randomresponse [14]. The consequence is that an adversary A[qt , qr , qe] has statisticallythe same probability of winning attack game 1 as winning a modified attackgame, where the output of each query is a random nonce and a random value(instead of a pseudonym). Since each output in this modified attack game israndom and hence indistinguishable, an attacker cannot win this attack gamewith a probability that is significantly larger than 1/2. The SP-2 protocol ishence (qt, qr, qe)-location private (and as a result, also (qt, qr, qe)-constellationlocation private).

Instead of using a cryptographic hash function h() to compute pseudonymsand working in the random oracle model, it is more interesting to assume that apseudo-random function PRF is used. The reason is that the existence of a PRFis a weaker theoretical assumption that the existence of a random oracle. Thekey fed to this pseudo-random function is the secret address addrB, the inputis the random nonce. By definition of a pseudo-random function, no efficientalgorithm can distinguish with a significant advantage between the output of aPRF and a truly random output [69]. Several pseudo-random functions exists(e.g., HMAC [12]). The rest of the analysis is similar to the discussion above(using the random oracle model). An adversary A[qt , qr , qe] has statisticallythe same probability of winning attack game 1 as winning a modified attackgame, where the output of each query is a random nonce and a random value(instead of a pseudonym). Since each output in this modified attack game israndom and hence indistinguishable, an attacker cannot win this attack gamewith a probability that is significantly larger than 1/2. The SP-2 protocol ishence (qt, qr, qe)-location private (and as a result, also (qt, qr, qe)-constellationlocation private).

The SP-2 protocol is not (1, 0, 0)-forward location private. The reason is thatthe secret address addrB is obtained during a reveal query. Since there is no othersecret value used to compute the pseudonym, the attacker can also compute thisvalue and immediately check if the message was sent to device B. In other words,the SP-2 protocol does not provide any location privacy protection at all if addrBis publicly known. This problem cannot be solved easily, since addrB can never


Alice Bob

Random R1

H1 = h(iB |R1|KAB)R1|H1

Verify H1

Random R2

H2 = h(iA|R1|R2|KAB)R2|H2

Verify H2

Random R3

H3 = h(iB |iA|R1|R2|R3|KAB)R3|H3

Verify H3

Figure 5.4: Wong and Stajano’s location privacy protocol

be updated.

5.4.4 Wong and Stajano’s location privacy protocol


Wong and Stajano proposed a protocol to provide location privacy in Blue-tooth networks [215]. It consists of three rounds and makes use of temporarypseudonyms.

Their protocol is shown in Fig. 5.4 and consists of a three-way handshake.The three messages in the protocol are denoted by ID1, ID2 and ID3. Therelevant past pseudonyms of Alice and Bob are denoted by iA and iB . h() is acryptographic hash function (the collision probability of the hash function mustbe low and the first and second preimage resistance of the hash function must behigh). R1, R2 and R3 are random nonces, and KAB is a link key shared by Aliceand Bob. Both parties keep a database of tuples containing their own temporarypseudonym, the pseudonym of the other party, and the shared link key.

The protocol starts by Alice paging for Bob. She selects a random nonce R1,computes the hash H1, and sends an ID1 packet. The hash in the ID1 packethides the past pseudonym of Bob. Bob can compute and verify the expected hashin the ID1 packet using his database of the paired devices’ temporary pseudonyms


and their associated link keys with the nonce. When he successfully finds a match,he chooses a random nonce R2, computes H2, and responds with the ID2 packet.On receiving the ID2 packet, Alice will verify the hash. If there is a match,Alice will generate a random nonce R3, compute the hash H3 and reply withthe ID3 packet. On receipt of this message, Bob will verify the hash H3. Afterthe protocol runs successfully, both parties update their temporary pseudonym.These new pseudonyms must be randomly generated. Wong and Stajano havesuggested to hash some counter.

The use of temporary pseudonyms helps to avoid location tracking. The secu-rity of the protocol depends on the randomness of the nonces, the irreversibilityof the hash function and the secrecy of the shared link key. After the successfulexecution of the three-way protocol, both parties know they are communicatingwith the correct party. After having verified the correctness of the ID2 mes-sage, Alice has the assurance that Bob knows his own previous pseudonym, theprevious pseudonym of Alice, and their shared key. After having verified thecorrectness of the ID3 packet, Bob has the assurance that Alice knows thesesame three things. The past temporary pseudonyms are protected from all thirdparties.

Location privacy analysis

The protocol of Wong and Stajano is very similar to the SP-2 protocol. Theonly difference is that a shared key KAB is used instead of an address addrB.Each message in the protocol contains a random nonce and the output of a hashfunction. We can hence use the same argumentation to show that the protocolof Wong and Stajano is (qt, qr, qe)-location private.

A cryptographic hash function is applied on a (partially) secret input (thekey KAB). It can hence be modeled as a random oracle. The consequence isthat an adversary A[qt , qr , qe] has statistically the same probability of winningattack game 1 as winning a modified attack game, where the output of eachquery is a random nonce and a random value (instead of the output of a hashfunction). Since each output in this modified attack game is random and henceindistinguishable, an attacker cannot win this attack game with a probabilitythat is significantly larger than 1/2. The protocol of Wong and Stajano is hence(qt, qr, qe)-location private (and as a result, also (qt, qr, qe)-constellation locationprivate).

Since the existence of a PRF is a weaker theoretical assumption that the exis-tence of a random oracle, it is more interesting to use the former to demonstratethat the protocol is (qt, qr, qe)-location private. The key fed to the pseudo-random function is the secret address KAB , the input is equal to the input ofthe hash function (excluding the key KAB). An adversary A[qt , qr , qe] has sta-tistically the same probability of winning attack game 1 as winning a modifiedattack game, where the output of each query is a random nonce and a random


value (instead of the output of a pseudo-random function). Since each outputin this modified attack game is random and hence indistinguishable, an attackercannot win this attack game with a probability that is significantly larger than1/2. The protocol of Wong and Stajano is hence (qt, qr, qe)-location private (andas a result, also (qt, qr, qe)-constellation location private).

The protocol of Wong and Stajano is not (1, 0, 0)-forward location private.The reason is that the temporary pseudonyms (iA and iB) are updated by hashinga counter. An attacker can perform the same computation and store a table ofhashed counters. This table can then be used by the attacker to win attackgame 3 (see Sect. 5.3.4) with a probability close to 100%, by performing thefollowing adversarial algorithm:


2. The attacker executes a reveal query on the target node T at time trev.Because of this query, the attacker knows the secret key KAB and thecurrent pseudonym iT .

3. The adversary selects two nodes, T0 and T1. One of these nodes is equal tothe target T , the other node is a random node Rx of the communicatingconstellation. The attacker wants to identify which one of these two nodesis the target node T , at a particular time before trev. This time of attackis denoted by ti.

4. The attacker sends a query to the nodes T0 and T1 at time ti. This querycontains the “start protocol” message. One of the nodes will reply with themessage (R1|H1), the other node with a random message (R′

1|X1).

5. The adversary uses the key KAB , obtained earlier in the attack, and com-putes for each hashed value of the counter (stored in the table) the valueH ′

1. For one of these values, H ′1 = H1.

6. The node that has sent the value H1 is the target node T .

Repairing the protocol of Wong and Stajano

There are several solutions to make the protocol of Wong and Stajano forwardlocation private. One could update the key KAB in every round of the protocolby hashing it to a new value (Knew = h(Kold)). As a result, it is hard for anattacker to compute an old value of the key. This solution is identical to thesolution proposed for the SP-1 protocol.

Another technique to solve the forward privacy problem is hashing the tem-porary pseudonyms (iA and iB) in each round of the protocol (instead of hashinga counter). The output of this cryptographic hash function is the new value of


the pseudonym (so iA,new = h(iA,old)). This avoids that the attacker constructsa table containing the old temporary pseudonyms.

5.5 Conclusions

Location privacy is one of the major security problems in a Wireless PersonalArea Network. The leakage of the device’s unique hardware address enables anattacker to keep track of the place and time a mobile device is communicating.The hardware address of the device can often be linked to the identity of the useroperating the mobile device, and this causes severe privacy problems.

While the basic location privacy problem of using a long-term device addresscan be resolved by using temporary identities, an incomplete solution can giverise to linkability. We have presented four WPAN communication scenarios andproposed for each of these scenarios practical techniques that make use of tem-porary pseudonyms. Our schemes provide location privacy at the protocol level,and avoid that a remote attacker is able to track a particular device by observingthe headers in the protocol flow.

In a second part of this chapter, we have constructed a formal model of loca-tion privacy for WPAN. This theoretical framework contains a formal definitionof (the different types of) location privacy and models the access of an adversaryto the communication channels from a set of oracles. We have applied this theo-retical model to analyze and evaluate several location privacy–enhancing schemesproposed in the literature. This resulted in several design flaws being discovered.Most of these problems could be solved by carrying out some small modificationsto the protocol.

Chapter 6

Conclusions and Future

Research

6.1 Conclusions

This thesis deals with security and privacy solutions for Wireless Personal AreaNetworks. The emphasis is on efficient, user-friendly and location privacy–enhancing protocols that are targeted at resource constrained personal devices,being deployed in a mobile ad hoc network with a continuously changing networktopology that is lacking fixed (trusted) servers.

The thesis starts with an overview of the most common techniques to con-struct an out-of-band channel, a building block used in pairing protocols, andthe essential part to securely bootstrap key establishment protocols in a WPAN.Pairing protocols enable user operated mobile devices in a Wireless Personal AreaNetwork to derive a shared secret session key. Next, we have proposed an efficientand user-friendly pairing protocol offering location privacy. It combines MANualAuthentication (MANA) protocols with elliptic curve cryptography and tempo-rary pseudonyms. We also present a second enhanced pairing protocol whichenables mutual device authentication through presence. It combines the conceptof a user’s device’s private space with distance bounding protocols.

Mutual entity authentication protocols in wireless ad hoc networks can beenhanced by using distance bounding protocols. They combine physical andcryptographic properties and enable a verifying party to determine an upperbound on the distance between itself and a prover, who claims to be within acertain range. This thesis has presented the main design principles to design asecure distance bounding protocol. Next, we have also studied some interest-ing applications of distance bounding protocols. We have demonstrated that asecure location verification scheme can be constructed by conducting a distance

167

168 CHAPTER 6. CONCLUSIONS AND FUTURE RESEARCH

bounding protocol simultaneously with three collaborating, tightly-synchronized,non-collinear verifiers. We have shown that for security reasons, broadcast modehas to be used and that the set of valid location claims should be restricted.

Since distance bounding protocols are conducted over noisy wireless ad hocchannels, they should be designed to cope well with substantial bit error ratesduring the rapid single bit exchanges. We have proposed the noise resilient MADprotocol, which employs binary codes to correct bit errors occurring during thefast bit exchanges, and have compared its performance to the Hancke–Kuhn pro-tocol for both moderately low and relatively high bit error rates. We have shownthat the noise resilient MAD protocol needs about half of the number of fastcommunication rounds compared to the Hancke–Kuhn protocol. However it re-quires slightly more bits to be exchanged on the slower communication channel.Next, we have derived an upper limit on the bit error rate, for which the require-ments on the false rejection and the false acceptance ratio, for a given number offast communication rounds, can still be achieved. Our results help to compareboth noise resilient distance bounding protocols in the scenario where they areemployed in extremely noisy environments, and assist to choose the appropriatedesign parameters, such as the minimal required number of fast bit exchanges.

Finally, we have investigated the location privacy problem in Wireless Per-sonal Area Networks. The leakage of a personal device’s unique hardware addressenables an attacker to keep track of the place and time the device is communicat-ing. The hardware address of a device can often be linked to the identity of theuser operating the mobile device, which causes severe privacy problems. We havepresented several communication scenarios for WPAN, and proposed for each ofthese scenarios practical techniques that make use of temporary pseudonyms.Next, we have constructed a formal model of location privacy for WPAN. Thistheoretical framework contains a formal definition of location privacy and modelsthe access of an adversary to the communication channels from a set of oracles.We have applied this theoretical model to several candidate location privacy–enhancing schemes proposed in the literature, which resulted in several designflaws being discovered. Most of the problems that were identified could be solvedby carrying out some small modifications to the protocol.

6.2 Future Work

Providing security and privacy for Wireless Personal Area Networks is an inter-esting and challenging research area with many unsolved problems. We will nowhighlight three interesting research challenges in this area.

6.2. FUTURE WORK 169

Pairing protocols

Enhanced pairing protocols can be employed to securely bootstrap a key estab-lishment protocol in a Wireless Personal Area Network. They enable user op-erated mobile devices, which do not yet share any authenticated cryptographicmaterial (such as keys), to derive a secret session key by making use of out-of-band channels. Such channels should satisfy several design criteria: they have tobe energy efficient, user-friendly, secure and inexpensive to set up.

There is a strong need for novel out-of-band channels that fulfil these require-ments. The out-of-band channel should be very intuitive and straightforwardto use, such that non-technical users are able to employ them in a correct wayand do not want to bypass the security mechanisms. User interaction and inputshould be limited as much as possible (e.g., only pressing a button to executethe pairing protocol). Since the fabrication cost is a very important parame-ter when manufacturing mobile personal devices, the out-of-band channel shouldonly require minimal hardware changes, be very inexpensive to set up, and havea negligible impact on the total production cost of the device. Energy efficiencyis also important, because mobile devices are often resource constrained. Fi-nally, one should take all the necessary security countermeasures to guaranteethe authenticity (and/or confidentiality) of the out-of-band channel.

The current state-of-the-art technology can often be improved in terms ofuser-friendliness (e.g., when shaking the mobile devices together to generate sim-ilar sensor data streams), user interaction (e.g., all pairing protocols that requireuser input), security (e.g., when applying the resurrecting duckling policy or whenusing an audio channel) or fabrication cost (e.g., when using a visual channel).It would be interesting to design and implement pairing protocols that com-bine several techniques (e.g., an audio channel combined with distance boundingprotocols; or NFC combined with another out-of-band channel) to create an au-thentic and/or private out-of-band channel.

Distance bounding protocols

Distance bounding protocols are very useful tools in Wireless Personal Area Net-works, as they can enhance mutual entity authentication protocols and precludedistance fraud and mafia fraud attacks, in which a local impersonator exploitsa remote honest user. There are however some practical issues that need to beresolved before distance bounding protocols can be deployed in practice. Since(ultra-)sound is not resistant to physically present attackers, and the user doesnot always have full control over his environment, one should preferably usea communication medium with a propagation speed as close as possible to thephysical limit for propagating information through space-time. However, the con-sequence is that the verifier has to be able to measure the round trip time withvery high precision. Moreover, the hardware carrying out the distance bounding

170 CHAPTER 6. CONCLUSIONS AND FUTURE RESEARCH

protocol should be designed in such a way that the processing delay is extremelysmall (and especially not too variable) compared to the time of flight. It isunclear if these requirements can be achieved with the current state-of-the-arttechnology.

To the best of our knowledge, there are only two secure noise resilient distancebounding protocols that have been proposed in the literature: the Hancke–Kuhnprotocol, and our noise resilient MAD protocol. It is very likely that one candesign other secure distance bounding protocols that cope well with substantialbit error rates during the rapid single bit exchanges. It would be particularlyinteresting to have a noise resilient distance protocol that it is resistant to terroristfraud attacks and does not need trusted hardware to achieve this goal.

Location privacy

In this thesis, we have proposed a theoretical framework for location privacy inWireless Personal Area Networks. This formal model helps to highlight potentialdesign flaws in location privacy–enhancing protocols and formalize the securityof such protocols in terms of untraceability and unlinkability. We believe that therelative simplicity of our theoretical model is useful for the design and analysis oflocation privacy–preserving protocols for WPAN. There are however some areasfor further work.

It is unclear if our theoretical model captures all forms of location privacyin WPAN. Detecting that a node is part of a communication constellation issufficient to trace the user operating the devices. But maybe there is otherinformation available in the WPAN that could be useful too for an attacker.Our framework only considers protocol-level location privacy issues. In the realworld, there could be many possible side channels that enable an attacker totrace a particular user. We have incorporated forward location privacy in ourtheoretical model. It could also be useful to consider the scenario where anattacker obtains the entire memory content of a device, but wants to trace thisdevice later in time (and hence not in the past). A protocol that is forwardlocation private is not necessarily resistant to this attack. This could henceresult in some small modifications that need to be carried out to the protocol.

On the other hand, there is also a need for weaker definitions and assumptionsin our theoretical model. Some aspects of our framework may be too strong fora practical set-up. A theoretical model with a weaker adversarial model could beinteresting from a practical point of view.

Finally, it is an open research question if there exist other (more efficient)location privacy–preserving schemes which are secure and do not make use of apseudo-random function computed on the concatenation of a random nonce andother input data (such as the current pseudonym).

Bibliography

[1] ABI Research. ULP Bluetooth Ready to Revolutionize the Role of PAN Tech-nologies in Sports, Wellbeing, and Exercise Markets. http://www.abiresearch.

com/abiprdisplay.jsp?pressid=958.

[2] B. Alpern and B. Schneider. Key Exchange Using Keyless Cryptography. Infor-mation Processing Letters, 16(2):79–81, 1983.

[3] F. Armknecht, J. Lano, and B. Preneel. Extending the Resynchronization Attack.In Proceedings of the 11th Annual International Workshop of Selected Areas inCryptography (SAC ’04), Lecture Notes in Computer Science, LNCS 3357, pages19–38. Springer-Verlag, 2004.

[4] A.C. Atici, L. Batina, J. Fan, I. Verbauwhede, and S.B. Ors. Low-cost Imple-mentations of NTRU for Pervasive Security. In Proceedings of the IEEE 19thInternational Conference on Application-specific Systems, Architectures and Pro-cessors (ASAP ’08), page 6, 2008.

[5] G. Avoine. Adversarial Model for Radio Frequency Identification. CryptologyePrint Archive, Report 2005/049, 2005. http://eprint.iacr.org/.

[6] P. Bahl and V. Padmanabhan. RADAR: An In-Building RF-based User Locationand Tracking System. In Proceedings of the 19th Annual Joint Conference ofthe IEEE Computer and Communications Societies (INFOCOM ’00), volume 2,pages 775–784. IEEE, 2000.

[7] D. Balfanz, D. Smetters, P. Stewart, and H. Wong. Talking to Strangers: Au-thentication in Adhoc Wireless Networks. In Proceedings of the 9th Network andDistributed System Security Symposium (NDSS ’02). IEEE, 2002.

[8] J. Barros and M. Rodrigues. Secrecy Capacity of Wireless Channels. In Proceed-ings of the IEEE International Symposium on Information Theory (ISIT ’06),pages 356–360. IEEE, 2006.

[9] L. Batina, J. Guajardo, T. Kerins, N. Mentens, P. Tuyls, and I. Verbauwhede.Public Key Cryptography for RFID-Tags. In Workshop on RFID Security (RFID-Sec ’06), page 16, 2006.

[10] L. Batina, J. Guajardo, T. Kerins, N. Mentens, P. Tuyls, and I. Verbauwhede.Public-Key Cryptography for RFID-Tags. In Proceedings of the 4th IEEE Interna-tional Workshop on Pervasive Computing and Communication Security (PerSec’07 ), pages 217–222. IEEE, 2007.

171

172 Bibliography

[11] L. Batina, S. Seys, B. Preneel, and I. Verbauwhede. Public-Key Primitives. InWireless Sensor Network Security, pages 77–109. IOS PRESS, 2008.

[12] M. Bellare, R. Canetti, and H. Krawczyk. Keying Hash Functions for MessageAuthentication. In Advances in Cryptology - CRYPTO ’96, Lecture Notes inComputer Science, LNCS 1109, pages 1–15. Springer-Verlag, 1996.

[13] M. Bellare, D. Pointcheval, and P. Rogaway. Authenticated Key Exchange Se-cure against Dictionary Attacks. In Advances in Cryptology - EUROCRYPT ’00,Lecture Notes in Computer Science, LNCS 1807, pages 139–155. Springer-Verlag,2000.

[14] M. Bellare and P. Rogaway. Random Oracles are Practical: A Paradigm forDesigning Efficient Protocols. In Proceedings of the 1st ACM Conference onComputer and Communications Security (CCS ’93), pages 62–73. ACM Press,1993.

[15] M. Bellare and P. Rogaway. Entity Authentication and Key Distribution. InAdvances in Cryptology - CRYPTO ’93, Lecture Notes in Computer Science,LNCS 773, pages 232–249. Springer-Verlag, 1994.

[16] M.J. Beller and Y. Yacobi. Fully-Fledged Two-Way Public Key Authenticationand Key Agreement for Low-Cost Terminals. Electronic Letters, 29(11):999–1001,1993.

[17] S. Bellovin and M. Merritt. Encrypted Key Exchange: Password-Based ProtocolsSecure Against Dictionary Attacks. In Proceedings of the IEEE Symposium onSecurity and Privacy (SP ’92), pages 72–84. IEEE, 1992.

[18] S. Bellovin and M. Merritt. Augmented Encrypted Key Exchange: A Password-Based Protocol Secure against Dictionary Attacks and Password File Compro-mise. In Proceedings of the 1st ACM Conference on Computer and Communica-tions Security (CCS ’93), pages 244–250. ACM Press, 1993.

[19] F. Bennett, D. Clarke, J.B. Evans, A. Hopper, A. Jones, and D. Leask. Piconet:Embedded Mobile Networking. IEEE Personal Communications, 4(5):8–15, 1997.

[20] A.R. Beresford and F. Stajano. Location Privacy in Pervasive Computing. IEEEPervasive Computing, 3(1):46–55, 2003.

[21] M. Bloch, M. Rodrigues J. Barros, and S. McLaughlin. Wireless Information-Theoretic Security. IEEE Transactions on Information Theory, 54(6):2515–2534,2008.

[22] Bluejacking. http://www.bluejackq.com/.

[23] Bluetooth Special Interest Group. http://www.bluetooth.com.

[24] Bluetooth Special Interest Group. Simple Pairing Whitepa-per (Revision V10r00). http://www.bluetooth.com/NR/rdonlyres/

0A0B3F36-D15F-4470-85A6-F2CCFA26F70F/0/SimplePairing_WP_V10r00.pdf.

[25] Bluetooth Specification Documents. http://www.bluetooth.com/Bluetooth/

Technology/Building/Specifications/Default.htm.

Bibliography 173

[26] A. Bogdanov, L.R. Knudsen, G. Leander, C. Paar, A. Poschmann, M.J.B. Rob-shaw, Y. Seurin, and C. Vikkelsoe. PRESENT: An Ultra-Lightweight Block Ci-pher. In Proceedings of the 9th International Workshop on Cryptographic Hard-ware and Embedded Systems (CHES ’07), Lecture Notes in Computer Science,LNCS 4727, pages 450–466. Springer-Verlag, 2007.

[27] D. Boneh and M.K. Franklin. Identity-Based Encryption from the Weil Pairing.In Advances in Cryptology - CRYPTO ’01, Lecture Notes in Computer Science,LNCS 2139, pages 213–229. Springer-Verlag, 2001.

[28] S. Brands and D. Chaum. Distance-Bounding Protocols. In Advances in Cryptol-ogy - EUROCRYPT ’93, Lecture Notes in Computer Science, LNCS 765, pages344–359. Springer-Verlag, 1994.

[29] I. Buchmann. What’s the Best Battery? http://www.batteryuniversity.com/

partone-3.htm.

[30] L. Bussard. Trust Establishment Protocols for Communicating Devices. PhDthesis, ENST Paris, 2004. 233 pages.

[31] M. Cagalj, S. Capkun, and J.-P. Hubaux. Key Agreement in Peer-to-Peer WirelessNetworks. Proceedings of the IEEE (Special Issue on Security and Cryptography),94(2):467–478, 2006.

[32] M. Cagalj, J.-P. Hubaux, S. Capkun, R. Rengaswamy, I. Tsigkogiannis, andM. Srivastava. Integrity (I) Codes: Message Integrity Protection and Authen-tication Over Insecure Channels. In Proceedings of the 2006 IEEE Symposium onSecurity and Privacy (SP ’06), pages 280–294. IEEE, 2006.

[33] C. Candolin. Security Issues for Wearable Computing and Bluetooth Technology.http://www.tml.hut.fi/~candolin/Publications/BT/, 2000.

[34] S. Capkun, L. Buttyan, and J.P. Hubaux. SECTOR: Secure Tracking of NodeEncounters in Multi-hop Wireless Networks. In Proceedings of the 1st ACM Work-shop on Security of Ad Hoc and Sensor Networks (SASN ’03), pages 21–32. ACMPress, 2003.

[35] S. Capkun and J.P. Hubaux. Secure Positioning of Wireless Devices with Appli-cation to Sensor Networks. In Proceedings of the 24th Annual Joint Conference ofthe IEEE Computer and Communications Societies (INFOCOM ’05), volume 3,pages 1917–1928. IEEE, 2005.

[36] S. Capkun and J.P. Hubaux. Secure Positioning in Wireless Networks. In IEEEJournal on Selected Areas in Communications, volume 24, pages 221–232. IEEE,2006.

[37] S. Capkun and M. Cagalj. Integrity Regions: Authentication Through Presence inWireless Networks. In Proceedings of the 5th ACM workshop on Wireless security(WISE ’06), pages 1–10. ACM Press, 2006.

[38] C. Castelluccia and P. Mutaf. Shake Them Up!: A Movement-Based Pairing Pro-tocol for CPU-Constrained Devices. In Proceedings of the 3rd International Con-ference on Mobile Systems, Applications, and Services (MobiSys ’05), pages 51–64. ACM Press, 2005. http://www.usenix.org/events/mobisys05/tech/full_

papers/castelluccia/castelluccia_new.pdf.

174 Bibliography

[39] H. Cheung. The Bluesniper Rifle. http://www.tomsnetworking.com/

Sections-article106.php, 2004.

[40] J. Clulow, G.P. Hancke, M.G. Kuhn, and T. Moore. So Near and Yet So Far:Distance-Bounding Attacks in Wireless Networks. In Proceedings of the 3rd Euro-pean Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS’06), Lecture Notes in Computer Science, LNCS 4357, pages 83–97. Springer-Verlag, 2006.

[41] N. Courtois and W. Meier. Algebraic Attacks on Stream Ciphers with Linear Feed-back. In Advances in Cryptology - EUROCRYPT ’03, Lecture Notes in ComputerScience, LNCS 2656, pages 345–359. Springer-Verlag, 2003.

[42] H. Coxeter and S. Greitzer. Geometry Revisited. The Mathematical Associationof America, 1967.

[43] I. Csiszar and J. Korner. Broadcast Channels with Confidential Messages. IEEETransactions on Information Theory, 24(3):339–348, 1978.

[44] J. Daemen and V. Rijmen. Rijndael for AES. In Proceedings of the AES CandidateConference, pages 343–348, 2000.

[45] J. Daemen and V. Rijmen. The Design of Rijndael – AES - The Advanced En-cryption Standard. Springer-Verlag, 2002.

[46] I. Damgard. Commitment Schemes and Zero-Knowledge Protocols. In Lectureson Data Security: Modern Cryptology in Theory and Practice, Lecture Notes inComputer Science, LNCS 1561, pages 63–86. Springer-Verlag, 1999.

[47] C. De Canniere. Trivium: A Stream Cipher Construction Inspired by BlockCipher Design Principles. In Proceedings of the 9th Information Security Confer-ence (ISC ’06), Lecture Notes in Computer Science, LNCS 4176, pages 171–186.Springer-Verlag, 2006.

[48] D. De Cock, K. Wouters, D. Schellekens, D. Singelee, and B. Preneel. ThreatModelling for Security Tokens in Web Applications. In Proceedings of the IFIPTC6/TC11 International Conference on Communications and Multimedia Secu-rity (CMS ’04), volume 175 of IFIP International Federation for InformationProcessing, pages 183–193. Springer, 2005.

[49] DEFCON. Computer Underground Hackers Convention. http://www.defcon.

org.

[50] H. Deng, A. Mukherjee, and D.P. Agrawal. Threshold and Identity-Based KeyManagement and Authentication for Wireless Ad Hoc Networks. In Proceedingsof the IEEE International Conference on Information Technology: Coding andComputing (ITCC ’04), volume 1, pages 107–111. IEEE, 2004.

[51] D. Denning and P. MacDoran. Location–Based Authentication: Grounding Cy-berspace for better Security. Computer Fraud and Security, 1996(2):12–16, 1996.

[52] Y. Desmedt. Major Security Problems with the “Unforgeable” (Feige)-Fiat-Shamir Proofs of Identity and how to overcome them. In Proceedings of SecuriCom’88, pages 15–17, 1988.

Bibliography 175

[53] W. Diffie. The First Ten Years of Public-Key Cryptography. Proceedings of theIEEE, 76(5):560–577, 1988.

[54] W. Diffie and M. Hellman. New Directions in Cryptography. In IEEE Transac-tions on Information Theory, pages 644–654. IEEE, 1976.

[55] W. Diffie, P. van Oorschot, and M.J. Wiener. Authentication and AuthenticatedKey Exchanges. Designs, Codes and Cryptography, 2(2):107–125, 1992.

[56] H. Dorie. 100 Great Problems of Elementary Mathematics: Their History andSolutions. Dover Publications, 1965.

[57] S. Drimer and S.J. Murdoch. Keep Your Enemies Close: Distance BoundingAgainst Smartcard Relay Attacks. In Proceedings of the 16th USENIX SecuritySymposium, pages 87–102. USENIX, 2007.

[58] T. Eisenbarth, S. Kumar, C. Paar, A. Poschmann, and L. Uhsadel. A Survey ofLightweight-Cryptography Implementations. IEEE Design & Test of Computers,24(6):522–533, 2007.

[59] T. ElGamal. A Public Key Cryptosystem and a Signature Scheme Based onDiscrete Logarithms. In Advances in Cryptology - CRYPTO ’84, Lecture Notesin Computer Science, LNCS 196, pages 10–18. Springer-Verlag, 1985.

[60] EMVCo LLC. http://www.emvco.com.

[61] L. Eschenauer and V.D. Gligor. A Key-Management Scheme for DistributedSensor Networks. In Proceedings of the 9th ACM Conference on Computer andCommunications Security (CCS ’02), pages 41–47. ACM Press, 2002.

[62] U. Feige, A. Fiat, and A. Shamir. Zero-Knowledge Proofs of Identity. Journal ofCryptology, 1(2):77–94, 1988.

[63] S. Fluhrer and S. Lucks. Analysis of the E0 Encryption System. In Proceedings ofthe 8th Annual International Workshop of Selected Areas in Cryptography (SAC’01), Lecture Notes in Computer Science, LNCS 2259, pages 38–48. Springer-Verlag, 2001.

[64] C. Gehrmann, C. Mitchell, and K. Nyberg. Manual Authentication for WirelessDevices. RSA Cryptobytes, 7(1):29–37, 2004.

[65] C. Gehrmann and K. Nyberg. Enhancements to Bluetooth Baseband Security.In Proceedings of Nordsec 2001, 2001.

[66] C. Gehrmann and K. Nyberg. Security in Personal Area Networks. In Securityfor Mobility, pages 191–230. IEEE, 2004.

[67] C. Gehrmann, K. Nyberg, and C. Mitchell. The personal CA–PKI for PersonalArea Network. In Proceedings of the 11th Information Society Technologies (IST)Mobile and Wireless Communications Summit, pages 31–35, 2002.

[68] C. Gehrmann, J. Persson, and B. Smeets. Bluetooth Security. Artech House,2004.

[69] O. Goldreich, S. Goldwasser, and S. Micali. How to Construct Random Functions.Journal of the ACM, 33(4):792–807, 1986.

176 Bibliography

[70] J. Golic, V. Bagini, and G. Morgari. Linear Cryptanalysis of Bluetooth StreamCipher. In Advances in Cryptology - EUROCRYPT ’02, Lecture Notes in Com-puter Science, LNCS 2332, pages 238–255. Springer-Verlag, 2002.

[71] M. Goodrich, M. Sirivianos, J. Solis, G. Tsudik, and E. Uzun. Loud And Clear:Human-Verifiable Authentication Based on Audio. In Proceedings of the 26thIEEE International Conference on Distributed Computing Systems (ICDCS ’06),page 10. IEEE, 2006.

[72] M. Gruteser and D. Grunwald. Enhancing Location Privacy in Wireless LANThrough Disposable Interface Identifiers: A Quantitative Analysis. In Proceedingsof the 1st ACM International Workshop on Wireless Mobile Applications andServices on WLAN Hotspots (WMASH ’03), pages 46–55. ACM Press, 2003.

[73] GSM World: Home of the GSM Association. http://www.gsmworld.com.

[74] L.C. Guillou and J.J. Quisquater. A Practical Zero-Knowledge Protocol Fitted toSecurity Microprocessor Minimizing Both Transmission and Memory. In Advancesin Cryptology - EUROCRYPT ’88, Lecture Notes in Computer Science, LNCS330, pages 123–128. Springer-Verlag, 1988.

[75] J. Haartsen, M. Naghshineh, J. Inouye, O. Joeressen, and W. Allen. Bluetooth:Visions, Goals and Architecture. ACM SIGMOBILE Mobile Computing and Com-munications Review, 2(4):38–45, 1998.

[76] G.P. Hancke and M.G. Kuhn. An RFID Distance Bounding Protocol. In Proceed-ings of the 1st International Conference on Security and Privacy for EmergingAreas in Communications Networks (SECURECOMM ’05), pages 67–73. IEEEComputer Society, 2005.

[77] G.P. Hancke and M.G. Kuhn. Attacks on Time-of-Flight Distance BoundingChannels. In Proceedings of the First ACM Conference on Wireless NetworkSecurity (WISEC 2008), pages 194–202. ACM Press, 2008.

[78] E. Haselsteiner and K. Breitfuss. Security in Near Field Communication (NFC).In Workshop on RFID Security (RFIDSec ’06), 2006.

[79] M. Hermelin and K. Nyberg. Correlation Properties of the Bluetooth CombinerGenerator. In Proceedings of the 2nd International Conference on InformationSecurity and Cryptology (ICISC ’99), Lecture Notes in Computer Science, LNCS1787, pages 17–29. Springer-Verlag, 1999.

[80] A. Hevia and D. Micciancio. An Indistinguishability-Based Characterization ofAnonymous Channels. In Proceedings of the 8th Privacy Enhancing TechnologiesSymposium (PETS ’08), Lecture Notes in Computer Science, LNCS 5134, pages24–43. Springer-Verlag, 2008.

[81] A. Hodjat and I. Verbauwhede. The Energy Cost of Secrets in Ad–Hoc Net-works. In Proceedings of the IEEE Workshop on Wireless Communications andNetworking (CAS ’02). IEEE, 2002.

[82] J. H. Hoepman. The Ephemeral Pairing Problem. In Financial Cryptography,Lecture Notes in Computer Science, LNCS 3110, pages 212–226. Springer-Verlag,2004.

Bibliography 177

[83] J. H. Hoepman. Ephemeral Pairing on Anonymous Networks. In Proceedings ofthe 2nd International Conference on Security in Pervasive Computing (SPC ’05),Lecture Notes in Computer Science, LNCS 3450, pages 101–116. Springer-Verlag,2005.

[84] Y. Hu, A. Perrig, and D.B. Johnson. Rushing Attacks and Defense in WirelessAd Hoc Network Routing Protocols. In Proceedings of the 2nd ACM Workshopon Wireless Security (WISE ’03), pages 30–40. ACM Press, 2003.

[85] Y.C. Hu, D.B. Johnson, and A. Perrig. SEAD: Secure Efficient Distance VectorRouting for Mobile Wireless Ad Hoc Networks. In Proceedings of the 4th IEEEWorkshop on Mobile Computing Systems and Applications (WMCSA ’02), pages3–13. IEEE, 2001.

[86] Y.C. Hu, A. Perrig, and D.B. Johnson. Ariadne: A secure On-Demand RoutingProtocol for Ad Hoc Networks. In Proceedings of the 8th Annual InternationalConference on Mobile Computing and Networking (MOBICOM ’02), pages 12–23.ACM Press, 2002.

[87] J.-P. Hubaux, L. Buttyan, and S. Capkun. The Quest for Security in Mobile AdHoc Networks. In Proceedings of the 2nd ACM Interational Symposium on MobileAd Hoc Networking and Computing (MOBIHOC ’01), pages 146–155. ACM Press,2001.

[88] IBBT IM3-project. http://projects.ibbt.be/im3.

[89] IEEE 802.11, the Wireless Local Area Network Working Group. http://www.

ieee802.org/11/.

[90] IEEE 802.15, the Wireless Personal Area Network Working Group. http://www.ieee802.org/15/.

[91] IEEE 802.15.4-2003, Wireless Medium Access Control and Physical Layer Spec-ifications for Low-Rate Wireless Personal Area Networks. http://ieee802.org/15/pub/TG4.html.

[92] Infrared Data Association. http://www.irda.org/.

[93] ISO/IEC 11770-4. Information Technology – Security Techniques – Key Manage-ment – Part 4: Mechanisms Based on Weak Secrets, 2006.

[94] ISO/IEC 15408. Information Technology – Security Techniques – Evaluationcriteria for IT security, 2005.

[95] ISO/IEC 9797. Information Technology – Security Techniques – Data IntegrityMechanisms Using a Cryptographic Check Function Employing a Block CipherAlgorithm, 1994.

[96] ISO/IEC 9798-2. Information Technology – Security Techniques – Entity Au-thentication – Part 2: Mechanisms Using Symmetric Encipherment Algorithms,1999.

[97] ISO/IEC 9798-3. Information Technology – Security Techniques – Entity Au-thentication – Part 3: Mechanisms Using Digital Signature Techniques, 1998.

[98] ISO/IEC 9798-6. Information Technology – Security Techniques – Entity Au-thentication – Part 6: Mechanisms Using Manual Data Transfer, 2005.

178 Bibliography

[99] ITU-T Recommendation X.509. Information technology – Open Systems Inter-connection – The Directory: Authentication Framework, 2005.

[100] D. Jablon. Strong Password-Only Authenticated Key Exchange. ACM ComputerCommunications Review, 26(5):5–26, 1996.

[101] D. Jaffe. Information about binary linear codes. http://www.math.unl.edu/

~djaffe2/codes/webcodes/codeform.html.

[102] M. Jakobsson and D. Pointcheval. Mutual Authentication for Low-Power MobileDevices. In Proceedings of Financial Cryptography (FC ’01), Lecture Notes inComputer Science, LNCS 2339, pages 178–195. Springer-Verlag, 2001.

[103] M. Jakobsson and S. Wetzel. Security Weaknesses in Bluetooth. In Proceedings ofthe Cryptographer’s Track at the RSA Conference (CT-RSA ’01), Lecture Notesin Computer Science, LNCS 2020, pages 176–191. Springer-Verlag, 2001.

[104] A. Juels and J. Brainard. Client Puzzles: A Cryptographic Countermeasureagainst Connection Depletion Attacks. In Proceedings of the 6th Network andDistributed System Security Symposium (NDSS ’99), pages 151–165. IEEE, 1999.

[105] A. Juels and S.A. Weis. Defining Strong Privacy for RFID. Cryptology ePrintArchive, Report 2006/137, 2006. http://eprint.iacr.org/.

[106] G. Kabatianskii, B. Smeets, and T. Johansson. On the Cardinality of System-atic Authentication Codes via Error-Correcting Codes. IEEE Transactions onInformation Theory, 42(2):566–578, 1996.

[107] J.M. Kahn, R.H. Katz, and K.S.J. Pister. Next Century Challenges: MobileNetworking for ‘Smart Dust’. In Proceedings of the 5th Annual InternationalConference on Mobile Computing and Networking (MOBICOM ’99), pages 483–492. ACM Press, 1999.

[108] J. Katz, R. Ostrovsky, and M. Yung. Efficient Password-Authenticated Key Ex-change Using Human-Memorable Passwords. In Advances in Cryptology - EU-ROCRYPT ’01, Lecture Notes in Computer Science, LNCS 2045, pages 475–494.Springer-Verlag, 2001.

[109] J. Kelsey, B. Schneier, and D. Wagner. Key Schedule Weaknesses in SAFER+.In Proceedings of the 2nd Advanced Encryption Standard Candidate Conference,pages 155–167, 1999.

[110] A. Khalili, J. Katz, and W.A. Arbaugh. Toward Secure Key Distribution in TrulyAd-Hoc Networks. In Proceedings of the 2003 Symposium on Applications andthe Internet Workshops (SAINT ’03), pages 342–346. IEEE, 2003.

[111] C. Kimberling. Triangle Centers and Central Triangles. In Congressus Numeran-tium, volume 129, pages 1–295, 1998.

[112] T. Kindberg and K. Zhang. Validating and Securing Spontaneous Associationsbetween Wireless Devices. In Proceedings of the 6th Information Security Con-ference (ISC ’03), Lecture Notes in Computer Science, LNCS 2851, pages 44–53.Springer-Verlag, 2003.

[113] J. Kohl and C. Neuman. RFC 1510: The Kerberos Network AuthenticationService (V5). Internet Request for Comments 1510, 1993.

Bibliography 179

[114] A.G. Konheim. Cryptography, A Primer. John Wiley & Sons, 1981.

[115] L. Lai and H. ElGamal. Cooperative Secrecy: The Relay-Eavesdropper Chan-nel. In Proceedings of the IEEE International Symposium on Information Theory(ISIT ’07), pages 931–935. IEEE, 2007.

[116] G. Lamm, G. Falauto, J. Estrada, and J. Gadiyaram. Security Attacks againstBluetooth Wireless Networks. In Proceedings of the 2001 IEEE Workshop onInformation Assurance and Security, pages 265–272. U.S. Military Academy, WestPoint, NY, 2001.

[117] L. Lamport. Constructing Digital Signatures from a One-way Function. TechnicalReport CSL-98, SRI International, 1979.

[118] J.O. Larsson. Higher Layer Key Exchange Techniques for Bluetooth Security.Open Group Conference, 2001.

[119] B. Latre, B. Braem, I. Moerman, C. Blondia, E. Reusens, W. Joseph, and P. De-meester. A Low-Delay Protocol for Multihop Wireless Body Area Networks. InProceedings of the 4th Annual International Conference on Mobile and UbiquitousSystems (Mobiquitous ’07), 2007.

[120] S. Laur, N. Asokan, and K. Nyberg. Efficient Mutual Data Authentication UsingManually Authenticated Strings. Cryptology ePrint Archive, Report 2005/424,2005. http://eprint.iacr.org/.

[121] S. Laur and K. Nyberg. Efficient Mutual Data Authentication Using ManuallyAuthenticated Strings. In Proceedings of the 5th International Conference onCryptology and Network Security (CANS ’06), Lecture Notes in Computer Sci-ence, LNCS 4301, pages 90–107. Springer-Verlag, 2006.

[122] A. Laurie and B. Laurie. Serious Flaws in Bluetooth Security Lead to Disclosureof Personal Data. http://bluestumbler.org.

[123] G. Leander, C. Paar, A. Poschmann, and K. Schramm. New Lightweight DESVariants. In Proceedings of the 14th International Workshop on Fast SoftwareEncryption (FSE ’07), Lecture Notes in Computer Science, LNCS 4593, pages196–210. Springer-Verlag, 2007.

[124] M.C. Lee and C.K. Fung. A Public-Key Based Authentication and Key Estab-lishment Protocol Coupled with a Client Puzzle. Journal of the American Societyfor Information Science and Technology, 54(9):810–823, 2003.

[125] Y.K. Lee, L. Batina, K. Sakiyama, and I. Verbauwhede. Elliptic Curve BasedSecurity Processor for RFID. COSIC internal report, Katholieke UniversiteitLeuven, 2008.

[126] Y. Liang, A.S. Baruch, H.V. Poor, S. Shamai, and S. Verdu. Cognitive interferencechannels with confidential messages. In Proceedings of the 45th Annual AllertonConference on Communication, Control and Computing, pages 1–6, 2007.

[127] Y. Liang, H.V. Poor, and S. Shamai. Secrecy Capacity Region of Fading BroadcastChannels. The ACM Computing Research Repository, abs/0707.1470, 2007.

[128] Y. Liang, H.V. Poor, and S. Shamai. Secure Communication Over Fading Chan-nels. IEEE Transactions on Information Theory, 54(6):2470–2492, 2008.

180 Bibliography

[129] S. Litsyn. Table of Nonlinear Binary Codes. http://www.eng.tau.ac.il/

~litsyn/tableand/index.html.

[130] R. Liu, I. Maric, P. Spasojevic, and R. Yates. Discrete Memoryless Interferenceand Broadcast Channels with Confidential Messages: Secrecy Rate Region. IEEETransactions on Information Theory, 54(6):2493–2507, 2008.

[131] Y. Lu, W. Meier, and S. Vaudenay. The Conditional Correlation Attack: APractical Attack on Bluetooth Encryption. In Advances in Cryptology - CRYPTO’05, Lecture Notes in Computer Science, LNCS 3621, pages 97–117. Springer-Verlag, 2005.

[132] A. Lysyanskaya, R. Rivest, A. Sahai, and S. Wolf. Pseudonym Systems. In Pro-ceedings of the 6th Annual International Workshop of Selected Areas in Cryptog-raphy (SAC ’99), Lecture Notes in Computer Science, LNCS 1758, pages 184–199.Springer-Verlag, 1999.

[133] P. MacKenzie. More Efficient Password-Authenticated Key Exchange. In Pro-ceedings of the Cryptographer’s Track at RSA Conference (CT-RSA ’01), LectureNotes in Computer Science, LNCS 2020, pages 361–377. Springer-Verlag, 2001.

[134] F.J. MacWilliams and N.J.A. Sloane. The Theory of Error-Correcting Codes.North-Holland, 1977.

[135] I. Martinovic, F.A. Zdarsky, M. Wilhelm, C. Wegmann, and J.B. Schmitt. Wire-less Client Puzzles in IEEE 802.11 Networks: Security by Wireless. In Proceedingsof the First ACM Conference on Wireless Network Security (WISEC 2008), pages36–45. ACM Press, 2008.

[136] R. Mayrhofer. The Candidate Key Protocol for Generating Secret Shared Keysfrom Similar Sensor Data Streams. In Proceedings of the 4th European Workshopon Security and Privacy in Ad Hoc and Sensor Networks (ESAS ’07), LectureNotes in Computer Science, LNCS 4572, pages 1–15. Springer-Verlag, 2007.

[137] R. Mayrhofer and H. Gellersen. Shake Well Before Use: Authentication Basedon Accelerometer Data. In Proceedings of the 5th International Conference onPervasive Computing (PERVASIVE ’07), Lecture Notes in Computer Science,LNCS 4480, pages 144–161. Springer-Verlag, 2007.

[138] J.M. McCune, A. Perrig, and M.K. Reiter. Seeing-Is-Believing: Using CameraPhones for Human-Verifiable Authentication . In Proceedings of the IEEE Sym-posium on Security and Privacy (SP ’05), pages 110–124. IEEE, 2005.

[139] A. J. Menezes. Elliptic Curve Public Key Cryptosystems. Springer, July 1993.

[140] A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone. Handbook of Applied Cryp-tography. CRC Press, 1996.

[141] S. Miller, B.C. Neuman, J. Schiller, and J. Saltzer. Kerberos Authentication andAuthorization System. Section E.2.1 of Project Athena Technical Plan, MIT,1987.

[142] V. Miller. Use of Elliptic Curves in Cryptography. In Advances in Cryptology- CRYPTO ’85, Lecture Notes in Computer Science, LNCS 218, pages 417–426.Springer-Verlag, 1986.

Bibliography 181

[143] J. Munilla, A. Ortiz, and A. Peinado. Distance Bounding Protocols with void-challenges for RFID. Workshop on RFID Security (RFIDSec ’06), 2006.

[144] J. Munilla and A. Peinado. Attacks on Singelee and Preneel’s protocol. Cryptol-ogy ePrint Archive, Report 2008/283, 2008. http://eprint.iacr.org/.

[145] National Security Agency. The Case for Elliptic Curve Cryptography. http:

//www.nsa.gov/ia/industry/crypto_elliptic_curve.cfm.

[146] R. Needham and M. Schroeder. Using Encryption for Authentication in LargeNetworks of Computers. Communications of the ACM, 21(12):993–999, 1978.

[147] NESSIE: New European Schemes for Signatures, Integrity, and Encryption. http://www.cryptonessie.org.

[148] B.C. Neuman and T. Ts’o. Kerberos: An Authentication Service for ComputerNetworks. IEEE Communications Magazine, 32(9):33–38, 1994.

[149] NFC Forum. http://www.nfc-forum.org/.

[150] Nintendo Wii. http://www.wii.com.

[151] Y. Oohama. Coding for relay channels with confidential messages. In Proceedingsof the IEEE Information Theory Workshop (ITW ’01), pages 87–89. IEEE, 2001.

[152] C. Otto, A. Milenkovic, C. Sanders, and E. Jovanov. System Architecture of aWireless Body Area Sensor Network for Ubiquitous Health Monitoring. Journalof Mobile Multimedia, 1(4):307–326, 2006.

[153] D. Otway and O. Rees. Efficient and Timely Mutual Authentication. OperatingSystems Review, 21(1):8–10, 1987.

[154] P. Papadimitratos and Z.J. Haas. Secure Routing for Ad Hoc Networks. In Pro-ceedings of the 6th Communication Networks and Distributed Systems Modelingand Simulation Conference (CNDS ’02). SCS, 2002.

[155] P. Papadimitratos and Z.J. Haas. Secure Link State Routing for Mobile Ad HocNetworks. In Proceedings of the 2003 Symposium on Applications and the InternetWorkshops (SAINT ’03), pages 379–383. IEEE, 2003.

[156] F. Perez. Security in Current Commercial Wireless Networks: A Survey. http:

//www.hig.no/imt/file.php?id=1098/, 2006.

[157] C.E. Perkins. Ad Hoc Networking. Addison-Wesley, 2001.

[158] A. Perrig. The BiBa One-Time Signature and Broadcast Authentication Protocol.In Proceedings of the 8th ACM conference on Computer and CommunicationsSecurity (CCS ’01). ACM Press, 2001.

[159] A. Perrig, R. Canetti, D. Song, and J.D. Tygar. Efficient and Secure SourceAuthentication for Multicast. In Proceedings of the 8th Network and DistributedSystem Security Symposium (NDSS ’01), pages 35–46. IEEE, 2001.

[160] A. Perrig and J.D. Tygar. Secure Broadcast Communication in Wired and Wire-less Networks. Kluwer Academic Publishers, 2003.

[161] A. Pfitzmann and M. Kohntopp. Anonymity, Unobservability, and Pseudonymity– A Proposal for Terminology. In Proceedings of the International Workshopon Design Issues in Anonymity and Unobservability, Lecture Notes in ComputerScience, LNCS 2009, pages 1–9. Springer-Verlag, 2001.

182 Bibliography

[162] V. Pless, R.A. Brualdi, and W.C. Huffman. Handbook of Coding Theory. ElsevierScience Inc., 1998.

[163] M. Plotkin. Binary Codes with Specified Minimum Distance. In IRE Transactionson Information Theory, volume 6, pages 445–450. IEEE, 1960.

[164] D. Porcino and W. Hirt. Ultra-Wideband Radio Technology: Potential and Chal-lenges Ahead. IEEE Communications Magazine, 41(7):66–74, 2003.

[165] A. Poschmann, G. Leander, K. Schramm, and C. Paar. New Light-Weight CryptoAlgorithms for RFID. In Proceedings of the International Symposium on Circuitsand Systems (ISCAS ’07), pages 1843–1846. IEEE, 2007.

[166] N. Potlapally, S. Ravi, A. Raghunathan, and N. Jha. Analyzing the EnergyConsumption of Security Protocols. In Proceedings of the 2003 InternationalSymposium on Low Power Electronics and Design (ISLPED ’03), pages 30–35.ACM Press, 2003.

[167] J.M. Rabaey, J. Ammer, J. da Silva, D. Patel, and S. Roundy. PicoRadio Sup-ports Ad Hoc Ultra-Low Power Wireless Networking. IEEE Computer Magazine,33(7):42–48, 2000.

[168] I. Reed and G. Solomon. Polynomial Codes over Certain Finite Fields. SIAMJournal on Applied Mathematics, 8(4):300–304, 1960.

[169] L. Reyzin and N. Reyzin. Better than BiBa: Short One-Time Signatures with FastSigning and Verifying. In Proceedings of the 7th Australian Conference on Infor-mation Security and Privacy (ACISP ’02), Lecture Notes in Computer Science,LNCS 2384, pages 144–153. Springer-Verlag, 2002.

[170] R. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signaturesand Public-Key Cryptosystems. Communications of the ACM, 21(2):120–126,1978.

[171] N. Sastry, U. Shankar, and D. Wagner. Secure Verification of Location Claims.http://www.cs.berkeley.edu/~nks/locprove/csd-03-1245.pdf, 2003.

[172] N. Sastry and D. Wagner. Security Considerations for IEEE 802.15.4 Networks.In Proceedings of the 3rd ACM Workshop on Wireless Security (WISE ’04), pages32–42. ACM Press, 2004.

[173] N. Saxena, J.-E. Ekberg, K. Kostiainen, and N. Asokan. Secure Device Pairingbased on a Visual Channel (Short Paper). In Proceedings of the IEEE Symposiumon Security and Privacy (SP ’06), pages 306–313. IEEE, 2006.

[174] C.P. Schnorr. Efficient Identification and Signatures for Smart Cards. In Advancesin Cryptology - CRYPTO ’89, Lecture Notes in Computer Science, LNCS 435,pages 239–252. Springer-Verlag, 1990.

[175] C.P. Schnorr. Efficient Signature Generation by Smart Cards. Journal of Cryp-tology, 4(3):161–174, 1991.

[176] S. Seys. Cryptographic Algorithms and Protocols for Security and Privacy in AdHoc Networks. PhD thesis, Katholieke Universiteit Leuven, 2006. 215 pages.

Bibliography 183

[177] S. Seys and B. Preneel. Authenticated and Efficient Key Management for WirelessAd Hoc Networks. In Proceedings of the 24th Symposium on Information Theoryin the Benelux, pages 195–202, 2003.

[178] S. Seys and B. Preneel. The Wandering Nodes: Key Management for Low-powerMobile Ad Hoc Networks. In Proceedings of the 25th IEEE International Con-ference on Distributed Computing Systems (ICDCS ’05), pages 916–922. IEEE,2005.

[179] S. Seys, D. Singelee, and B. Preneel. Security in Wireless PAN Mesh Networks.In H. Hu, Y. Zhang, and J. Zheng, editors, Security in Wireless Mesh Networks,pages 349–381. AUERBACH Publications, CRC Press, 2008.

[180] Y. Shaked and A. Wool. Cracking the Bluetooth PIN. In Proceedings of the 3rdInternational Conference on Mobile Systems, Applications, and Services (MobiSys’05), pages 39–50. ACM Press, 2005.

[181] A. Shamir. Identity-Based Cryptosystems and Signature Schemes. In Advancesin Cryptology - CRYPTO ’84, Lecture Notes in Computer Science, LNCS 196,pages 47–53. Springer-Verlag, 1985.

[182] D. Singelee, B. Latre, B. Braem, M. Peeters, M. De Soete, P. De Cleyn, B. Pre-neel, I. Moerman, and C. Blondia. A Secure Cross-layer Protocol for MultihopWireless Body Area Networks. In Proceedings of the 7th International Conferenceon Ad-Hoc, Mobile, and Wireless Networks (ADHOC-NOW ’08), Lecture Notesin Computer Science, LNCS 5198, pages 94–107. Springer-Verlag, 2008.

[183] D. Singelee and B. Preneel. The Wireless Application Protocol (WAP). COSICinternal report, Katholieke Universiteit Leuven, 2003.

[184] D. Singelee and B. Preneel. Secure E-Commerce Using Mobile Agents on Un-trusted Hosts. COSIC internal report, Katholieke Universiteit Leuven, 2004.

[185] D. Singelee and B. Preneel. Security Overview of Bluetooth. COSIC internalreport, Katholieke Universiteit Leuven, 2004.

[186] D. Singelee and B. Preneel. Location Verification using Secure Distance BoundingProtocols. In Proceedings of the 2nd IEEE International Conference on Mobile,Ad Hoc and Sensor Systems (MASS ’05), pages 834–840. IEEE, 2005.

[187] D. Singelee and B. Preneel. The Wireless Application Protocol (WAP). Interna-tional Journal of Network Security (IJNS), 1(3):161–165, 2005.

[188] D. Singelee and B. Preneel. Improved Pairing Protocol for Bluetooth. In Pro-ceedings of the 5th International Conference on Ad-Hoc, Mobile, and WirelessNetworks (ADHOC-NOW ’06), Lecture Notes in Computer Science, LNCS 4104,pages 252–265. Springer-Verlag, 2006.

[189] D. Singelee and B. Preneel. Location Privacy in Wireless Personal Area Networks.In Proceedings of the 5th ACM Workshop on Wireless Security (WISE ’06), pages11–18. ACM Press, 2006.

[190] D. Singelee and B. Preneel. Review of the Bluetooth Security Architecture. In-formation Security Bulletin, 11(2):45–53, 2006.

184 Bibliography

[191] D. Singelee and B. Preneel. Distance Bounding in Noisy Environments. In Pro-ceedings of the 4th European Workshop on Security and Privacy in Ad Hoc andSensor Networks (ESAS ’07), Lecture Notes in Computer Science, LNCS 4572,pages 101–115. Springer-Verlag, 2007.

[192] D. Singelee and B. Preneel. Enabling Location Privacy in Wireless Personal AreaNetworks. COSIC internal report, Katholieke Universiteit Leuven, 2007.

[193] D. Singelee and B. Preneel. Key Establishment Using Secure Distance Bound-ing Protocols. In Proceedings of the 1st Workshop on the Security and Privacyof Emerging Ubiquitous Communication Systems (SPEUCS ’07), page 6. IEEE,2007.

[194] D. Singelee and B. Preneel. Limitations on the Usage of Noise Resilient Dis-tance Bounding Protocols. COSIC internal report, Katholieke Universiteit Leu-ven, 2008.

[195] D. Singelee, F. Wong, B. Preneel, and F. Stajano. A Theoretical Model forLocation Privacy in Wireless Personal Area Networks. COSIC internal report,Katholieke Universiteit Leuven, 2008.

[196] K. Siwiak and D. McKeown. Ultra-Wideband Radio Technology. Wiley, 2004.

[197] B.R. Smith, S. Murthy, and J.J. Garcia-Luna-Aceves. Securing Distance-VectorRouting Protocols. In Proceedings of the 4th Network and Distributed SystemSecurity Symposium (NDSS ’97), pages 85–92. IEEE, 1997.

[198] Sony Playstation. http://www.playstation.com/.

[199] F. Stajano. The Resurrecting Duckling – What Next? In Proceedings of the8th International Workshop on Security Protocols, Lecture Notes in ComputerScience, LNCS 2133, pages 204–214. Springer-Verlag, 2001.

[200] F. Stajano and R. Anderson. The Resurrecting Duckling: Security Issues inAd–Hoc Wireless Networks. In Proceedings of the 7th International Workshopon Security Protocols (SP ’99), Lecture Notes in Computer Science, LNCS 1796,pages 172–182. Springer-Verlag, 2000.

[201] W. Stallings. Wireless Communications and Networks. Prentice Hall, 2001.

[202] J. Steiner, B.C. Neuman, and J. Schiller. Kerberos: An Authentication Servicefor Open Network Systems. In USENIX Winter, pages 191–202, 1988.

[203] R. Szewczyk and A. Ferencz. Power Evaluation of SmartDust Remote Sensors.Cs252 project report, Berkeley Wireless Research Center, 2000.

[204] C. Toh. Ad hoc Mobile Wireless Networks. Prentice Hall, 2002.

[205] Transtronics Inc. Energy Density. http://wiki.xtronics.com/index.php/

Energy_density.

[206] University of California. Wireless Integrated Network Sensors (WINS). http:

//www.janet.ucla.edu/WINS/.

[207] S. Vaudenay. Secure Communications over Insecure Channels Based on ShortAuthenticated Strings. In Advances in Cryptology - CRYPTO ’05, Lecture Notesin Computer Science, LNCS 3621, pages 309–326. Springer-Verlag, 2005.

Bibliography 185

[208] S. Vaudenay. On Privacy Models for RFID. In Advances in Cryptology - ASI-ACRYPT ’07, Lecture Notes in Computer Science, LNCS 4833, pages 68–87.Springer-Verlag, 2007.

[209] Z. Wan, K. Ren, W. Lou, and B. Preneel. Anonymous ID-based Group KeyAgreement for Wireless Networks. In Proceedings of the IEEE Wireless Commu-nications and Networking Conference (WCNC ’08), page 6. IEEE, 2008.

[210] B. Waters and E. Felten. Secure, Private Proofs of Location. Princeton TechnicalReport TR-667-03, 2003.

[211] E. Weisstein. Radical Center. From MathWorld–A Wolfram Web Resource. http://mathworld.wolfram.com/RadicalCenter.html.

[212] WI–FI alliance. http://www.wi-fi.org/.

[213] M. Win and R. Scholtz. Impulse Radio: How It Works. IEEE CommunicationsLetters, 2(2):36–38, 1998.

[214] Wireless LAN Association. http://www.wlana.org/.

[215] F. Wong and F. Stajano. Location Privacy in Bluetooth. In Proceedings of 2ndEuropean Workshop on Security and Privacy in Ad hoc and Sensor Networks(ESAS ’05), Lecture Notes in Computer Science, LNCS 3813, pages 176–188.Springer-Verlag, 2005.

[216] A. Wyner. The Wiretap Channel. Bell System Technical Journal, 54(8):1355–1387, 1975.

[217] L. Zhou and Z.J. Haas. Securing Ad Hoc Networks. IEEE Network Magazine –Special Issue on Network Security, 13(6):24–30, 1999.

[218] ZigBee Alliance. http://www.zigbee.org/.

[219] T.G. Zimmerman. Personal Area Networks (PAN): Near-Field Intra-Body Com-munication. Master’s thesis, MIT Media Laboratory, Cambridge (MA), 1995. 81pages.

[220] P. Zimmermann. The Official PGP User’s Guide. MIT Press, 1995.

List of Publications

Lecture Notes in Computer Science

1. D. Singelee and B. Preneel: “Improved Pairing Protocol for Bluetooth,”Proceedings of the 5th International Conference on Ad-Hoc Networks andWireless (ADHOC-NOW 2006), Lecture Notes in Computer Science 4104,T. Kunz and S.S. Ravi (Eds.), Springer-Verlag, pp. 252-265, 2006.

2. D. Singelee and B. Preneel: “Distance Bounding in Noisy Environments,”Proceedings of the 4th European Workshop on Security and Privacy in Adhoc and Sensor Networks (ESAS 2007), Lecture Notes in Computer Science4572, S. Capkun, C. Meadows and F. Stajano (Eds.), Springer-Verlag, pp.101-115, 2007.

3. D. Singelee, B. Latre, B. Braem, M. Peeters, M. De Soete, P. De Cleyn,B. Preneel, I. Moerman and C. Blondia: “A Secure Cross-layer Protocolfor Multihop Wireless Body Area Networks,” Proceedings of the 7th In-ternational Conference on Ad-Hoc Networks and Wireless (ADHOC-NOW2008), Lecture Notes in Computer Science 5198, D. Coudert et al. (Eds.),Springer-Verlag, pp. 94-107, 2008.

International Conferences/Workshops

1. D. De Cock, K. Wouters, D. Schellekens, D. Singelee and B. Preneel:“Threat Modelling for Security Tokens in Web Applications,” Proceedingsof the IFIP TC6/TC11 International Conference on Communications andMultimedia Security (CMS 2004), IFIP International Federation for Infor-mation Processing 175, Springer, pp. 183-193, 2005.

2. D. Singelee and B. Preneel: “Location Verification using Secure DistanceBounding Protocols,” Proceedings of the International Workshop on Wire-less and Sensor Networks Security (WSNS 2005), IEEE, pp. 834-840, 2005.

3. D. Singelee and B. Preneel: “Location Privacy in Wireless Personal AreaNetworks,” Proceedings of the ACM Workshop on Wireless Security (WISE2006), ACM, pp. 11-18, 2006.

187

4. D. Singelee and B. Preneel: “Key Establishment Using Secure DistanceBounding Protocols,” Proceedings of the First Workshop on the Securityand Privacy of Emerging Ubiquitous Communication Systems (SPEUCS2007), IEEE, 6 pages, 2007.

Chapter of a book

1. S. Seys, D. Singelee and B. Preneel: “Security in Wireless PAN Mesh Net-works,” Security in Wireless Mesh Networks, H. Hu, Y. Zhang and J. Zheng(Eds.), Auerbach Publications, CRC Press, pp. 349-381, 2008.

Journals (international)

1. D. Singelee and B. Preneel: “The Wireless Application Protocol (WAP),”International Journal of Network Security, Vol. 1, No. 3, pp. 161-165,2005.

2. D. Singelee and B. Preneel: “Review of the Bluetooth Security Architec-ture,” Information Security Bulletin, Vol. 11, No. 2, pp. 45-53, 2006.

3. D. Singelee, B. Latre, B. Braem, M. Peeters, M. De Soete, P. De Cleyn,B. Preneel, I. Moerman and C. Blondia: “A Secure Low-Delay Protocolfor Multi-hop Wireless Body Area Networks,” Special Issue of Ad Hoc &Sensor Wireless Networks, OCP Science, 2008. [to be published]

Journals (national level)

1. S. Seys, D. Singelee and B. Preneel: “Wireless Network Security,” RevueHF Tijdschrift 2004(3), pp. 25-35, 2004.

Internal Reports

1. D. Singelee and B. Preneel: “The Wireless Application Protocol (WAP),”COSIC internal report, 10 pages, 2003.

2. D. Singelee and B. Preneel: “Secure E-Commerce Using Mobile Agents onUntrusted Hosts,” COSIC internal report, 33 pages, 2004.

3. D. Singelee and B. Preneel: “Security Overview of Bluetooth,” COSICinternal report, 13 pages, 2004.

4. D. Singelee and B. Preneel: “Enabling Location Privacy in Wireless Per-sonal Area Networks,” COSIC internal report, 19 pages, 2007.

5. D. Singelee and B. Preneel: “Limitations on the Usage of Noise ResilientDistance Bounding Protocols,” COSIC internal report, 13 pages, 2008.

6. D. Singelee, F. Wong, B. Preneel and F. Stajano: “A Theoretical Modelfor Location Privacy in Wireless Personal Area Networks,” COSIC internalreport, 12 pages, 2008.

Dave Singelee was born on April 20, 1979 in Borgerhout, Belgium. He receivedthe degree of Master in Electrical Engineering (Burgerlijk Ingenieur Elektrotech-niek, optie multimedia en signaalverwerking) from the K.U.Leuven, Belgium, inJuly 2002. In his Masters’ thesis, he studied the security problems of mobileagents. The exact subject of the thesis was “safe electronic signatures using mo-bile agents on non-trusted platforms”. In August 2002, Dave started working inthe research group COSIC (Computer Security and Industrial Cryptography) atthe Department of Electrical Engineering (ESAT) of the K.U.Leuven. The firstfour years of his research were sponsored by a grant of the IWT (Institute forthe Promotion of Innovation by Science and Technology in Flanders). Next, hereceived a scholarship from the K.U.Leuven.

Appendix A

Secure Location

Verification: Computing the

Prover’s Location

In this appendix, we demonstrate how to compute the exact location of the proverin the secure location verification protocol discussed in Sect. 3.3.

As already explained in Sect. 3.3, one first employs translations and rotationson the axes of the coordinate system that is being used in the secure locationverification protocol. The result of this transformation should be that verifier V1

is located in the origin of the coordinate system, and verifier V2 somewhere on theX-axis. The result of this pre-computation step, which only has to be executedonce, is shown in Fig. 3.18. The coordinates of verifier V1, V2 and V3 in thisnew coordinate system are respectively (0, 0), (x2, 0) and (x3, y3). By carefullyselecting which verifiers are denoted by V1 and V2, one can make sure that bothx2 and y3 are strictly positive.

During the execution of the distance bounding protocol, the three verifiershave measured the distances d′i (this equals the maximal round trip time, mea-sured by verifier Vi, multiplied with the propagation speed of the wireless com-munication medium in which the distance bounding protocol is employed). Tofind the prover’s location (with unknown coordinates (x, y)), one has to solve thefollowing set of equations:

x2 + y2 = (d′1 − d)2

(x− x2)2 + y2 = (d′2 − d)2

(x− x3)2 + (y − y3)

2 = (d′3 − d)2 .(A.1)

The parameter d denotes the total amount of delay, caused by the prover and/orby the processing delay. There is exactly one value d for which the three circles

191

intersect in one point. This point of intersection is the exact location of theprover. Using a smaller value d in Eq. (A.1) results in an area of intersection,and when using a larger value d, the three circles no longer intersect.

The goal of the secure location verification protocol is to find this correctvalue of d, for which the three circles intersect in one point, or for which thearea defined by the intersection of the three circles is minimal (but still strictlypositive). After having find this value, one can easily compute the coordinates(x, y) of the prover.

Computing the exact location of the prover

We will first start with the scenario in which the prover’s location can be com-puted exactly. This can be done by solving the set of equations shown inEq. (A.1). There are three equations, and three unknowns (x,y and d). Solvingthis gives the following result:

d =−s±

√s2 − 4rt

2r. (A.2)

The variables r, s and t in this equation are computed as follows:

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

r = (d′

2−d′

1

x2

)2 +[d′

3−d′

1+

x3

x2·(d′

1−d′

2)]2

y2

3

− 1

s = (d′2 + d′1)−(d′

2+d′

1)·(d′

2−d′

1)2

x2

2

+

[d′

3−d′

1− x3

x2·(d′

2−d′

1)]·[(d′

1)2−(d′

3)2+x2

3+y2

3− x3

x2·((d′

1)2−(d′

2)2+x2

2)]

y2

3

t =((d′

1)2−(d′

2)2+x2

2)2

4x2

2

− (d′1)2+

[(d′

1)2−(d′

3)2+x2

3+y2

3− x3

x2·((d′

1)2−(d′

2)2+x2

2)]2

4y2

3

.

(A.3)

After finding the correct value of d, the coordinates (x, y) of the prover’s locationcan then be computed as follows:

∥

∥

∥

∥

∥

∥

∥

x =(d′

2−d′

1)·d

x2

+((d′

1)2−(d′

2)2+x2

2)

2x2

y =√

(d′1 − d)2 − x2 .

(A.4)

Computing an approximation of the prover’s location

We now consider the scenario where the prover’s location cannot be computedexactly (e.g., due to movement during the fast bit exchange phase of the distance

bounding protocol). To find an approximation of the coordinates of the prover,we first compute the three intersection points that define the boundary of thearea in which the prover is located. These points (denoted by A, B and C ) areshown in Fig. 3.19. Their coordinates are respectively (Ax, Ay), (Bx, By) and(Cx, Cy) and can be computed as follows:

∥

∥

∥

∥

∥

∥

∥

Ax =[(d′

1−d)2−(d′

2−d)2+x2

2]

2x2

Ay =√

(d′1 − d)2 − a212 .

(A.5)

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

a13 =[(d′

1−d)2−(d′

3−d)2+x2

3+y2

3]

2·√

x2

3+y2

3

h13 =√

(d′1 − d)2 − a213

Bx = x3·a13+y3·h13√x2

3+y2

3

By = y3·a13−x3·h13√x2

3+y2

3

.

(A.6)

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

∥

a23 =[(d′

2−d)2−(d′

3−d)2+(x3−x2)

2+y2

3]

2·√

(x3−x2)2+y2

3

h23 =√

(d′2 − d)2 − a213

Cx = x2 + (x3−x2)·a13−y3·h13√(x3−x2)2+y2

3

Cy = y3·a13+(x3−x2)·h13√(x3−x2)2+y2

3

.

(A.7)

Next, one has to compute the value of d for which the area bounded bythe points A, B and C is minimized. In the scenario of our secure locationverification protocol, this corresponds to computing the value of d for which thedistance between the three points A, B and C is minimal. This is shown in thefollowing equation:

d that minimizes [(Cx −Ax)2 + (Bx −Ax)2+(Cx −Bx)2 + (Cy −Ay)2 + (By −Ay)2 + (Cy −By)2] .

(A.8)

After computing the value d by using Eq. (A.8), one can compute the approxi-mation of the prover’s location as follows:

∥

∥

∥

∥

∥

∥

∥

x =(d′

2−d′

1)·d

x2

+((d′

1)2−(d′

2)2+x2

2)

2x2

y =√

(d′1 − d)2 − x2 .

(A.9)

193

Appendix B

How to Secure an

Interactive Medical

Monitoring Environment

A Wireless Body Area Network (WBAN) is a small, wireless, multi-hop ad hocnetwork consisting of small wearable or implantable biosensors that are placedinside or on top of a human body. These networks can be seen as an enablingtechnology for mobile health care [152]. They are related to Wireless PersonalArea Networks because the sensors are not left unattended (since they are placedon or inside a human body) and because the scale of the network is typicallyquite limited.

In this appendix, we show how the specific characteristics of a Wireless BodyArea Networks can be exploited in certain scenarios to design a security archi-tecture. We focus on the mobile medical monitoring scenario and propose theCICADA-S protocol, a secure cross-layer routing protocol for WBANs. Thesecurity properties of this protocol are analyzed, and the impact on the powerconsumption and throughput are briefly investigated. The CICADA-S protocol isthe first integrated solution that copes with the threats that occur in this mobilemedical monitoring scenario. Several techniques are combined into a practicalsolution, to fulfill the necessary security and privacy requirements. This workhas been published in [182].

B.1 Introduction

Recent progress in wireless sensing and monitoring, and the development of smallwearable or implantable biosensors, have led to the use of Wireless Body Area

195

Networks (WBANs). The research on communication within a WBAN is still inits early stages. Only few protocols designed specifically for multihop communi-cation in WBANs exist.

Wireless Body Area Networks can be seen as an enabling technology for mo-bile health care [152]. Medical readings from sensors on the body are sent toservers at the hospital or medical centers where the data can be analyzed byprofessionals. These systems reduce the enormous costs associated to ambulantpatients in hospitals as monitoring can take place even at home in real-time andover a longer period.

In this appendix, we propose and analyze CICADA-S, a secure protocol forWBANs. It is based on an existing multihop protocol for WBANs, called CI-CADA [119]. This is a cross-layer protocol that sets up a data gathering treein a reliable manner, offering low delay and high energy efficiency. The com-munication of health related information between sensors in a WBAN and overthe Internet to servers is strictly private and confidential and should therefore beencrypted to protect the patient’s privacy. Furthermore, the medical staff whocollects the data must be confident that the data is not tampered with, and in-deed originates from that patient. Since the protocol is deployed in a wireless adhoc network, the security and privacy protection mechanisms should be energyefficient and lightweight.

The CICADA-S protocol exploits some of the specific features of a WirelessBody Area Network. The number of sensors on the human body, and the rangebetween the different nodes, is typically quite limited. Furthermore, the sensorsdeployed in a WBAN are under surveillance of the person carrying these devices.This means that it is difficult for an attacker to physically access the nodeswithout this being detected. They are also not randomly distributed in a largearea, but placed on a very particular place of the human body (often done bymedical personnel).

The CICADA-S protocol is designed within the scope of the IBBT IM3-project (Interactive Mobile Medical Monitoring), which focuses on the researchand implementation of a wearable system for health monitoring [88]. Patient datais collected using a WBAN and analyzed at the gateway (also called medical hub)worn by the patient. If an event (e.g., heart rhythm problems) is detected, a sig-nal is sent to a health care practitioner who can view and analyze the patientdata remotely.

B.2 Architecture

B.2.1 General overview

Fig. B.1 shows the health care architecture used by the IM3 project. There arethree main components: the Wireless Body Area Network (WBAN), the external

External

networkGW

Back-end

serverExternal

networkGW

WBAN

Back-end

server

Sensor

Figure B.1: General overview of the IM3 health care architecture.

network and the back-end server. In this scenario, the WBAN contains severalsensors that measure medical data such as ECG, body movement, . . . . Thesesensors send their measurements, directly or via several hops, to the gateway.Each WBAN (and hence every patient) has its unique gateway. In other words,the sensors shall only send their data to the unique gateway they are linked withand this needs to be enforced by specific security mechanisms. The gatewayprocesses the medical data, and sends the result via the external network to theback-end server at the hospital, where it can be observed and analyzed by medicalstaff.

Although the architecture was originally designed for and is fully adapted toa medical environment, it may also be used in other applications. Indeed, aslong as the (security) relations between the different devices remain valid, theprotocol remains applicable, which increases the generality of our solution. In theremainder of this appendix, the medical scenario will be further used to explainthe architecture and the secure cross-layer protocol for multihop WBANs.

B.2.2 Security assumptions

This section aims to address the security assumptions of the entire system, andthe WBAN in particular.

The most security critical device in the entire architecture is the back-endserver. This server, which is managed by the hospital or medical center, willreceive the medical data sent by all active WBANs. It is assumed that thisserver is physically protected (e.g., put in a secure place in the hospital where it

197

cannot be stolen or tampered with), and that an adequate access control systemis implemented (i.e. only authorized medical personnel has (partial) access tothe server through appropriate identification/authentication mechanisms). Theback-end server is considered to be a trusted third party, which means thatit is known and trusted by all other devices in the network after a successfulauthentication.

Since potentially security critical data will be transferred through the exter-nal network, end-to-end security between the gateway and the back-end server isrequired. For efficiency reasons, it is assumed that both devices share a symmet-ric session key to secure their communication. This symmetric session key canbe manually installed (e.g., pre-installed during manufacturing), or (preferably)established via a symmetric key establishment protocol. The symmetric sessionkey is updated regularly. The end-to-end channel between gateway and back-end server should also be anonymized using temporary pseudonyms. This avoidsprivacy problems like (location) tracking. We assume that the secure end-to-end channel between gateway and back-end server is already established beforeemploying the CICADA-S protocol in the WBAN. As mentioned before, eachgateway belongs to a specific WBAN (i.e. a patient, who is carrying this device).To enforce this, the gateway is registered in advance at the back-end server.

It is assumed that it is impossible to alter or read the memory of a (securelyinitialized) node that is put on the patient’s body, or to modify the behavior ofa node without this being detected. This is not a strong assumption, since thepatient is carrying the nodes on its body, and an attacker is not able to accessthe nodes without this being detected. It is also assumed that the attacker hasno access to the sensors that yet have to be securely initialized (e.g., becausethey are stored in a physically secure place). However, an attacker can put amalicious node in the presence of a WBAN, and try to join the network. He canalso eavesdrop on all data transmitted in the WBAN, and insert/delete/modify(malicious) data into the network. The attacker is hence assumed to be active.

B.3 Protocol design

B.3.1 CICADA

CICADA is a cross-layer protocol as it handles both medium access and the rout-ing of data [119]. The protocol sets up a spanning tree in a distributed manner,which is subsequently used to guarantee collision free access to the medium andto route data toward the gateway. The time axis is divided in slots grouped incycles, to lower the interference and avoid idle listening. Slot assignment is donein a distributed way where each node informs its children when they are allowedto send their data using a SCHEME. Slot synchronization is possible because anode knows the length of each cycle. During a cycle, a node is allowed to send

all of its data to its parent node. CICADA is designed in such a way that allpackets arrive at the source in only one cycle. Routing itself is not complicatedin CICADA anyway as data packets are routed up the tree which is set up tocontrol the medium access, no special control packets are needed.

S

A B

C

Level 0

Level 1

Level 2ED

(a) Sample topology

0

1

2

3

4

5

0 20 40 60 80 100 120

Nod

e nu

mbe

rtime (ms)

Control subcycleData subcycle

(b) Packet streams in this network.

Figure B.2: Communication in CICADA for a sample network of 5 nodes

A cycle is divided in a control subcycle consisting of control slots, and a datasubcycle consisting of data slots. The former is used to broadcast a SCHEMEmessage from parent to child, i.e. to let the children know when they are allowedto send in the data subcycle. In the data subcycle, data is forwarded from thenodes to the gateway. In each data subcycle, a contention slot is included to allownodes to join the tree. New children hear the SCHEME message of the desiredparent and send a JOIN-REQUEST message in the contention slot. When theparent hears the JOIN-REQUEST message, it will include the node in the nextcycle. Each node will send at least two packets per cycle: a data packet orHELLO packet (if no data is sent) and a SCHEME packet. If a parent does notreceive a packet from a child for N or more consecutive cycles, the parent willconsider the child to be lost. If a child does not receive packets from its parentfor N or more consecutive cycles, the child will assume that the parent is goneand will try to join another node. An example of communication in CICADA isgiven in Fig. B.2, for a network of 5 nodes. The control and data subcycles canbe seen clearly.

A node informs its parent node of the number of slots it needs to send its owndata and forward data coming from its children, by calculating two parameters:α and β. The former gives the number of slots needed for sending data (includingforwarded data) to its parent, the latter gives the number of slots the node hasto wait until it has received all data from its children. Based on the α and βfrom its children, a node can calculate the slot allocation for the next cycle.

199

B.3.2 CICADA-S

The CICADA protocol, as described in the previous section, does not guaranteeany form of security and privacy. Unauthorized nodes can easily join the WBAN,and all communication in the network is sent in plain text and is not integrityprotected. The fixed identity of the sensors is not kept confidential, and canhence be used to track sensors (and patients carrying these sensors). To counterthese problems, appropriate security mechanisms have to be added to the CI-CADA protocol. The result is the CICADA-S protocol, the secure version of theCICADA protocol.

Start

Secure

initialization

Remove

sensor

Key

update

(re)join

WBAN

Start

Secure

initialization

Remove

sensor

Key

update

(re)join

WBAN

Figure B.3: FSM of a sensor in a WBAN.

From a security point of view, there are four main states which take place dur-ing the lifetime of a sensor: the secure initialization phase, the sensor (re)joiningthe WBAN, a key update procedure in the WBAN, and the sensor leaving theWBAN. This is shown in Fig. B.3. The security mechanisms used in these phasesand their integration into the CICADA-S protocol, based on the results of [88],will now be described.

Secure initialization phase:

Initially, each sensor has to be securely initialized by the back-end server before itcan join the WBAN in a later stage. During this initialization phase, the sensorand the back-end server will agree on a shared symmetric key. The default wayto establish a shared key, is by using an out-of-band channel between the sensorand the back-end server. Such a channel is typically inexpensive to setup. More

information on how to create such a channel, and how to use it to establish keys,can be found in Chapter 2.

During this secure initialization phase, the back-end server establishes a ran-dom secret key kA with the sensor (A). Both devices store this key in theirmemory. The key is (conceptually) composed out of 2 subkeys: the encryptionkey kA encr and the integrity key kA int. Note that each new node shares a newand unique secret key with the back-end server.

Each sensor i is also assigned a unique counter CTRi, which is initialized to0 and stored in the sensor’s memory. The value of this counter is included inall key management messages, and is used to avoid replay attacks and assurefreshness. Every time the counter is used, the value gets incremented by 1.

Sensor (re)joining the WBAN:

After the initialization procedure, the sensor is ready to be put on the patient’sbody. It will detect the WBAN, and start the join procedure, which will now bediscussed.

When the sensor (with fixed identity A) hears the SCHEME of the desiredparent, it sends a secure JOIN-REQUEST message, as shown in Fig. B.4, inthe contention slot. This message is forwarded to the gateway. It is basically aHELLO message containing the unique (global) identity of the sensor and thevalue of its unique counter CTRA. The counter is encrypted for privacy reasons(since it is used in all key management messages). The gateway stores (andupdates) this value of the counter. The integrity and authenticity of the entiresecure JOIN-REQUEST message is protected by a message authentication code(MAC ), computed with the key kA int.

When the gateway receives the secure JOIN-REQUEST message of sensor A,it forwards this request to the back-end server via the secure end-to-end channel.This triggers a protocol in which the key kA is securely transported from theback-end server to the gateway. In some scenarios, and this is often the case ina medical environment, it is known in advance (e.g., already during the initial-ization procedure) in which WBAN the sensor will be deployed. The back-endserver can then already transport the key kA to the correct gateway, and does nothave to wait until it receives the secure JOIN-REQUEST message. This makesthe join procedure faster. If a sensor leaves the network, and (not much) laterrejoins it, the gateway may still have the key kA in its memory and does not have

Sensor A Gateway

A || E_kA_encr (CTRA) + MAC_kA_int

Sensor A Gateway

A || E_kA_encr (CTRA) + MAC_kA_int

Figure B.4: Secure JOIN-REQUEST originating from sensor A.

201

to forward the request to the back-end server. From the moment the gateway hasaccess to the key, it can check the validity of the JOIN-REQUEST by verifyingthe message authentication code (MAC ), and in case of a rejoin, also the value ofthe counter CTRA (the new value should be higher than the current value sharedby sensor and gateway). If this verification is successful, the sensor is allowed tojoin the WBAN and is assigned a temporary identity localIDA. This temporaryidentity, which is chosen by the gateway, is established in order to preserve theprivacy. It is only unique within the environment of the WBAN. Other networkscan reuse the same identifier. Since the bitlength of such a local identifier canbe smaller than the full identity of the sensor (A), it also improves the efficiency.A joining sensor in the WBAN is informed about its temporary identity duringthe key transport procedure, which takes place immediately after the approvalof the secure JOIN-REQUEST message.

Key update procedure in the WBAN:

Except for the key management messages, the data traveling in the WBAN con-sists of schemes sent during the control subcycle, and medical data sent duringthe data subcycle from the sensors to the gateway. The former is only integrityprotected (to allow a new node to inform itself about the contention slot), whilethe latter is both integrity protected and encrypted. All these operations areperformed by employing a secret group key s, that is shared between all thesensors in the WBAN. Every time a node joins or leaves the network, the groupkey is updated in order to avoid an attacker recovering the key. Even when thetopology of the network remains constant for a long time, the group key shouldstill be updated at regular intervals. The exact period is determined by the cryp-tographic strength of the encryption and integrity algorithms used to protect thedata in the WBAN, and the length of the key. We will briefly come back to thisin Sect. B.4.1.

The update process works as follows. First, the gateway randomly generatesa new group key s. Next, it performs a secure key transport procedure with allthe nodes in the WBAN, as shown in Fig. B.5. The gateway constructs a keyupdate message, unique for every sensor, which contains the encrypted value ofthe updated group key s. For each node i, the message also contains the new valueof the counter CTRi (which is the current value of the counter incremented by 1),in order to avoid replay attacks, and the local identifier localID i. The authenticityand the integrity of the message is protected by a message authentication code(MAC ). Nodes that have been excluded from the WBAN, cannot decrypt thekey transport messages anymore, and are hence not able to obtain the new groupkey s.

The key update message is uniquely constructed for every sensor, and for-warded from the gateway to the correct node during the control subcycle. Eachnode takes the message containing its local identifier, checks the validity of the

Sensor i Gateway

localIDi || E_ki_encr (CTRi || s) + MAC_ki_int

E_ki_encr (CTR’i) + MAC_ki_int

Sensor i Gateway

localIDi || E_ki_encr (CTRi || s) + MAC_ki_int

E_ki_encr (CTR’i) + MAC_ki_int

Figure B.5: Secure key transport to all the sensors in the WBAN.

message (by verifying the value of the counter and the message authenticationcode) and decrypts the encrypted part in order to recover the new value of thegroup key s. It also forwards all other key update messages to its children, whoperform the same procedure. A new joining node A does not yet know its localidentifier localIDA, and therefore has to check the message authentication code(and the counter) of all the key update messages using its key kA int until thetest succeeds. This only has to be done once, and is easily feasible since com-puting a message authentication code can be done very efficiently. The joiningsensor stores its local identifier localIDA in its memory, and recovers the groupkey s from the encrypted part of the key update message. Finally, all sensorssend a secure acknowledgement back to the gateway during the next data sub-cycle, to inform that they received the key well. This key confirmation messageonly contains the encrypted value of the updated counter CTRi, concatenatedwith a message authentication code. After having received the key confirmationmessage, the gateway knows it can definitively update the group key. When anode does not send its key confirmation message within a certain period, e.g.,because it did not receive the new group key s due to packet loss, the gatewayretransmits the key transport message to that particular node.

Sensor leaving the WBAN:

When a node detects that a particular sensor A is not part anymore of the WBAN,it forwards this information to the gateway. This automatically triggers a groupkey update procedure. This has to be done to avoid that an attacker stealinga sensor from the network, would be able to read or modify the data in theWBAN. After a certain interval (or even immediately, depending on the policy),the gateway deletes the key kA and the identifier localIDA from its memory. Ifthe medical staff removes sensor A from the patient, or if the sensor is reportedlost or stolen, the key kA should also be deleted from the memory of the back-endserver. This way, the sensor cannot rejoin any network anymore in a later stage,until it has been securely reinitialized by the back-end server.

203

B.4 Analysis

B.4.1 Performance evaluation

The addition of these security mechanisms to CICADA undoubtedly influencesthe performance as it leads to an increased overhead and higher delay. Theexact impact strongly depends on the choice of the cryptographic algorithmsthat are deployed in the WBAN, and it is hence difficult to formulate resultsthat are generally applicable. In practice, it is best to employ an efficient low-costencryption and integrity algorithm. To have a brief idea of the overhead causedby the security mechanisms, we will do a worst case analysis and assume thata secure block cipher (but not optimized for low power), such as the AdvancedEncryption Standard (AES) [45], is employed in an authenticated encryptionmode (e.g., CCM or GCM mode of operation).

The combined encryption and authentication algorithm uses a symmetric keyof 16 bytes (the group key s or the shared key ki). The output of this method areencrypted blocks of 16 bytes, and a message authentication code (MAC ) of atleast 8 bytes. Furthermore, the unique hardware address of the sensor is assumedto be 6 bytes (e.g., as in Bluetooth), and a counter of 4 bytes is employed to avoidreplay attacks. Note that encrypting the counter results in an encryption blockof 16 bytes.

In the (re)joining phase, additional information is sent to the gateway inthe JOIN-REQUEST message. The original CICADA-message only containslocalIDA and localIDP (i.e. the local ID of node A joining the network and thelocal ID of the desired parent P respectively). The length of these IDs is 1 byte,which is sufficient for a WBAN. In CICADA-S the unique hardware addressof the sensor is sent, together with the encrypted synchronized counter and amessage authentication code. The length of the JOIN-REQUEST message thusis longer, but still only 30 bytes. As this information is sent in a contention slotwith fixed size, this will not influence the throughput of the system. However,this secure JOIN-REQUEST message needs to be forwarded to the gateway. Asthe contention slot of a node is in the beginning of a data subcycle, the messagecan be sent to the gateway directly. E.g., the JOIN-REQUEST message can bepiggybacked on a data packet that is sent to the gateway. As the length of themessage is small, this may not influence the overall throughput significantly. Thenumber of bytes that can be sent in one slot depends on the size of the slot andthe raw bit rate of the radio technology used. If the number of bytes in the datapacket and the secure JOIN-REQUEST message is too large, the slot size willhave to be altered. This will lower the throughput of the network. A bettersolution is to send the JOIN-REQUEST message in a separate data slot. Thiswill hardly impact the throughput of the network. If the key is already presentat the gateway, the gateway can immediately start the key update procedure. Ifnot, the gateway has to wait for a response from the back-end server. This will

add extra delay to the joining procedure.

In the key update procedure, the gateway sends a new key to all the nodesin the control subcycle. This message contains localIDA, the new key groupkey s concatenated with an increased counter (both encrypted), and a MessageAuthentication Code (MAC ). For each node, this is an additional 41 bytes. Dueto the broadcast mechanism in the control subcycle, these messages all need tobe broadcasted by every node sending its SCHEME in the control subcycle. Thiswill lead to a larger slot length in the control subcycle, and subsequently a lowerthroughput. In CICADA, the slot length in the control subcycle is smaller thanthe data slot length as the SCHEME-messages sent in the control subcycle arevery short. The slot length can be up to ten times smaller. This improves theenergy throughput of CICADA. As the key is only updated after several cycles,we opt to change the control slot dynamically. When the key is updated, thecontrol slot length has the same length as the data slot. At any other time, thecontrol slot has its shorter length. When the key is about to be updated, thegateway broadcasts a warning in the previous cycle by setting a bit in the header(this header should be authenticated by a MAC to avoid attacks disrupting thethroughput of the network). The nodes receive this warning and adapt theircontrol slot lengths for one cycle.

When a node leaves the network or is no longer attached to it, the (former)parent node sends a message to the gateway. This can be added to a data packetand will not influence the throughput.

It is important to note that the key management messages are sent rarely (onlywhen a node (re)joins the network, or when the group key has to be updated),and hardly affect the global throughput in the network. Most data traveling inthe WBAN is medical data, sent by the sensors to the gateway. These messagesare protected by employing the group key s. The data is encrypted in blocks of16 bytes, and a message authentication code of 8 bytes is added. The SCHEMEpackets sent during the control subcycle are not encrypted, but integrity pro-tected. For both types of data, the length of the messages is hardly influenced.Overall, the security mechanisms will have a minor impact on the performanceof CICADA-S.

B.4.2 Security properties

One of the design goals of the CICADA-S protocol is to secure the wirelesscommunication in the WBAN while preserving privacy. In this section, we willbriefly argument why these requirements are fulfilled and formulate the mostinteresting security properties (without formal proof). It has to be stressed thatthe following statements are based on the assumptions stated in section B.2.2,and that all devices in the network, including the attacker, are computationallybounded.

205

• One of the most important security requirements of the CICADA-S is theability to exclude nodes from the Wireless Body Area Network. From themoment a node is lost, compromised by an attacker or just not neededanymore, it should be removed from the network and is no longer able toread/modify/insert/delete data in the WBAN. This requirement is fulfilled,since the group key s is always updated if the topology of the networkchanges. Only nodes that are still part of the network receive a new groupkey, which is encapsulated in a secure key transport message. Other nodesdo not get any information about the updated group key, and can onlyobtain the latter by decrypting the secure key transport message, withouthaving the secret key. In other words, a node that is no longer (or neverhas been) part of the network does not have any advantage compared toan attacker.

• Since the group key is transported in an encrypted format from the gatewayto the nodes in the WBAN, it is practically not feasible for an eavesdropperto recover the key. Only an attacker that can break the encryption schemeused to protect data in the WBAN, is able to find the group key s. Since weassume that the encryption scheme used in the WBAN has an appropriatesecurity level, this attack is not feasible.

• Another important requirement is that only authorized nodes can join theWBAN. To technically enforce this, nodes first have to be securely ini-tialized before they can join the network. After this secure initializationprocedure, nodes share a symmetric key with the back-end server. Thiskey is used to construct a valid secure JOIN-REQUEST message, which isneeded to join the WBAN.

• A sensor that is a member of a WBAN cannot join another WBAN atthe same time. The second secure JOIN-REQUEST message sent by thissensor will be refused by the back-end server, because it will detect thatthe sensor already belongs to another network.

• The CICADA-S protocol offers key confirmation, which is important forsecurity and performance reasons. After receiving the new group key s viaa secure key transport message, a node sends an authenticated key confir-mation message to the gateway, to inform that the key was received well.This avoids certain Denial-of-Service attacks (in which an attacker blockssome key update messages, in order to disrupt the key update mechanismand cause these nodes to be unsynchronized). Due to packet loss and biterrors, key confirmation is also an important and necessary property ofnetwork protocols for wireless media (a key transport message can alwaysbe affected by noise).

• Nodes that are part of a particular WBAN, are not able to read encrypteddata, neither modify, insert or delete data in other WBANs without thisbeing detected, since these other networks do not share the same group keys. A node that is not part of a network has no advantage compared to anattacker, both do not possess information about the group key s that iscurrently being used in the network.

• Since the confidentiality and integrity of data transmitted in the WBANis cryptographically protected, a device that does not possess the groupkey will not succeed in decrypting the enciphered communication, nor suc-cessfully modifying/inserting/deleting data into the network without thisbeing detected. This can only be done by breaking the encryption algorithmand/or the message authentication code (MAC) deployed in the WBAN.Since we assume that both algorithms have an appropriate security level,this attack is not feasible.

• Replay attacks are detected because of the use of the synchronized counter,that is shared between sensor and gateway. The other party will detectthe replay attack because the value of the synchronized counter is lower orequal to a previous value, which is not allowed. Modifying the value of thecounter without possessing the necessary secret key is not possible, sincethe counter is integrity protected by a MAC.

• Since the sensors that are going to perform the CICADA-S protocol will beput on a patient, location privacy is certainly an issue. Fortunately, this hasbeen taken into account during the design of the protocol. Even more, thecommunication between gateway and back-end server is assumed to be com-pletely secured (end-to-end) and anonymized (by employing pseudonyms).Let us now focus on the Wireless Body Area Network. The data thatis transmitted in the WBAN by the sensors cannot be used to trace a pa-tient, since it only contains local identifiers, and these are not unique acrossWBANs. Only in the first message of the join procedure, the exact identityof the sensor is exposed. This identity is however not used in the otherkey management messages. It is also not possible to link other (key man-agement) messages to each other or to the initial key management messageof the join procedure. The only common element in all key managementmessages is the synchronized counter. This value is however encrypted, andhence cannot be used by the attacker (which does not possess the secretkey and cannot break the encryption scheme). All medical data that issent by the sensors to the gateway, is encrypted with the group key. Anattacker cannot decrypt this. The headers contain the local identifier of thesensors, which is meaningless outside the concept of a particular WBAN.So as a conclusion, location privacy can be guaranteed, and patients cannotbe traced by the data that is transmitted in the network.

207

B.5 Conclusion

Wireless Body Area Networks are an enabling technology for mobile health care.These systems reduce the enormous costs associated to patients in hospitals asmonitoring can take place even at home in real-time and over a longer period.A critical factor in the acceptance of WBANs is the provision of appropriatesecurity and privacy protection of the wireless communication medium.

In this appendix we have presented CICADA-S, a security enabled cross-layermultihop protocol for Wireless Body Area Networks. It is a secure extension ofthe CICADA protocol, and was designed within the scope of the IM3-project (In-teractive Mobile Medical Monitoring), which focuses on the research and imple-mentation of a wearable system for health monitoring. The CICADA-S protocolis the first integrated solution to cope with the threats of interactive mobile mon-itoring and the life cycle of the sensors. It combines key management and secureprivacy preserving communication techniques. The addition of security mecha-nisms to the CICADA-S protocol has a low impact on the power consumptionand throughput. The security mechanisms integrated in the protocol are sim-ple, yet very effective. The CICADA-S protocol can be implemented on today’sdevices as it only requires low-cost and minimal hardware changes.

Index

accelerometer, 43access control, 42, 64, 85, 198Access Control List, 14, 16active Bluetooth address, 157alias address, 157attack game, 150, 152, 158–160, 162,

164

bit error rate, 27, 104, 111, 112, 114,117, 118, 124

black list exploit, 10Bluejacking attack, 12Bluesnarf attack, 11Bluesniper rifle, 61Bluetooth, 1, 6, 7, 9, 12, 21, 23, 24,

30, 39, 47, 51, 53, 134–136,157

Bluetooth anonymity mode, 157Brands–Chaum protocol, 60, 73, 104broadcast mode, 90buffer overflow attack, 11Bussard’s protocol, 79

Capkun–Hubaux protocol, 67certification authority, 4, 19, 80Channel Access Code, 136check-value function, 34, 36, 47, 49,

52, 53CICADA, 198CICADA-S, 200communicating constellation, 150, 153,

159connectable mode, 135

constellation location privacy, 154,159, 162, 164

Denial-of-Service attack, 4, 10, 24,53, 144, 156, 206

Device Access Code, 136Diffie-Hellman protocol, 18, 32, 34,

39, 41, 44, 47, 49–55, 147discoverable mode, 135discrete logarithm, 79distance bounding protocol

angle of arrival, 61distance fraud attack, 63, 70, 75,

110electromagnetic signals, 54, 62,

85, 110mafia fraud attack, 63, 65, 75,

84, 104, 110, 115physical attacks, 66, 79received signal strength, 60relay attack, 63terrorist fraud attack, 64, 65, 75,

76, 78, 82, 110time of flight, 21, 26, 54, 61, 191ultra-sound, 45, 54, 62, 85

elliptic curve cryptography, 4, 25, 26,39, 47, 53, 147

encrypted key exchange protocol, 31,41, 43

Enhanced Data Rate, 3error correcting code, 6, 52, 105, 108,

113, 115, 116, 119

209

false acceptance ratio, 57, 112, 113,115, 118, 124

false rejection ratio, 111, 114, 116,118, 124

forward location privacy, 155, 160,162, 165

frequency hopping, 6, 24, 136

guessing attack, 67, 79

Hancke–Kuhn protocol, 27, 103, 111,113–115, 118, 124

hyperbola attack, 96

identification protocol, 150, 152, 156inquiry scan, 135, 148intra-body communication, 42IrDA, 42

key distribution center, 87key transport, 201, 202key-escrow, 14

location privacy, 9, 17, 20, 21, 26,27, 39, 48, 50, 51, 134–136,138, 140, 148, 149, 151, 155–157, 162, 164, 207

MAD protocol, 73, 104, 107man-in-the-middle attack, 12, 18, 20,

32, 44, 46, 51, 61, 63, 78,108

MANA protocol, 26, 34, 36, 48, 49

NFC, 42Noise resilient MAD protocol, 27, 105,

111, 113–116, 119, 124non-connectable mode, 134, 136non-discoverable mode, 7, 134, 135

out-of-band channel, 20, 26, 30–33,41, 43–45, 49, 51, 54, 140,147, 200

pairing problem, 20, 26, 30, 147

pico-net, 3, 133, 136Plotkin bound, 119processing delay, 62, 85, 87, 110proximity based authentication, 46,

54, 60, 85pseudo-random function, 103, 140,

149, 162, 164pseudonym, 22, 48–50, 135, 136, 138,

140, 143, 147, 150, 158, 163,165

random oracle, 162, 164resurrecting duckling, 41RFID, 26, 41, 103, 108, 149

SAFER+, 8, 10, 12scatter-net, 3secure location verification, 26, 86,

191sensor network, 5sleep deprivation attack, 4, 24spread spectrum, 6, 12, 24

traffic analysis, 149trusted hardware, 76

unlinkability, 137, 166untraceability, 137UWB, 70

void challenges, 104

Waters–Felten protocol, 76Wireless Body Area Network, 196

zero knowledge proof of knowledge,82, 84

ZigBee, 1, 12–14

Date post:	11-Sep-2021
Category:	Documents
Upload:	others
View:	3 times
Download:	0 times