Terrorist fraud resistance of distance bounding protocols employing physical unclonable functions

Abstract

Distance bounding protocols (DBPs) aim to restrict the acceptable distance between the communication partners of a wireless communication. Despite numerous proposed protocols, recent analyses of DBPs have shown the majority of them to be susceptible to attacks that undermine certain aspects of the protocols´ security objectives. The most prominent of the unsolved security problems of DBPs is terrorist fraud. This type of attack utilizes one of the legitimate prover devices´ collaboration to circumvent the DBP´s objective, allowing the attacker to pretend being in valid distance to the verifier. We show how terrorist fraud can be prevented by replacing shared secrets - commonly used in classical DBPs - by physical unclonable functions (PUFs). Our new approach can be integrated in all current DBPs with minor modifications to the prover hardware and protocol implementation. We present two variants of our scheme, one utilizing the established concept of strong PUFs, the other using so-called SIMPL systems. For both schemes, we discuss security properties, as well as implementation challenges.