How Secret-sharing can Defeat Terrorist Fraud

摘要

Terrorist fraud is a relay attack against distance bounding protocols where the prover conspires with an adversary to misrepresent the distance between himself and the verifier. In ideal situations, the adversary does not gain any knowledge about the prover's long-term secret. This makes designing a distance bounding protocol resistant to a such fraud tricky: the secrets of an honest prover must be protected, while those of a dishonest one should be disclosed as an incentive not to cheat. In this paper, we demonstrate that using a secret-sharing scheme, possibly based on threshold cryptography, is well suited for thwarting terrorist fraud. Although such an idea has been around since the work of Bussard and Bagga, this is the first time that secret-sharing and terrorist fraud have been systematically studied altogether. We prove that secret sharing can counter terrorist fraud, and we detail a method that can be applied directly to most existing distance bounding protocols. We illustrate our method on the protocol of Hancke and Kuhn, yielding two variants: the threshold distance bounding (TDB) protocol and the thrifty threshold distance bounding (TTDB) protocol. We define the adversarial strategies that attempt to gain some knowledge on the prover's long-term secret, evaluate the amount of information disclosed, and determine the adversary's success probability.