public-key distance bounding and its application …public-key distance bounding and its application...
TRANSCRIPT
![Page 1: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/1.jpg)
PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS
CONTROLHandan Kılınç
Presentation at FutureDB - Distance-bounding: past, present, future
*Handan Kılınç and Serge Vaudenay. Efficient public-key distance bounding protocol. In ASIACRYPT, 2016
*Handan Kılınç and Serge Vaudenay. Contactless Access Control based on Distance bounding. In ISC, 2017
![Page 2: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/2.jpg)
2
OUTLINE
✓EFFICIENT PUBLIC-KEY DB PROTOCOLIntroductionWeak-authenticated Key AgreementEff-pkDB and its private variantComparison
✓ACCESS CONTROL WITH DBIntroductionSecurity and Privacy model for ACOur FrameworkConclusion
![Page 3: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/3.jpg)
3
OUTLINE
✓EFFICIENT PUBLIC-KEY DB PROTOCOLIntroductionWeak-authenticated Key AgreementEff-pkDB and its private variantComparison
✓ACCESS CONTROL WITH DBIntroductionSecurity and Privacy model for ACOur FrameworkConclusion
![Page 4: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/4.jpg)
4
INTRODUCTIONDISTANCE BOUNDING
ProverVerifier
![Page 5: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/5.jpg)
4
INTRODUCTIONDISTANCE BOUNDING
The prover authenticatesand proves its proximity
ProverVerifier
![Page 6: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/6.jpg)
INTRODUCTION
Symmetric Distance Bounding: The prover and the verifier share a secret
Public-key Distance Bounding: The prover has its own secret/public key and the public-key of the verifier
5
![Page 7: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/7.jpg)
INTRODUCTIONPROBLEMS IN PUBLIC KEY DB
6
Slower than symmetric key operations
Limited computational resources on the devices
![Page 8: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/8.jpg)
INTRODUCTIONPROBLEMS IN PUBLIC KEY DB
6
Slower than symmetric key operations
Limited computational resources on the devices
![Page 9: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/9.jpg)
INTRODUCTIONPROBLEMS IN PUBLIC KEY DB
6
Slower than symmetric key operations
Limited computational resources on the devices
![Page 10: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/10.jpg)
INTRODUCTIONPROBLEMS IN PUBLIC KEY DB
6
Slower than symmetric key operations
Limited computational resources on the devices
Construct an efficient and secure public-key distance bounding
![Page 11: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/11.jpg)
STRONG PRIVACY IN DBHPVP*
7
We have provers P1, P2, P3,…, Pn and the adversary A A can corrupt the provers: learns the secret keys of the provers.
As a challenge, A picks two provers Pi, Pj
Challenger picks one of them as a virtual tag and gives the virtual
prover to A.
A can send messages to the virtual tag.
A can send messages to the verifier.
If A can recognize the virtual tag, then he wins the game.
* J. Hermans, A. Pashalidis, F. Vercauteren, and B. Preneel. A new RFID privacy model. In ESORICS, 2011
![Page 12: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/12.jpg)
STRONG PRIVACY IN DBHPVP*
7
We have provers P1, P2, P3,…, Pn and the adversary A A can corrupt the provers: learns the secret keys of the provers.
As a challenge, A picks two provers Pi, Pj
Challenger picks one of them as a virtual tag and gives the virtual
prover to A.
A can send messages to the virtual tag.
A can send messages to the verifier.
If A can recognize the virtual tag, then he wins the game.
A DB protocol is strong private if A wins the above game with negligible advantage.
* J. Hermans, A. Pashalidis, F. Vercauteren, and B. Preneel. A new RFID privacy model. In ESORICS, 2011
![Page 13: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/13.jpg)
AN OVERVIEW OF OUR PROTOCOL
8
Agree on a key s with using a key agreement (KA) protocol
Run a symmetric DB with s
![Page 14: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/14.jpg)
AN OVERVIEW OF OUR PROTOCOL
8
Agree on a key s with using a key agreement (KA) protocol
Run a symmetric DB with s
What kind of security properties do we need for the key agreement protocol to have MiM, DF and DH secure and strong private DB protocol?
![Page 15: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/15.jpg)
AN OVERVIEW OF OUR PROTOCOL
8
Agree on a key s with using a key agreement (KA) protocol
Run a symmetric DB with s
What kind of security properties do we need for the key agreement protocol to have MiM, DF and DH secure and strong private DB protocol?
KA Efficiency Security
MQV 2.5 No proof
HMQV 2.5 CK
KEA+ 3 CK
NAXOS 4 eCK
CMQV 3 eCK
![Page 16: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/16.jpg)
9
OUTLINE
✓EFFICIENT PUBLIC-KEY DB PROTOCOLIntroductionWeak-authenticated Key AgreementEff-pkDB and its private variantComparison
✓ACCESS CONTROL WITH DBIntroductionSecurity and Privacy model for ACOur FrameworkConclusion
![Page 17: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/17.jpg)
AUTHENTICATED KEY AGREEMENTONE PASS
10
!"#,%"#,%"& !"#, %"#,%"&
*Handan Kılınç and Serge Vaudenay. Efficient public-key distance bounding protocol. In ASIACRYPT, 2016
![Page 18: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/18.jpg)
AUTHENTICATED KEY AGREEMENTONE PASS
10
! ← #(1&))(*+,, .+,, .+/,!)
!"#,%"#,%"& !"#, %"#,%"&
*Handan Kılınç and Serge Vaudenay. Efficient public-key distance bounding protocol. In ASIACRYPT, 2016
![Page 19: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/19.jpg)
AUTHENTICATED KEY AGREEMENTONE PASS
10
! ← #(1&))(*+,, .+,, .+/,!)
!"#,%"#,%"& !"#, %"#,%"&
!
*Handan Kılınç and Serge Vaudenay. Efficient public-key distance bounding protocol. In ASIACRYPT, 2016
![Page 20: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/20.jpg)
AUTHENTICATED KEY AGREEMENTONE PASS
10
!(#$%,'$%,'$(, ))! ← #(1&))(*+,, .+,, .+/,!)
!"#,%"#,%"& !"#, %"#,%"&
!
*Handan Kılınç and Serge Vaudenay. Efficient public-key distance bounding protocol. In ASIACRYPT, 2016
![Page 21: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/21.jpg)
AUTHENTICATED KEY AGREEMENTONE PASS
10
!(#$%,'$%,'$(, ))! ← #(1&))(*+,, .+,, .+/,!)
!"#,%"#,%"& !"#, %"#,%"&
!
!!
*Handan Kılınç and Serge Vaudenay. Efficient public-key distance bounding protocol. In ASIACRYPT, 2016
![Page 22: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/22.jpg)
Decisional-Authenticated Key Agreement(D-AKA)
11
Challenger Adversary
![Page 23: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/23.jpg)
Decisional-Authenticated Key Agreement(D-AKA)
11
Generate !"#, %"# , !"&,%"&Pick!'Pick( ∈ {0,1}
Challenger Adversary
![Page 24: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/24.jpg)
Decisional-Authenticated Key Agreement(D-AKA)
11
Generate !"#, %"# , !"&,%"&Pick!'Pick( ∈ {0,1}
!"#$%&'(.)N← )(1,)runB(./', 1/', . ,3)
!"#$%&4(.,.)5(./4,1/4, . , . )
Challenger Adversary
![Page 25: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/25.jpg)
Decisional-Authenticated Key Agreement(D-AKA)
11
Generate !"#, %"# , !"&,%"&Pick!'Pick( ∈ {0,1}
!"#$%&'(.)N← )(1,)runB(./', 1/', . ,3)
!"#$%&4(.,.)5(./4,1/4, . , . )
!"#
Challenger Adversary
![Page 26: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/26.jpg)
Decisional-Authenticated Key Agreement(D-AKA)
11
Generate !"#, %"# , !"&,%"&Pick!'Pick( ∈ {0,1}
!"#$%&'(.)N← )(1,)runB(./', 1/', . ,3)
!"#$%&4(.,.)5(./4,1/4, . , . )
!"#!, #$
Challenger Adversary
![Page 27: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/27.jpg)
Decisional-Authenticated Key Agreement(D-AKA)
11
Generate !"#, %"# , !"&,%"&Pick!'Pick( ∈ {0,1}
!"#$%&'(.)N← )(1,)runB(./', 1/', . ,3)
!"#$%&4(.,.)5(./4,1/4, . , . )
!",#, %&', %&(
!"#!, #$
Challenger Adversary
![Page 28: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/28.jpg)
Decisional-Authenticated Key Agreement(D-AKA)
11
Generate !"#, %"# , !"&,%"&Pick!'Pick( ∈ {0,1}
!"#$%&'(.)N← )(1,)runB(./', 1/', . ,3)
!"#$%&4(.,.)5(./4,1/4, . , . )
Itcanaccesstheoraclesexcept("#$,&)
!",#, %&', %&(
!"#!, #$
Challenger Adversary
![Page 29: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/29.jpg)
Decisional-Authenticated Key Agreement(D-AKA)
11
Generate !"#, %"# , !"&,%"&Pick!'Pick( ∈ {0,1}
!"#$%&'(.)N← )(1,)runB(./', 1/', . ,3)
!"#$%&4(.,.)5(./4,1/4, . , . )
Itcanaccesstheoraclesexcept("#$,&)
!"
!",#, %&', %&(
!"#!, #$
Challenger Adversary
![Page 30: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/30.jpg)
Decisional-Authenticated Key Agreement(D-AKA)
11
Generate !"#, %"# , !"&,%"&Pick!'Pick( ∈ {0,1}
!"#$%&'(.)N← )(1,)runB(./', 1/', . ,3)
!"#$%&4(.,.)5(./4,1/4, . , . )
Itcanaccesstheoraclesexcept("#$,&)
!" If!" = !Itwins
!",#, %&', %&(
!"#!, #$
Challenger Adversary
![Page 31: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/31.jpg)
Decisional-Authenticated Key Agreement(D-AKA)
11
Generate !"#, %"# , !"&,%"&Pick!'Pick( ∈ {0,1}
!"#$%&'(.)N← )(1,)runB(./', 1/', . ,3)
!"#$%&4(.,.)5(./4,1/4, . , . )
Itcanaccesstheoraclesexcept("#$,&)
!" If!" = !Itwins
!",#, %&', %&(
!"#!, #$
Challenger Adversary
A one-pass AKA is D-AKA secure if the adversary’s advantagewinning this game is negligible.
![Page 32: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/32.jpg)
D-AKA PRIVACY GAME
12
Challenger Adversary
![Page 33: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/33.jpg)
D-AKA PRIVACY GAME
12
Challenger Adversary
Generate !"#, %"# , !"&' ,%"&'
![Page 34: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/34.jpg)
D-AKA PRIVACY GAME
12
Challenger Adversary
!"#$%&'(.,.)((*+',-+', . , . )
Generate !"#, %"# , !"&' ,%"&'
![Page 35: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/35.jpg)
D-AKA PRIVACY GAME
12
Challenger Adversary
!"#$%&'(.,.)((*+',-+', . , . )
!"#, %"&',!"&'
Generate !"#, %"# , !"&' ,%"&'
![Page 36: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/36.jpg)
D-AKA PRIVACY GAME
12
Challenger Adversary
!"#$%&'(.,.)((*+',-+', . , . )
!"#, %"&',!"&'
Pick!"#$,&"#$
Generate !"#, %"# , !"&' ,%"&'
![Page 37: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/37.jpg)
D-AKA PRIVACY GAME
12
Challenger Adversary
!"#$%&'(.,.)((*+',-+', . , . )
!"#, %"&',!"&'!"#$,&"#$
Pick!"#$,&"#$
Generate !"#, %"# , !"&' ,%"&'
![Page 38: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/38.jpg)
D-AKA PRIVACY GAME
12
Challenger Adversary
!"#$%&'(.,.)((*+',-+', . , . )
!"#, %"&',!"&'!"#$,&"#$
Pick!"#$,&"#$
Generate !"#, %"# , !"&' ,%"&'
Pick! ∈ {0,1}( ← *(1,),. = 0(.123, 4123,415,()
![Page 39: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/39.jpg)
D-AKA PRIVACY GAME
12
Challenger Adversary
!"#$%&'(.,.)((*+',-+', . , . )
!"#, %"&',!"&'!"#$,&"#$
!Pick!"#$,&"#$
Generate !"#, %"# , !"&' ,%"&'
Pick! ∈ {0,1}( ← *(1,),. = 0(.123, 4123,415,()
![Page 40: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/40.jpg)
D-AKA PRIVACY GAME
12
Challenger Adversary
!"#$%&'(.,.)((*+',-+', . , . )
!"#, %"&',!"&'!"#$,&"#$
!Pick!"#$,&"#$
Generate !"#, %"# , !"&' ,%"&'
Pick! ∈ {0,1}( ← *(1,),. = 0(.123, 4123,415,()
![Page 41: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/41.jpg)
D-AKA PRIVACY GAME
12
Challenger Adversary
!"#$%&'(.,.)((*+',-+', . , . )
!"#, %"&',!"&'!"#$,&"#$
!Pick!"#$,&"#$
!"
Generate !"#, %"# , !"&' ,%"&'
Pick! ∈ {0,1}( ← *(1,),. = 0(.123, 4123,415,()
![Page 42: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/42.jpg)
D-AKA PRIVACY GAME
12
Challenger Adversary
!"#$%&'(.,.)((*+',-+', . , . )
!"#, %"&',!"&'!"#$,&"#$
!Pick!"#$,&"#$
!" If!" = !Itwins
Generate !"#, %"# , !"&' ,%"&'
Pick! ∈ {0,1}( ← *(1,),. = 0(.123, 4123,415,()
![Page 43: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/43.jpg)
D-AKA PRIVACY GAME
12
Challenger Adversary
!"#$%&'(.,.)((*+',-+', . , . )
!"#, %"&',!"&'!"#$,&"#$
!Pick!"#$,&"#$
!" If!" = !Itwins
Generate !"#, %"# , !"&' ,%"&'
Pick! ∈ {0,1}( ← *(1,),. = 0(.123, 4123,415,()
A one-pass AKA is D-AKA private if the adversary’s advantagewinning this game is negligible.
![Page 44: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/44.jpg)
NONCE-DHD-AKA SECURE AND PRIVATE KEY AGREEMENT PROTOCOL
13
!"#, %"#,%"&!"&,%"&,%"#
![Page 45: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/45.jpg)
NONCE-DHD-AKA SECURE AND PRIVATE KEY AGREEMENT PROTOCOL
13
Publicparameter! orderof" and# ∈ !
!"# ∈ ℤ'("# = *+,-
!". ∈ ℤ'(". = *+,/
!"#, %"#,%"&!"&,%"&,%"#
![Page 46: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/46.jpg)
NONCE-DHD-AKA SECURE AND PRIVATE KEY AGREEMENT PROTOCOL
13
Publicparameter! orderof" and# ∈ !
!"# ∈ ℤ'("# = *+,-
!". ∈ ℤ'(". = *+,/
!"#, %"#,%"&!"&,%"&,%"#
Pick! ∈ 0,1 ℓ
' = )(+, ,-., ,-/,,-/012,!)
![Page 47: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/47.jpg)
NONCE-DHD-AKA SECURE AND PRIVATE KEY AGREEMENT PROTOCOL
13
Publicparameter! orderof" and# ∈ !
!"# ∈ ℤ'("# = *+,-
!". ∈ ℤ'(". = *+,/
!"#, %"#,%"&!"&,%"&,%"#
Pick! ∈ 0,1 ℓ
' = )(+, ,-., ,-/,,-/012,!)
!
![Page 48: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/48.jpg)
NONCE-DHD-AKA SECURE AND PRIVATE KEY AGREEMENT PROTOCOL
13
Publicparameter! orderof" and# ∈ !
!"# ∈ ℤ'("# = *+,-
!". ∈ ℤ'(". = *+,/
!"#, %"#,%"&!"&,%"&,%"#
Pick! ∈ 0,1 ℓ
' = )(+, ,-., ,-/,,-/012,!)! = #(%, '(),'(*,'()
+,- ,.)
!
![Page 49: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/49.jpg)
NONCE-DHD-AKA SECURE AND PRIVATE KEY AGREEMENT PROTOCOL
13
Publicparameter! orderof" and# ∈ !
!"# ∈ ℤ'("# = *+,-
!". ∈ ℤ'(". = *+,/
!"#, %"#,%"&!"&,%"&,%"#
Pick! ∈ 0,1 ℓ
' = )(+, ,-., ,-/,,-/012,!)! = #(%, '(),'(*,'()
+,- ,.)
!
Nonce-DH is D-AKA secure and private in the random oracle model assuming that Gap Diffie-Hellman problem is hard.
![Page 50: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/50.jpg)
NONCE-DHD-AKA SECURE AND PRIVATE KEY AGREEMENT PROTOCOL
13
Publicparameter! orderof" and# ∈ !
!"# ∈ ℤ'("# = *+,-
!". ∈ ℤ'(". = *+,/
!"#, %"#,%"&!"&,%"&,%"#
Pick! ∈ 0,1 ℓ
' = )(+, ,-., ,-/,,-/012,!)! = #(%, '(),'(*,'()
+,- ,.)
!
Nonce-DH is D-AKA secure and private in the random oracle model assuming that Gap Diffie-Hellman problem is hard.
KA Efficiency Security
MQV 2.5 No proof
HMQV 2.5 CK
KEA+ 3 CK
NAXOS 4 eCK
CMQV 3 eCK
Nonce-DH 1 D-AKA
![Page 51: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/51.jpg)
14
OUTLINE
✓EFFICIENT PUBLIC-KEY DB PROTOCOLIntroductionWeak-authenticated Key AgreementEff-pkDB and its private variantComparison
✓ACCESS CONTROL WITH DBIntroductionSecurity and Privacy model for ACOur FrameworkConclusion
![Page 52: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/52.jpg)
EFF-PKDB
15
Verifier Prover!"#, %"#, %"&!"&, %"&
! ← #(1&)( = *((+,, .+,, .+/, !)
!, #$%! = #(!%&,(%&,(%),*)
symDB(!)
Out
![Page 53: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/53.jpg)
SECURITY OF EFF-PKDB
16
MiM Security: If symDB is multi-verifier OT-MiM secure and the key agreement protocol is D-AKA secure, the Eff-pkDB is MiM-secure.
DF Security: If symDB is DF-secure, then Eff-pkDB is DF-secure.
DH security: If symDB is OT-MiM-secure, OT-DH-secure and if the key agreement protocol is D-AKA secure then Eff-pkDB is DH-secure.
![Page 54: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/54.jpg)
STRONG PRIVATE VARIANT OF EFF-PKDB
17
! ← #(1&)( = *+,-./0 !, 2345 = 6(534, 234, 237, !)
(
!, 234 = #(,8./0 (()5 = 9 53:,23:,23;,!
234 isprivateoutput
Verifier Prover
symDB(5)
Out
534, 234, 237=(2370 ,237< )
Assuming the key agreement protocol is D-AKA-private and the cryptosystem is IND-CCA secure, then the variant of Eff-pkDB is strong private in HPVP model.
![Page 55: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/55.jpg)
AN INSTANCE OF EFF-PKDBNONCE-DH+OTDB*
18
!"# ∈ ℤ'("# = *+,-
!"., ("., ("# !". ∈ ℤ'(". = *+,0
Publicparameter1 orderof2 and* ∈ 1
!"#, ("#,(".
Pick3 ∈ 0,1 ℓ
! = 7 *,("., ("#,("#+,0 ,3
8 = 3#⨁!
:; = 8<;=>?
3,(".
3#for@ = 0toA
B;:;Out
! = # $,&'(, &'),&'(*+, ,-
pick-) ∈ 0,1 12
3 = -)⨁!
starttimerendtimer
checkif∀6899: < 2= and8:iscorrect
* S. Vaudenay, Private and Secure Distance Bounding: Application to NFC Payment, FC 2015
![Page 56: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/56.jpg)
19
OUTLINE
✓EFFICIENT PUBLIC-KEY DB PROTOCOLIntroductionWeak-authenticated Key AgreementEff-pkDB and its private variantComparison
✓ACCESS CONTROL WITH DBIntroductionSecurity and Privacy model for ACOur FrameworkConclusion
![Page 57: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/57.jpg)
COMPARISON
20
Protocol Security Privacy PK Operation Number of Computations
Brands-Chaum MiM, DF No privacy 1 commitment, 1 signature 1 EC multiplication, 2 hashing, 1 modular inversion, 1 random string selection
HPO (Hermans et al.)
MiM, DF Weak 4 EC multiplication, 2 random string selections, 2 mappings
PrivDB (Vaudenay)
MiM, DF, DH Strong 1 signature, 1 IND-CCA encryption 3 EC multiplication, 2 hashing, 2 random string selections, 1 symmetric key encryption, 1 modular inversion, 1mapping, 1 MAC
ProProx (Vaudenay) MiM, DF, DH, TF No Privacy n+1 commitment, n ZK proofs
eProProx (Vaudenay)
MiM, DF, DH, TF Strong 1 encryption, n+1 commitments, n ZK proofs
TREAD (Avoine et al.)
MiM, DF, DH, TF* Strong 1 signature, 1 IND-CCA encryption 3 EC multiplication, 2 hashing, 2 random string selections, 1 symmetric key encryption, 1 modular inversion, 1mapping, 1 MAC
Eff-pkDB MiM, DF, DH, (TF*)
No Privacy 1 D-AKA secure KA protocol 1 EC multiplication, 2 hashing, 1 random string selection,
Private Variant of Eff-pkDB
MiM, DF, DH, (TF*)
Strong 1 IND-CCA encryption, 1 D-AKA secure KA protocol
3 EC multiplication, 2 hashing, 2 random string selections, 1 symmetric key encryption, 1 MAC
*ECDSAforthesignatureschemeandECIESfortheIND-CCAsecureencryption scheme
![Page 58: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/58.jpg)
21
OUTLINE
✓EFFICIENT PUBLIC-KEY DB PROTOCOLIntroductionWeak-authenticated Key AgreementEff-pkDB and its private variantComparison
✓ACCESS CONTROL WITH DBIntroductionSecurity and Privacy model for ACOur FrameworkConclusion
![Page 59: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/59.jpg)
INTRODUCTIONPREVIOUS WORKS
Smart Card Alliance: Defines the components (controller, database, reader and tag) and defines security in a informal way
PLAID*
OPACITY**
Privacy is an important issue in access control.
22
Based on establishing secret keyand mutual authentication
* C. A. governments Department of Human Services (DHS). Protocol for lightweight authentication of identity (PLAID), 2010.* * S. C. Alliance. Industry technical contributions: Opacity, 2013
![Page 60: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/60.jpg)
INTRODUCTIONTHE STRUCTURE (CONTROLLERS, READERS, TAGS)
23
![Page 61: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/61.jpg)
INTRODUCTIONTHE STRUCTURE (CONTROLLERS, READERS, TAGS)
23
![Page 62: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/62.jpg)
24
INTRODUCTION COMPOSITION WITH DB
TagReaderController
![Page 63: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/63.jpg)
24
INTRODUCTION COMPOSITION WITH DB
TagReaderControllerAn AC Protocol
![Page 64: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/64.jpg)
24
INTRODUCTION COMPOSITION WITH DB
TagReaderControllerAn AC Protocol
A DB protocol
![Page 65: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/65.jpg)
24
INTRODUCTION COMPOSITION WITH DB
TagReaderController
Is this natural
composition
secure and
private?
An AC Protocol
A DB protocol
![Page 66: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/66.jpg)
25
OUTLINE
✓EFFICIENT PUBLIC-KEY DB PROTOCOLIntroductionWeak-authenticated Key AgreementEff-pkDB and its private variantComparison
✓ACCESS CONTROL WITH DBIntroductionSecurity and Privacy model for ACOur FrameworkConclusion
![Page 67: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/67.jpg)
ACCESS CONTROLCONTACTLESS AC PROTOCOL
Controller and Database Reader Tag
![Page 68: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/68.jpg)
ACCESS CONTROLCONTACTLESS AC PROTOCOL
Controller and Database Reader Tag
GenC ! (skC , pkC) GenT ! (skT1 , pkT1)
(skT2 , pkT2)
(skTk , pkTk)
…
![Page 69: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/69.jpg)
ACCESS CONTROLCONTACTLESS AC PROTOCOL
Controller and Database Reader Tag
GenC ! (skC , pkC)
C(skC , pkC , DataB,B) T (skT , pkT , pkC , req)R(locR)
GenT ! (skT1 , pkT1)
(skT2 , pkT2)
(skTk , pkTk)
…
![Page 70: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/70.jpg)
ACCESS CONTROLCONTACTLESS AC PROTOCOL
Controller and Database Reader Tag
GenC ! (skC , pkC)
C(skC , pkC , DataB,B) T (skT , pkT , pkC , req)R(locR)
OutROutC
GenT ! (skT1 , pkT1)
(skT2 , pkT2)
(skTk , pkTk)
…
POutC = (pkT , locR, req)
![Page 71: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/71.jpg)
ACCESS CONTROLCONTACTLESS AC PROTOCOL
Controller and Database Reader Tag
GenC ! (skC , pkC)
C(skC , pkC , DataB,B) T (skT , pkT , pkC , req)R(locR)
OutROutC
GenT ! (skT1 , pkT1)
(skT2 , pkT2)
(skTk , pkTk)
…
DataB = {(pk1, locRi , reqx), (pk2, locRj , reqy), ..., (pkk, locRi , reqx)}POutC = (pkT , locR, req)
![Page 72: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/72.jpg)
27
ACCESS CONTROLADVERSARIAL AND COMMUNICATION MODEL
![Page 73: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/73.jpg)
27
ACCESS CONTROLADVERSARIAL AND COMMUNICATION MODEL
Tags are honest
![Page 74: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/74.jpg)
27
ACCESS CONTROLADVERSARIAL AND COMMUNICATION MODEL
Secure and authenticatedTags are honest
![Page 75: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/75.jpg)
27
ACCESS CONTROLADVERSARIAL AND COMMUNICATION MODEL
Secure and authenticatedTags are honest
Create DatabaseCreate fake tags
![Page 76: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/76.jpg)
27
ACCESS CONTROLADVERSARIAL AND COMMUNICATION MODEL
Secure and authenticatedTags are honest
Activate(req)
Create DatabaseCreate fake tags
![Page 77: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/77.jpg)
27
ACCESS CONTROLADVERSARIAL AND COMMUNICATION MODEL
Secure and authenticatedTags are honest
Activate(req)
req
Create DatabaseCreate fake tags
![Page 78: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/78.jpg)
27
ACCESS CONTROLADVERSARIAL AND COMMUNICATION MODEL
Secure and authenticatedTags are honest
Activate(req)
req
Move(loc’)
Create DatabaseCreate fake tags
![Page 79: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/79.jpg)
27
ACCESS CONTROLADVERSARIAL AND COMMUNICATION MODEL
Secure and authenticatedTags are honest
Activate(req)
req
Move(loc’)
Create DatabaseCreate fake tags
![Page 80: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/80.jpg)
27
ACCESS CONTROLADVERSARIAL AND COMMUNICATION MODEL
Secure and authenticatedTags are honest
Activate(req)
req
Move(loc’)
Terminate
Create DatabaseCreate fake tags
![Page 81: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/81.jpg)
27
ACCESS CONTROLADVERSARIAL AND COMMUNICATION MODEL
Secure and authenticatedTags are honest
Activate(req)
req
Move(loc’)
Terminate
Create DatabaseCreate fake tags
It can intercept, observe, replace the messages between readers and tagsIt can create may instances of each party
![Page 82: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/82.jpg)
28
ACCESS CONTROLAC-GAME
GenC ! pkC , skCGenT ! {pkTi
, skTi}
![Page 83: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/83.jpg)
28
ACCESS CONTROLAC-GAME
GenC ! pkC , skC{pkTi
}, pkCGenT ! {pkTi
, skTi}
![Page 84: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/84.jpg)
28
ACCESS CONTROLAC-GAME
GenC ! pkC , skC Create fake tags {s̃kT , p̃kT }{pkTi}, pkC
GenT ! {pkTi, skTi}
Create DataB
![Page 85: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/85.jpg)
28
ACCESS CONTROLAC-GAME
GenC ! pkC , skC Create fake tags {s̃kT , p̃kT }{pkTi}, pkC
GenT ! {pkTi, skTi}
DataB Create DataB
![Page 86: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/86.jpg)
29
ACCESS CONTROLAC-GAME
GenC ! pkC , skC
GenT ! {pkTi, skTi}
DataB
![Page 87: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/87.jpg)
29
ACCESS CONTROLAC-GAME
R
TT̃
R T
RT
T̃T̃
R
T̃
R
T
RT
T̃
GenC ! pkC , skC
GenT ! {pkTi, skTi}
DataB
![Page 88: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/88.jpg)
29
ACCESS CONTROLAC-GAME
R
TT̃
R T
RT
T̃T̃
R
T̃
R
T
RT
T̃
R
OutR = 1
GenC ! pkC , skC
GenT ! {pkTi, skTi}
DataB
POutC = (pk, loc, req)
![Page 89: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/89.jpg)
29
ACCESS CONTROLAC-GAME
R
TT̃
R T
RT
T̃T̃
R
T̃
R
T
RT
T̃
R
OutR = 1
GenC ! pkC , skC
GenT ! {pkTi, skTi}
DataB
POutC = (pk, loc, req)
Adversary wins if one of the conditions are satisfied:
![Page 90: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/90.jpg)
29
ACCESS CONTROLAC-GAME
R
TT̃
R T
RT
T̃T̃
R
T̃
R
T
RT
T̃
R
OutR = 1
GenC ! pkC , skC
GenT ! {pkTi, skTi}
DataB
POutC = (pk, loc, req)
POutC = (pk, loc, req) /2 DataB
Adversary wins if one of the conditions are satisfied:
![Page 91: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/91.jpg)
29
ACCESS CONTROLAC-GAME
R
TT̃
R T
RT
T̃T̃
R
T̃
R
T
RT
T̃
R
OutR = 1
GenC ! pkC , skC
GenT ! {pkTi, skTi}
DataB
POutC = (pk, loc, req)
POutC = (pk, loc, req) /2 DataB
(MiM)pk is honest tag’s key and
no close honest tag
Adversary wins if one of the conditions are satisfied:
![Page 92: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/92.jpg)
29
ACCESS CONTROLAC-GAME
R
TT̃
R T
RT
T̃T̃
R
T̃
R
T
RT
T̃
R
OutR = 1
T
GenC ! pkC , skC
GenT ! {pkTi, skTi}
DataB
POutC = (pk, loc, req)
POutC = (pk, loc, req) /2 DataB
(MiM)pk is honest tag’s key and
no close honest tag
Adversary wins if one of the conditions are satisfied:
![Page 93: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/93.jpg)
29
ACCESS CONTROLAC-GAME
R
TT̃
R T
RT
T̃T̃
R
T̃
R
T
RT
T̃
R
OutR = 1
TT̃
GenC ! pkC , skC
GenT ! {pkTi, skTi}
DataB
POutC = (pk, loc, req)
POutC = (pk, loc, req) /2 DataB
(MiM)pk is honest tag’s key and
no close honest tag
Adversary wins if one of the conditions are satisfied:
![Page 94: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/94.jpg)
29
ACCESS CONTROLAC-GAME
R
TT̃
R T
RT
T̃T̃
R
T̃
R
T
RT
T̃
R
OutR = 1
GenC ! pkC , skC
GenT ! {pkTi, skTi}
DataB
POutC = (pk, loc, req)
POutC = (pk, loc, req) /2 DataB
(MiM)pk is honest tag’s key and
no close honest tag
(DH)
pk is fake tag’s key andno close fake tag
Adversary wins if one of the conditions are satisfied:
![Page 95: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/95.jpg)
29
ACCESS CONTROLAC-GAME
R
TT̃
R T
RT
T̃T̃
R
T̃
R
T
RT
T̃
R
OutR = 1
GenC ! pkC , skC
GenT ! {pkTi, skTi}
DataB
T̃
POutC = (pk, loc, req)
POutC = (pk, loc, req) /2 DataB
(MiM)pk is honest tag’s key and
no close honest tag
(DH)
pk is fake tag’s key andno close fake tag
Adversary wins if one of the conditions are satisfied:
![Page 96: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/96.jpg)
29
ACCESS CONTROLAC-GAME
R
TT̃
R T
RT
T̃T̃
R
T̃
R
T
RT
T̃
R
OutR = 1
GenC ! pkC , skC
GenT ! {pkTi, skTi}
DataB
T̃
T
POutC = (pk, loc, req)
POutC = (pk, loc, req) /2 DataB
(MiM)pk is honest tag’s key and
no close honest tag
(DH)
pk is fake tag’s key andno close fake tag
Adversary wins if one of the conditions are satisfied:
![Page 97: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/97.jpg)
30
ACCESS CONTROLPRIVACY
![Page 98: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/98.jpg)
30
ACCESS CONTROLPRIVACY
pick b 2 {`, r}
![Page 99: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/99.jpg)
30
ACCESS CONTROLPRIVACY
Adversary can pair tags
Draw(Ti, Tj)
pick b 2 {`, r}
![Page 100: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/100.jpg)
30
ACCESS CONTROLPRIVACY
Adversary can pair tags
Draw(Ti, Tj) Pair(3,4)
Pair(5,8)
Pair(1,7)
Pair(2,9)Pair(6,6)
pick b 2 {`, r}
![Page 101: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/101.jpg)
30
ACCESS CONTROLPRIVACY
Adversary can pair tags
Draw(Ti, Tj) Pair(3,4)
Pair(5,8)
Pair(1,7)
Pair(2,9)Pair(6,6)
Pair(5,8)
pick b 2 {`, r}
![Page 102: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/102.jpg)
30
ACCESS CONTROLPRIVACY
Adversary can pair tags
Draw(Ti, Tj) Pair(3,4)
Pair(5,8)
Pair(1,7)
Pair(2,9)Pair(6,6)
Pair(5,8) simulate T8
simulate T5
else
if b = r
pick b 2 {`, r}
![Page 103: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/103.jpg)
30
ACCESS CONTROLPRIVACY
Adversary can pair tags
Draw(Ti, Tj) Pair(3,4)
Pair(5,8)
Pair(1,7)
Pair(2,9)Pair(6,6)
Pair(5,8) simulate T8
simulate T5
else
if b = r
pick b 2 {`, r}
b0
![Page 104: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/104.jpg)
30
ACCESS CONTROLPRIVACY
Adversary can pair tags
Draw(Ti, Tj) Pair(3,4)
Pair(5,8)
Pair(1,7)
Pair(2,9)Pair(6,6)
Pair(5,8) simulate T8
simulate T5
else
if b = r
pick b 2 {`, r}
b0
Adversary wins if b0 = b
![Page 105: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/105.jpg)
30
ACCESS CONTROLPRIVACY
Adversary can pair tags
Draw(Ti, Tj)
• and are at the same location• and have the same access privilegesTi Tj
Ti Tj
Pair(3,4)
Pair(5,8)
Pair(1,7)
Pair(2,9)Pair(6,6)
Pair(5,8) simulate T8
simulate T5
else
if b = r
pick b 2 {`, r}
b0
Adversary wins if b0 = b
![Page 106: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/106.jpg)
31
OUTLINE
✓EFFICIENT PUBLIC-KEY DB PROTOCOLIntroductionWeak-authenticated Key AgreementEff-pkDB and its private variantComparison
✓ACCESS CONTROL WITH DBIntroductionSecurity and Privacy model for ACOur FrameworkConclusion
![Page 107: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/107.jpg)
32
AC WITH DBOUR FRAMEWORK
TagReaderController(skC , pkC , DataB,B) (skT , pkT , pkC , req)(locR)
![Page 108: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/108.jpg)
32
AC WITH DBOUR FRAMEWORK
TagReaderController(skC , pkC , DataB,B) (skT , pkT , pkC , req)(locR)
req
![Page 109: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/109.jpg)
32
AC WITH DBOUR FRAMEWORK
TagReaderController(skC , pkC , DataB,B) (skT , pkT , pkC , req)(locR)
req, locR req
![Page 110: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/110.jpg)
32
AC WITH DBOUR FRAMEWORK
TagReaderController(skC , pkC , DataB,B) (skT , pkT , pkC , req)(locR)
req, locR req
run V (skC , pkC) run P (skT , pkT )
![Page 111: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/111.jpg)
32
AC WITH DBOUR FRAMEWORK
TagReaderController(skC , pkC , DataB,B) (skT , pkT , pkC , req)(locR)
req, locR req
run DB = (KV ,KP , P, V,B)run V (skC , pkC) run P (skT , pkT )
![Page 112: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/112.jpg)
32
AC WITH DBOUR FRAMEWORK
TagReaderController(skC , pkC , DataB,B) (skT , pkT , pkC , req)(locR)
req, locR req
run DB = (KV ,KP , P, V,B)run V (skC , pkC) run P (skT , pkT )
output Out, pk
![Page 113: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/113.jpg)
32
AC WITH DBOUR FRAMEWORK
TagReaderController(skC , pkC , DataB,B) (skT , pkT , pkC , req)(locR)
req, locR req
run DB = (KV ,KP , P, V,B)run V (skC , pkC) run P (skT , pkT )
output Out, pk
if (pk, locR, req) 2 DataB
OutC = Out
![Page 114: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/114.jpg)
32
AC WITH DBOUR FRAMEWORK
TagReaderController(skC , pkC , DataB,B) (skT , pkT , pkC , req)(locR)
req, locR req
run DB = (KV ,KP , P, V,B)run V (skC , pkC) run P (skT , pkT )
output Out, pk
if (pk, locR, req) 2 DataB
OutC = Out
POut = (pk, locR, req)
else OutC = 0
![Page 115: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/115.jpg)
32
AC WITH DBOUR FRAMEWORK
TagReaderController(skC , pkC , DataB,B) (skT , pkT , pkC , req)(locR)
req, locR req
run DB = (KV ,KP , P, V,B)run V (skC , pkC) run P (skT , pkT )
output Out, pk
if (pk, locR, req) 2 DataB
OutC = Out
POut = (pk, locR, req)
else OutC = 0
OutC
![Page 116: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/116.jpg)
32
AC WITH DBOUR FRAMEWORK
TagReaderController(skC , pkC , DataB,B) (skT , pkT , pkC , req)(locR)
req, locR req
run DB = (KV ,KP , P, V,B)run V (skC , pkC) run P (skT , pkT )
output Out, pk
if (pk, locR, req) 2 DataB
OutC = Out
POut = (pk, locR, req)
else OutC = 0
OutCOutC
![Page 117: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/117.jpg)
33
AC WITH DBSECURITY AND PRIVACY OF OUR FRAMEWORK
Assuming that the DB protocol is MiM-secure and DH-secure, then an AC protocol with using this DB protocol with our framework is a secure AC protocol.
SECURITY
*Handan Kılınç and Serge Vaudenay. Contactless Access Control based on Distance bounding. In ISC, 2017
![Page 118: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/118.jpg)
33
AC WITH DBSECURITY AND PRIVACY OF OUR FRAMEWORK
Assuming that the DB protocol is MiM-secure and DH-secure, then an AC protocol with using this DB protocol with our framework is a secure AC protocol.
Assuming that the DB protocol is private DB, then an AC
protocol with our framework is private AC protocol when DataB is trivial.
SECURITY
PRIVACY
*Handan Kılınç and Serge Vaudenay. Contactless Access Control based on Distance bounding. In ISC, 2017
![Page 119: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/119.jpg)
33
AC WITH DBSECURITY AND PRIVACY OF OUR FRAMEWORK
Assuming that the DB protocol is MiM-secure and DH-secure, then an AC protocol with using this DB protocol with our framework is a secure AC protocol.
Assuming that the DB protocol is private DB, then an AC
protocol with our framework is private AC protocol when DataB is trivial.
SECURITY
PRIVACY
empty or contains all possible triplets
*Handan Kılınç and Serge Vaudenay. Contactless Access Control based on Distance bounding. In ISC, 2017
![Page 120: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/120.jpg)
34
AC WITH DBPRIVACY
DB = (KP ,KV , P, V,B) DB0 = (KP ,KV , P0, V 0, B)
*Handan Kılınç and Serge Vaudenay. Contactless Access Control based on Distance bounding. In ISC, 2017
![Page 121: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/121.jpg)
34
AC WITH DBPRIVACY
DB = (KP ,KV , P, V,B) DB0 = (KP ,KV , P0, V 0, B)
V 0(skV , pkV ) P 0(skP , pkP , pkV )
*Handan Kılınç and Serge Vaudenay. Contactless Access Control based on Distance bounding. In ISC, 2017
![Page 122: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/122.jpg)
34
AC WITH DBPRIVACY
DB = (KP ,KV , P, V,B) DB0 = (KP ,KV , P0, V 0, B)
flag = 0
V 0(skV , pkV ) P 0(skP , pkP , pkV )
*Handan Kılınç and Serge Vaudenay. Contactless Access Control based on Distance bounding. In ISC, 2017
![Page 123: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/123.jpg)
34
AC WITH DBPRIVACY
DB = (KP ,KV , P, V,B) DB0 = (KP ,KV , P0, V 0, B)
flag = 0
V 0(skV , pkV ) P 0(skP , pkP , pkV )flag
*Handan Kılınç and Serge Vaudenay. Contactless Access Control based on Distance bounding. In ISC, 2017
![Page 124: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/124.jpg)
34
AC WITH DBPRIVACY
DB = (KP ,KV , P, V,B) DB0 = (KP ,KV , P0, V 0, B)
flag = 0 if flag = 1 and pkP is odd
KP ! (sk0P , pk0P )
(skP , pkP ) (sk0P , pk0P )
V 0(skV , pkV ) P 0(skP , pkP , pkV )flag
*Handan Kılınç and Serge Vaudenay. Contactless Access Control based on Distance bounding. In ISC, 2017
![Page 125: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/125.jpg)
34
AC WITH DBPRIVACY
DB = (KP ,KV , P, V,B) DB0 = (KP ,KV , P0, V 0, B)
flag = 0
run V (skV , pkV )
if flag = 1 and pkP is odd
KP ! (sk0P , pk0P )
(skP , pkP ) (sk0P , pk0P )
run P (skP , pkP , pkV )
V 0(skV , pkV ) P 0(skP , pkP , pkV )flag
*Handan Kılınç and Serge Vaudenay. Contactless Access Control based on Distance bounding. In ISC, 2017
![Page 126: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/126.jpg)
34
AC WITH DBPRIVACY
DB = (KP ,KV , P, V,B) DB0 = (KP ,KV , P0, V 0, B)
flag = 0
run V (skV , pkV )
if flag = 1 and pkP is odd
KP ! (sk0P , pk0P )
(skP , pkP ) (sk0P , pk0P )
run P (skP , pkP , pkV )
V 0(skV , pkV ) P 0(skP , pkP , pkV )
DB = (KP ,KV , P, V,B)
flag
*Handan Kılınç and Serge Vaudenay. Contactless Access Control based on Distance bounding. In ISC, 2017
![Page 127: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/127.jpg)
34
AC WITH DBPRIVACY
DB = (KP ,KV , P, V,B) DB0 = (KP ,KV , P0, V 0, B)
flag = 0
run V (skV , pkV )
if flag = 1 and pkP is odd
KP ! (sk0P , pk0P )
(skP , pkP ) (sk0P , pk0P )
run P (skP , pkP , pkV )
V 0(skV , pkV ) P 0(skP , pkP , pkV )
DB = (KP ,KV , P, V,B)
flag
AC Protocol using DB’ with our framework
*Handan Kılınç and Serge Vaudenay. Contactless Access Control based on Distance bounding. In ISC, 2017
![Page 128: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/128.jpg)
34
AC WITH DBPRIVACY
DB = (KP ,KV , P, V,B) DB0 = (KP ,KV , P0, V 0, B)
flag = 0
run V (skV , pkV )
if flag = 1 and pkP is odd
KP ! (sk0P , pk0P )
(skP , pkP ) (sk0P , pk0P )
run P (skP , pkP , pkV )
V 0(skV , pkV ) P 0(skP , pkP , pkV )
DB = (KP ,KV , P, V,B)
flag
AC Protocol using DB’ with our framework
*Handan Kılınç and Serge Vaudenay. Contactless Access Control based on Distance bounding. In ISC, 2017
![Page 129: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/129.jpg)
34
AC WITH DBPRIVACY
DB = (KP ,KV , P, V,B) DB0 = (KP ,KV , P0, V 0, B)
flag = 0
run V (skV , pkV )
if flag = 1 and pkP is odd
KP ! (sk0P , pk0P )
(skP , pkP ) (sk0P , pk0P )
run P (skP , pkP , pkV )
V 0(skV , pkV ) P 0(skP , pkP , pkV )
DB = (KP ,KV , P, V,B)
flag
AC Protocol using DB’ with our framework
DataB = {(pk1, locR, req), (pk2, locR, req)}
*Handan Kılınç and Serge Vaudenay. Contactless Access Control based on Distance bounding. In ISC, 2017
![Page 130: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/130.jpg)
34
AC WITH DBPRIVACY
DB = (KP ,KV , P, V,B) DB0 = (KP ,KV , P0, V 0, B)
flag = 0
run V (skV , pkV )
if flag = 1 and pkP is odd
KP ! (sk0P , pk0P )
(skP , pkP ) (sk0P , pk0P )
run P (skP , pkP , pkV )
V 0(skV , pkV ) P 0(skP , pkP , pkV )
DB = (KP ,KV , P, V,B)
flag
AC Protocol using DB’ with our framework
pk1 is odd pk2 is even
DataB = {(pk1, locR, req), (pk2, locR, req)}
*Handan Kılınç and Serge Vaudenay. Contactless Access Control based on Distance bounding. In ISC, 2017
![Page 131: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/131.jpg)
34
AC WITH DBPRIVACY
DB = (KP ,KV , P, V,B) DB0 = (KP ,KV , P0, V 0, B)
flag = 0
run V (skV , pkV )
if flag = 1 and pkP is odd
KP ! (sk0P , pk0P )
(skP , pkP ) (sk0P , pk0P )
run P (skP , pkP , pkV )
V 0(skV , pkV ) P 0(skP , pkP , pkV )
DB = (KP ,KV , P, V,B)
flag
AC Protocol using DB’ with our framework
Pair(1,2) pk1 is odd pk2 is even
DataB = {(pk1, locR, req), (pk2, locR, req)}
*Handan Kılınç and Serge Vaudenay. Contactless Access Control based on Distance bounding. In ISC, 2017
![Page 132: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/132.jpg)
34
AC WITH DBPRIVACY
DB = (KP ,KV , P, V,B) DB0 = (KP ,KV , P0, V 0, B)
flag = 0
run V (skV , pkV )
if flag = 1 and pkP is odd
KP ! (sk0P , pk0P )
(skP , pkP ) (sk0P , pk0P )
run P (skP , pkP , pkV )
V 0(skV , pkV ) P 0(skP , pkP , pkV )
DB = (KP ,KV , P, V,B)
flag
AC Protocol using DB’ with our framework
Pair(1,2) pk1 is odd pk2 is even
DataB = {(pk1, locR, req), (pk2, locR, req)}R T
*Handan Kılınç and Serge Vaudenay. Contactless Access Control based on Distance bounding. In ISC, 2017
![Page 133: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/133.jpg)
34
AC WITH DBPRIVACY
DB = (KP ,KV , P, V,B) DB0 = (KP ,KV , P0, V 0, B)
flag = 0
run V (skV , pkV )
if flag = 1 and pkP is odd
KP ! (sk0P , pk0P )
(skP , pkP ) (sk0P , pk0P )
run P (skP , pkP , pkV )
V 0(skV , pkV ) P 0(skP , pkP , pkV )
DB = (KP ,KV , P, V,B)
flag
AC Protocol using DB’ with our framework
Pair(1,2) pk1 is odd pk2 is even
DataB = {(pk1, locR, req), (pk2, locR, req)}R T
*Handan Kılınç and Serge Vaudenay. Contactless Access Control based on Distance bounding. In ISC, 2017
![Page 134: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/134.jpg)
34
AC WITH DBPRIVACY
DB = (KP ,KV , P, V,B) DB0 = (KP ,KV , P0, V 0, B)
flag = 0
run V (skV , pkV )
if flag = 1 and pkP is odd
KP ! (sk0P , pk0P )
(skP , pkP ) (sk0P , pk0P )
run P (skP , pkP , pkV )
V 0(skV , pkV ) P 0(skP , pkP , pkV )
DB = (KP ,KV , P, V,B)
flag
AC Protocol using DB’ with our framework
Pair(1,2) pk1 is odd pk2 is even
DataB = {(pk1, locR, req), (pk2, locR, req)}Rflag = 1flag = 0
T
*Handan Kılınç and Serge Vaudenay. Contactless Access Control based on Distance bounding. In ISC, 2017
![Page 135: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/135.jpg)
34
AC WITH DBPRIVACY
DB = (KP ,KV , P, V,B) DB0 = (KP ,KV , P0, V 0, B)
flag = 0
run V (skV , pkV )
if flag = 1 and pkP is odd
KP ! (sk0P , pk0P )
(skP , pkP ) (sk0P , pk0P )
run P (skP , pkP , pkV )
V 0(skV , pkV ) P 0(skP , pkP , pkV )
DB = (KP ,KV , P, V,B)
flag
AC Protocol using DB’ with our framework
Pair(1,2) pk1 is odd pk2 is even
DataB = {(pk1, locR, req), (pk2, locR, req)}ROutR
flag = 1flag = 0T
*Handan Kılınç and Serge Vaudenay. Contactless Access Control based on Distance bounding. In ISC, 2017
![Page 136: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/136.jpg)
34
AC WITH DBPRIVACY
DB = (KP ,KV , P, V,B) DB0 = (KP ,KV , P0, V 0, B)
flag = 0
run V (skV , pkV )
if flag = 1 and pkP is odd
KP ! (sk0P , pk0P )
(skP , pkP ) (sk0P , pk0P )
run P (skP , pkP , pkV )
V 0(skV , pkV ) P 0(skP , pkP , pkV )
DB = (KP ,KV , P, V,B)
flag
AC Protocol using DB’ with our framework
Pair(1,2) pk1 is odd pk2 is even
DataB = {(pk1, locR, req), (pk2, locR, req)}ROutR
flag = 1flag = 0T
if OutR = 1output b0 = `
elseoutput b0 = r
*Handan Kılınç and Serge Vaudenay. Contactless Access Control based on Distance bounding. In ISC, 2017
![Page 137: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/137.jpg)
35
AC WITH DBEFF-AC (AN INSTANTIATION OF OUR FRAMEWORK)
![Page 138: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/138.jpg)
36
OUTLINE
✓EFFICIENT PUBLIC-KEY DB PROTOCOLIntroductionWeak-authenticated Key AgreementEff-pkDB and its private variantComparison
✓ACCESS CONTROL WITH DBIntroductionSecurity and Privacy model for ACOur FrameworkConclusion
![Page 139: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/139.jpg)
37
CONCLUSION
We define an integrated security model for AC including identification, access control, and distance bounding.
We give a framework that clarifies how to use a secure DB to construct a secure AC in our new security model.
We show that the same framework can be used to achieve privacy in AC with restrictions on the database of AC system.
![Page 140: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/140.jpg)
37
CONCLUSION
We define an integrated security model for AC including identification, access control, and distance bounding.
We give a framework that clarifies how to use a secure DB to construct a secure AC in our new security model.
We show that the same framework can be used to achieve privacy in AC with restrictions on the database of AC system.
*’Secure Contactless Payment’ will appear in ACISP 2018
![Page 141: PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION …PUBLIC-KEY DISTANCE BOUNDING AND ITS APPLICATION ON CONTACTLESS ACCESS CONTROL Handan Kılınç handan.kilinc@epfl.ch Presentation](https://reader033.vdocument.in/reader033/viewer/2022060407/5f0fc2887e708231d445bf43/html5/thumbnails/141.jpg)
EFF-PKDB WITH SIM-TF
38