Location Verification using Secure Distance Bounding Protocols Dave Singelee, Bart Preneel ESAT-COSIC, K.U. Leuven, Belgium Email: Dave.Singelee@esat.kuleuven.be Abstract— Authentication in conventional networks (like the Internet) is usually based upon something you know (e.g., a password), something you have (e.g., a smartcard) or something you are (biometrics). In mobile ad–hoc networks, location in- formation can also be used to authenticate devices and users. We will focus on how a prover can securely show that (s)he is within a certain distance to a verifier. Brands and Chaum proposed the distance bounding protocol as a secure solution for this problem. However, this protocol is vulnerable to a so– called “terrorist fraud attack”. In this paper, we will explain how to modify the distance bounding protocol to make it resistant to this kind of attacks. Recently, two other secure distance bounding protocols were published. We will discuss the properties of these protocols and show how to use it as a building block in a location verification scheme. I. I NTRODUCTION A. Location based authentication A prover convincing a verifier of some assertion is a fre- quently recurring element in many applications. The assertion is often the identity of the prover, but it can also be more gen- eral. Successful authentication provides privileges (e.g., access to a network). In conventional networks, authentication is often based upon something you know (e.g., a password or a secret key), something you have (e.g., a smartcard) or something you are (biometrics). In daily interactions, other assertions, like the location of the proving entity, occur commonly. For instance, one has to be present in a room to be able to use the light switch. To enter a building, one has to open the (closed) door. This is only possible when one stands before the door and has the correct key. These examples show that location based authentication is used very commonly in our daily interactions. It is also sometimes useful in mobile (ad– hoc) networks. E.g., a node in a sensor network would only like to talk to its neighbors. Another example is a user who wants to print confidential documents. How does (s)he know that (s)he is talking to the trusted printer in front of him and not to a malicious one? Some services are only accessible for users inside (or outside) a certain area. One can easily think of other scenarios in which one wants to verify location claims of a prover. A lot of solutions can be found in the literature [1], [2]. One could for example use GPS coordinates in a location verifica- tion scheme [3]. There are however some drawbacks to this method. E.g., it can not be used indoor. Location information does not always have to be so detailed, sometimes we are interested in the orientation (e.g., is the prover to the right or to the left), the distance, the environment, . . . Combining these pieces of information will enable to determine the exact position of the other party. In the rest of this paper, we will focus on a prover claiming to be within a certain distance. The protocols that enable the verifying party to determine an upper–bound on this distance are called distance bounding protocols. We will extend this protocol and use it in a secure location verification scheme. In contrast to other solutions, we will not assume that the environment can be trusted and only consider techniques which are resistant to active attackers. B. Organization of the paper This paper is organized as follows. In the introduction, we briefly discussed the general idea of authentication based upon location. In the rest of the paper, we will focus on how a prover can show that (s)he is within a certain distance to a verifier. This can be accomplished by using distance bounding proto- cols. To be secure, such protocols have to prevent distance fraud attacks, mafia fraud attacks and terrorist fraud attacks. This will be comprehensively described in section 2, 3 and 4. Finally, in section 5, we will show how to extend the protocol and use it as a building block in location verification schemes. Because this paper is written from a security point of view, we will only consider protocols that prevent one (or more) of the attacks described below. Most of the (commercial) distance bounding protocols and verification schemes [2] can not be used in security–critical applications. II. PREVENTING DISTANCE FRAUD ATTACKS We are interested in solving the following scenario: a verifier wants to check if a prover is within a certain distance, as (s)he claims to be. All entities which are outside this range, will be ignored by the verifier. Just asking the location will not be sufficient because the verifier does not trust the prover. One wants to prevent a dishonest prover claiming to be closer than (s)he really is. This distance fraud attack is conceptually shown in Fig. 1. An overview of location mechanisms that prevent this attack (sometimes only partially) can be found in [1]. In the rest of this section, we will focus on two important categories of solutions. A. Measuring the signal strength One could control the transmitting range of a wireless signal. It is not difficult to design such a protocol. E.g., the verifier can send out a nonce. If the prover is close, then (s)he