Table of contents

  • This session has been presented February 07, 2014.

Description

  • Speaker

    Maria Cristina Onete - IRISA

Authentication protocols, run between a prover and a verifier, allow the verifier to check the legitimacy of the prover. A legitimate prover should always authenticate (the correctness requirement), while illegitimate parties (adversaries) should not authenticate (the soundness or impersonation resistance requirement). Secure authentication protocols thwart most Man-in-the-Middle (MIM) attacks, such as replays, but they do not prevent relay attacks , where a coalition of two adversaries, a leech and a ghost , forwards messages between an honest verifier and an honest, far-away prover so as to let the illegitimate ghost authenticate.<br/> Distance-bounding protocols strengthen the security of authentication so as to prevent pure relaying, by enabling the verifier to upper-bound his distance to the prover. This is done by adding a number of time-critical challenge-response rounds, where bits are exchanged over a fast channel; the verifier measures the challenge-response roundtrip and compares it to a time-based proximity bound. There are four attacks such protocols should prevent: mafia fraud, where a MIM adversary tries to authenticate in the presence of a far-away (honest) prover, without purely relaying messages (the clock prevents this); terrorist fraud, where the prover is dishonest and helps the MIM adversary authenticate insofar as this help does not give the adversary any advantage for future (unaided) authentication; distance fraud, where a far-away prover wants to prove he is within the verifier's proximity; and (lazy-round) impersonation security, requiring a degree of impersonation security even for the exchanges that are not timed. Constructing distance-bounding protocols is a highly non-trivial task, since often providing security against one requirement creates a vulnerability with respect to a different requirement. I propose to describe how to construct distance-bounding protocols which are probably secure and also guarantee the prover's privacy.

Next sessions

  • Random lattices that are modules over the ring of integers

    • May 22, 2026 (13:45 - 15:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Nihar Gargava - Institut de Mathématiques d'Orsay

    We investigate the average number of lattice points within a ball where the lattice is chosen at random from the set of unit determinant ideal or modules lattices of some cyclotomic number field. The goal is to consider the space of such lattice as a probabilistic space and then study the distribution of lattice point counts. This is inspired by the connections of this problem to lattice-based[…]

    • Cryptography

  • Schéma de signature à clé publique : Frobénius-UOV

    • May 29, 2026 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Gilles Macario-Rat - Orange

    L'exposé présente un schéma de signature à clé publique post-quantique inspiré du schéma UOV et introduisant un nouvel outil : les formes de Frobénius. L'accent est mis sur le rôle et les propriétés des formes de Frobénius dans ce nouveau schéma : la simplicité de description, la facilité de mise en oeuvre et le gain inédit sur les tailles de signature et de clé qui bat RSA-2048 au niveau de[…]

  • Yoyo tricks with a BEANIE

    • June 05, 2026 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Xavier Bonnetain - Inria

    TBD

    • Cryptography

    • Symmetrical primitive

Show previous sessions
Page top