A Formal Approach to Distance-Bounding RFID Protocols

  • Ulrich Dürholz
  • Marc Fischlin
  • Michael Kasper
  • Cristina Onete
Conference paper

DOI: 10.1007/978-3-642-24861-0_4

Volume 7001 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Dürholz U., Fischlin M., Kasper M., Onete C. (2011) A Formal Approach to Distance-Bounding RFID Protocols. In: Lai X., Zhou J., Li H. (eds) Information Security. ISC 2011. Lecture Notes in Computer Science, vol 7001. Springer, Berlin, Heidelberg

Abstract

Distance-bounding protocols aim at impeding man-in-themiddle( MITM) attacks by measuring response times. Three kinds of attacks are usually addressed: (1) Mafia attacks where adversaries relay communication between honest prover and honest verifier in different sessions; (2) Terrorist attacks where adversaries gets limited active support from the prover to impersonate; (3) Distance attacks where a malicious prover claims to be closer to the verifier than it really is. Many protocols in the literature address one or two such threats, but no rigorous security models —nor clean proofs— exist so far. For resource-constrained RFID tags, distance-bounding is more difficult to achieve. Our contribution here is to formally define security against the above-mentioned attacks and to relate the properties. We thus refute previous beliefs about relations between the notions, showing instead that they are independent. Finally we assess the security of the RFID distance-bounding scheme due to Kim and Avoine in our model, and enhance it to include impersonation security and allow for errors due to noisy channel transmissions.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Ulrich Dürholz
    • 2
  • Marc Fischlin
    • 1
  • Michael Kasper
    • 2
  • Cristina Onete
    • 1
  1. 1.Darmstadt University of Technology & CASEDGermany
  2. 2.Fraunhofer Institute for Secure Information Technology (SIT) and CASEDGermany