Practical and Provably Secure Distance-Bounding

  • Ioana Boureanu
  • Aikaterini Mitrokotsa
  • Serge VaudenayEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7807)


From contactless payments to remote car unlocking, many applications are vulnerable to relay attacks. Distance bounding protocols are the main practical countermeasure against these attacks. At FSE 2013, we presented SKI as the first family of provably secure distance bounding protocols. At LIGHTSEC 2013, we presented the best attacks against SKI. In this paper, we present the security proofs. More precisely, we explicate a general formalism for distance-bounding protocols. Then, we prove that SKI and its variants is provably secure, even under the real-life setting of noisy communications, against the main types of relay attacks: distance-fraud and generalised versions of mafia- and terrorist-fraud. For this, we reinforce the idea of using secret sharing, combined with the new notion of a leakage scheme. In view of resistance to mafia-frauds and terrorist-frauds, we present the notion of circular-keying for pseudorandom functions (PRFs); this notion models the employment of a PRF, with possible linear reuse of the key. We also use PRF masking to fix common mistakes in existing security proofs/claims.


  1. 1.
    Avoine, G., Bingöl, M., Kardas, S., Lauradoux, C., Martin, B.: A framework for analyzing RFID distance bounding protocols. J. Comput. Secur. 19(2), 289–317 (2011)Google Scholar
  2. 2.
    Avoine, G., Lauradoux, C., Martin, B.: How secret-sharing can defeat terrorist fraud. In: ACM Conference on Wireless Network Security, WISEC 2011, Hamburg, Germany, pp. 145–156. ACM (2011)Google Scholar
  3. 3.
    Bay, A., Boureanu, I., Mitrokotsa, A., Spulber, I., Vaudenay, S.: The bussard-bagga and other distance-bounding protocols under attacks. In: Kutylowski, M., Yung, M. (eds.) Inscrypt 2012. LNCS, vol. 7763, pp. 371–391. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  4. 4.
    Boureanu, I., Mitrokotsa, A., Vaudenay, S.: On the pseudorandom function assumption in (secure) distance-bounding protocols. In: Hevia, A., Neven, G. (eds.) LatinCrypt 2012. LNCS, vol. 7533, pp. 100–120. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  5. 5.
    Boureanu, I., Mitrokotsa, A., Vaudenay,S.: On the need for secure distance-bounding. In: Early Symmetric Crypto, ESC 2013, Mondorf-les-Bains, Luxembourg, pp. 52–60. University of Luxembourg (2013)Google Scholar
  6. 6.
    Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Towards secure distance bounding. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 55–68. Springer, Heidelberg (2014). Google Scholar
  7. 7.
    Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Secure and lightweight distance-bounding. In: Avoine, G., Kara, O. (eds.) LightSec 2013. LNCS, vol. 8162, pp. 97–113. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  8. 8.
    Boureanu, I., Mitrokotsa, K., Vaudenay, S.: Practical and provably secure distance-bounding. To appear in the Journal of Computer Security (JCS). IOS Press, Eprint 2013/465.
  9. 9.
    Chernoff, H.: A measure of asymptotic efficiency for tests of a hypothesis based on the sum of observations. Ann. Math. Stat. 23(4), 493–507 (1952)zbMATHMathSciNetCrossRefGoogle Scholar
  10. 10.
    Cremers, C.J.F., Rasmussen, K.B., Schmidt, B., Capkun, S.: Distance hijacking attacks on distance bounding protocols. In: IEEE Symposium on Security and Privacy, S&P 2012, San Francisco, California, USA, pp. 113-127. IEEE Computer Society (2012)Google Scholar
  11. 11.
    Dürholz, U., Fischlin, M., Kasper, M., Onete, C.: A formal approach to distance-bounding RFID protocols. In: Zhou, J., Li, H., Lai, X. (eds.) ISC 2011. LNCS, vol. 7001, pp. 47–62. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  12. 12.
    Fischlin, M., Onete, C.: Terrorism in distance bounding: modeling terrorist-fraud resistance. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 414–431. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  13. 13.
    Hancke, G.P: Distance bounding for RFID: effectiveness of terrorist fraud. In: Conference on RFID-Technologies and Applications, RFID-TA 2012, Nice, France, pp. 91–96. IEEE (2012)Google Scholar
  14. 14.
    Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: Conference on Security and Privacy for Emerging Areas in Communications Networks, SecureComm 2005, Athens, Greece, pp. 67-73. IEEE (2005)Google Scholar
  15. 15.
    Hoeffding, W.: Probability inequalities for sums of bounded random variables. J. Am. Stat. Assoc. 58, 13–30 (1963)zbMATHMathSciNetCrossRefGoogle Scholar
  16. 16.
    Kim, C.H., Avoine, G., Koeune, F., Standaert, F.-X., Pereira, O.: The swiss-knife RFID distance bounding protocol. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 98–115. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  17. 17.
    Vaudenay, S.: On modeling terrorist frauds. In: Susilo, W., Reyhanitabar, R. (eds.) ProvSec 2013. LNCS, vol. 8209, pp. 1–20. Springer, Heidelberg (2013) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Ioana Boureanu
    • 1
    • 2
  • Aikaterini Mitrokotsa
    • 3
  • Serge Vaudenay
    • 4
    Email author
  1. 1.University of Applied Sciences Western SwitzerlandDelémontSwitzerland
  2. 2.HEIG-VDYverdon-les-bainsSwitzerland
  3. 3.Chalmers University of TechnologyGothenburgSweden
  4. 4.Ecole Polytechnique Fédérale de Lausanne (EPFL)LausanneSwitzerland

Personalised recommendations