A Formal Approach to Distance-Bounding RFID Protocols

  • Ulrich Dürholz
  • Marc Fischlin
  • Michael Kasper
  • Cristina Onete
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7001)


Distance-bounding protocols aim at impeding man-in-themiddle( MITM) attacks by measuring response times. Three kinds of attacks are usually addressed: (1) Mafia attacks where adversaries relay communication between honest prover and honest verifier in different sessions; (2) Terrorist attacks where adversaries gets limited active support from the prover to impersonate; (3) Distance attacks where a malicious prover claims to be closer to the verifier than it really is. Many protocols in the literature address one or two such threats, but no rigorous security models —nor clean proofs— exist so far. For resource-constrained RFID tags, distance-bounding is more difficult to achieve. Our contribution here is to formally define security against the above-mentioned attacks and to relate the properties. We thus refute previous beliefs about relations between the notions, showing instead that they are independent. Finally we assess the security of the RFID distance-bounding scheme due to Kim and Avoine in our model, and enhance it to include impersonation security and allow for errors due to noisy channel transmissions.


Terrorist Attack Honest Party Cryptology ePrint Archive MITM Attack USENIX Security Symposium 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abyneh, M.R.S.: Security analysis of two distance-bounding protocols. In: Proceedings of RFIDSec 2011. LNCS. Springer, Heidelberg (2011)Google Scholar
  2. 2.
    Avoine, G., Bingol, M.A., Karda, S., Lauradoux, C., Martin, B.: A formal framework for analyzing RFID distance bounding protocols. Journal of Computer Security - Special Issue on RFID System Security (2010)Google Scholar
  3. 3.
    Kara, O., Kardaş, S., Bingöl, M.A., Avoine, G.: Optimal security limits of RFID distance bounding protocols. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 220–238. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  4. 4.
    Avoine, G., Tchamkerten, A.: An efficient distance bounding RFID authentication protocol: Balancing false-acceptance rate and memory requirement. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 250–261. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Goldreich, O.: Proving computational ability (1992),
  6. 6.
    Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  8. 8.
    Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  9. 9.
    Bringer, J., Chabanne, H.: Trusted-hb: A low-cost version of hb  +  secure against man-in-the-middle attacks. Transactions on Information Theory 54(9), 4339–4342 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Bussard, L., Bagga, W.: Distance-bounding proof of knowledge to avoid real-time attacks. Security and Privacy in the Age of Ubiquitous Computing 181, 222–238 (2005)Google Scholar
  11. 11.
    Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    Capkun, S., Butty’an, L., Hubaux, J.P.: Sector: Secure tracking of node encounters in multi-hop wireless networks. In: ACM Workshop on Security of Ad Hoc and Sensor Networks - SASN, pp. 21–32. ACM Press, New York (2003)CrossRefGoogle Scholar
  13. 13.
    Carluccio, D., Kasper, T., Paar, C.: Implementation details of a multi purpose ISO 14443 RFIDtool. Printed handout of Workshop on RFID Security - RFIDSec 2006 (July 2006)Google Scholar
  14. 14.
    Chandran, N., Goyal, V., Moriarty, R., Ostrovsky, R.: Position based cryptography. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 391–407. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    Clulow, J., Hancke, G.P., Kuhn, M.G., Moore, T.: So near and yet so far: Distance-bounding attacks in wireless networks. In: Buttyán, L., Gligor, V.D., Westhoff, D. (eds.) ESAS 2006. LNCS, vol. 4357, pp. 83–97. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  16. 16.
    Desmedt, Y.: Major security problems with the ’unforgeable’ (feige)-fiat-shamir proofs of identity and how to overcome them. In: SecuriCom, pp. 15–17. SEDEP, Paris (1988)Google Scholar
  17. 17.
    Drimer, S., Murdoch, S.J.: Keep your enemies close: distance bounding against smartcard relay attacks. In: Proc. of the 16-th USENIX Security Symposium on USENIX Security Symposium, article no. 7. ACM Press, New York (2007)Google Scholar
  18. 18.
    Duc, D., Kim, K.: Securing HB+ against GRS man-in-the-middle attack. In: Symposium on Cryptography and Information Security (SCIS). The Institute of Electronics, Information and Communication Engineers (2007)Google Scholar
  19. 19.
    Francillon, A., Danev, B., Capkun, S.: Relay attacks on passive keyless entry and start systems in modern cars. Cryptology ePrint Archive, Report 2010/332 (2010), ePRINTURLGoogle Scholar
  20. 20.
    Gilbert, H., Robshaw, M., Sibert, H.: An active attack against hb+ - a provably secure lightweight authentication protocol. Cryptology ePrint Archive, Report 2005/237 (2005), ePRINTURLGoogle Scholar
  21. 21.
    Goldreich, O., Pfitzmann, B., Rivest, R.L.: Self-delegation with controlled propagation - or - what if you lose your laptop. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 153–168. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  22. 22.
    Haataja, K., Toivanen, P.: Two practical man-in-the-middle attacks on bluetooth secure simple pairing and countermeasures. Transactions on Wireless Communications 9(1), 384–392 (2010)CrossRefGoogle Scholar
  23. 23.
    Hancke, G.P.: A practical relay attack on ISO 14443 proximity cards (2005),
  24. 24.
    Hancke, G.: Distance bounding publication database (2010),
  25. 25.
    Hancke, G.P.: Design of a secure distance-bounding channel for RFID. Journal of Network and Computer Applications (2010)Google Scholar
  26. 26.
    Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: SECURECOMM, pp. 67–73. ACM Press, New York (2005)Google Scholar
  27. 27.
    Hopper, N.J., Blum, M.: Secure human identification protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  28. 28.
    Juels, A.: RFID security and privacy: a research survey. IEEE Journal on Selected Areas in Communications 24(2), 381–394 (2006)MathSciNetCrossRefGoogle Scholar
  29. 29.
    Kim, C.H., Avoine, G.: RFID distance bounding protocol with mixed challenges to prevent relay attacks. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 119–133. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  30. 30.
    Leng, X., Mayes, K., Markantonakis, K.: HB-MP+ protocol: An improvement on the HB-MP protocol. In: International Conference on RFID, pp. 118–124. IEEE Computer Society Press, Los Alamitos (2008)Google Scholar
  31. 31.
    Meadows, C., Poovendran, R., Pavlovic, D., Chang, L., Syverson, P.: Distance bounding protocols: Authentication logic analysis and collusion attacks. In: Proceedings of Secure Localization and Time Synchronization for Wireless Sensor and Ad Hoc Networks. Springer, Heidelberg (2007)Google Scholar
  32. 32.
    Ouafi, K., Overbeck, R., Vaudenay, S.: On the security of hb# against a man-in-the-middle attack. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 108–124. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  33. 33.
    Rasmussen, K.B., Čapkun, S.: Realization of RF distance bounding. In: USENIX Security Symposium (2010)Google Scholar
  34. 34.
    Reid, J., Nieto, J.M.G., Tang, T., Senadji, B.: Detecting relay attacks with timing-based protocols. In: ASIACCS, pp. 204–213. ACM Press, New York (2007)CrossRefGoogle Scholar
  35. 35.
    Schaller, P., Schmidt, B., Basin, D., Capkun, S.: Modeling and verifying physical properties of security protocols for wireless networks. In: Proceedings of the 22nd IEEE Computer Security Foundations Symposium 2009, pp. 109–123. ACM, New York (2009)CrossRefGoogle Scholar
  36. 36.
    Singelée, D., Preneel, B.: Distance bounding in noisy environments. In: Stajano, F., Meadows, C., Capkun, S., Moore, T. (eds.) ESAS 2007. LNCS, vol. 4572, pp. 101–115. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  37. 37.
    Trujillo-Rasua, R., Martin, B., Avoine, G.: The poulidor distance-bounding protocol. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 239–257. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  38. 38.
    Yung, M.: Zero-knowledge proofs of computational power. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 196–207. Springer, Heidelberg (1990)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Ulrich Dürholz
    • 2
  • Marc Fischlin
    • 1
  • Michael Kasper
    • 2
  • Cristina Onete
    • 1
  1. 1.Darmstadt University of Technology & CASEDGermany
  2. 2.Fraunhofer Institute for Secure Information Technology (SIT) and CASEDGermany

Personalised recommendations