The Community for Technology Leaders
RSS Icon
Issue No.05 - May (2013 vol.12)
pp: 830-839
Gildas Avoine , Université Catholique de Louvain, Louvain-la-Neuve
Chong Hee Kim , Université Catholique de Louvain, Louvain-la-Neuve
A distance bounding protocol enables one entity to determine an upper bound on the physical distance to the other entity as well as to authenticate the other entity. It has been actively researched during the recent years as distance-based attacks like Mafia fraud attacks become a threat in wireless environment, especially in RFID systems. Almost all distance bounding protocols deal with unilateral authentication as they consider authentication of a passive RFID tag to a reader. Recently, a distance bounding protocol providing mutual authentication has been proposed by Yum et al. asserting that it provides a lower false acceptance rate under Mafia fraud attack. However, we show in two ways that their security margins have been overestimated. First, we show that their analysis is not correct. Second, we introduce a new attack that achieves a higher false acceptance rate. Furthermore, we introduce a method that can modify existing distance bounding protocols with unilateral authentication to ones providing mutual authentication.
Protocols, Authentication, Equations, Relays, Mathematical model, Mobile computing, relay attack, RFID, authentication, distance bounding protocol
Gildas Avoine, Chong Hee Kim, "Mutual Distance Bounding Protocols", IEEE Transactions on Mobile Computing, vol.12, no. 5, pp. 830-839, May 2013, doi:10.1109/TMC.2012.47
[1] Public Platform Independent Near Field Communication (NFC) Library, http:/, 2012.
[2] Smart Card Alliance, http:/, 2012.
[3] G. Avoine, M. Bingol, S. Kardas, C. Lauradoux, and B. Martin, “A Framework for Analyzing RFID Distance Bounding Protocols,” J. Computer Security, vol. 19, no. 2, pp. 289-317, 2010.
[4] S. Bengio, G. Brassard, Y. Desmedt, C. Goutier, and J.-J. Quisquater, “Secure Implementation of Identification Systems,” J. Cryptology, vol. 4, no. 3, pp. 175-183, 1991.
[5] T. Beth and Y. Desmedt, “Identification Tokens - Or: Solving the Chess Grandmaster Problem,” Proc. Advances in Cryptology 10th Ann. Int'l Cryptology Conf. (CRYPTO '90), pp. 169-177, 1990.
[6] S. Brands and D. Chaum, “Distance-Bounding Protocols,” Proc. Workshop Theory and Application of Cryptographic Techniques on Advances in Cryptology (EUROCRYPT '93), pp. 344-359, 1994.
[7] L. Bussard and W. Bagga, “Distance-Bounding Proof of Knowledge to Avoid Real-Time Attacks,” Proc. IFIP Int'l Federation for Information Security Conf., pp. 223-238, 2005.
[8] S. Capkun, L. Buttyan, and J.-P. Hubaux, “SECTOR: Secure Tracking of Node Encounters in Multi-Hop Wireless Networks,” Proc. ACM Workshop Security Ad Hoc Sensor Networks (SASN), pp. 21-32, 2003.
[9] J. Clulow, G.P. Hancke, M.G. Kuhn, and T. Moore, “So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks,” Proc. Third European Workshop Security and Privacy in Ad-Hoc and Sensor Networks (ESAS '06), pp. 83-97, 2006.
[10] J.H. Conway, On Numbers and Games, vol. 6, London Math. Soc. Monographs. Academic Press, 1976.
[11] Y. Desmedt, C. Goutier, and S. Bengio, “Special Uses and Abuses of the Fiat-Shamir Passport Protocol,” Proc. Seventh Ann. Int'l Cryptology Conf. Advances in Cryptology (CRYPTO '87), pp. 21-39, 1988.
[12] S. Drimer and S.J. Murdoch, “Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks,” Proc. 16th USENIX Security Symp., pp. 1-16, 2007.
[13] G. Hancke and M. Kuhn, “An RFID Distance Bounding Protocol,” Proc. First Int'l Conf. Security and Privacy for Emerging Areas in Comm. Networks (SECURECOMM '05), pp. 67-73, 2005.
[14] G. Hancke, K. Mayes, and K. Markantonakis, “Confidence in Smart Token Priximity: Relay Attacks Revisited,” Elsevier Computers and Security, vol. 28, no. 7, pp. 615-627, 2009.
[15] G. Kapoor, W. Zhou, and S. Piramuthu, “Distance Bounding Protocol for Multiple RFID Tag Authentication,” Proc. IEEE/IFIP Int'l Conf. Embedded and Ubiquitous Computing (EUC '08), pp. 115-120, 2008.
[16] C.H. Kim and G. Avoine, “RFID Distance Bounding Protocol with Mixed Challenges to Prevent Relay Attacks,” Proc. Eighth Int'l Conf. Cryptology and Network Security (CANS '09), pp. 119-133, 2009.
[17] C.H. Kim and G. Avoine, “RFID Distance Bounding Protocols with Mixed Challenges,” IEEE Trans. Wireless Comm., vol. 10, no. 5, pp. 1618-1626, May 2011.
[18] C.H. Kim, G. Avoine, F. Koeune, F.X. Standaert, and O. Pereira, “The Swiss-Knife RFID Distance Bounding Protocol,” Proc. Int'l Conf. Information Security and Cryptology (ICISC '08), pp. 98-115, 2008.
[19] J. Munilla, A. Ortiz, and A. Peinado, “Distance Bounding Protocols with Void-Challenges for RFID,” Proc. Workshop RFID Security (RFIDSec '06), 2006.
[20] J. Munilla and A. Peinado, “Distance Bounding Protocols for RFID Enhanced by Using Void-Challenges and Analysis in Noisy Channels,” Wireless Comm. and Mobile Computing, vol. 8, pp. 1227-1232, 2008.
[21] D. Singelée and B. Preneel, “Distance Bounding in Noisy Environments,” Proc. Fourth European Conf. Security and Privacy in Ad-Hoc and Sensor Networks (ESAS '07), pp. 101-115, 2007.
[22] R. Trujillo-Rasua, B. Martin, and G. Avoine, “The Poulidor Distance-Bounding Protocol,” Proc. Workshop RFID Security (RFIDSec '10), 2010.
[23] Y.-J. Tu and S. Piramuthu, “RFID Distance Bounding Protocols,” Proc. First Int'l EURASIP Workshop in RFID Technology, 2007.
[24] D.H. Yum, J.S. Kim, S.J. Hong, and P.J. Lee, “Distance Bounding Protocol for Mutual Authentication,” IEEE Trans. Wireless Comm., vol. 10, no. 2, pp. 592-601, Feb. 2011.
946 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool