Security and Privacy in Ad-Hoc and Sensor Networks

Volume 4357 of the series Lecture Notes in Computer Science pp 83-97

So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks

  • Jolyon ClulowAffiliated withComputer Laboratory, University of Cambridge
  • , Gerhard P. HanckeAffiliated withComputer Laboratory, University of Cambridge
  • , Markus G. KuhnAffiliated withComputer Laboratory, University of Cambridge
  • , Tyler MooreAffiliated withComputer Laboratory, University of Cambridge

* Final gross prices may vary according to local VAT.

Get Access


Distance-bounding protocols aim to prevent an adversary from pretending that two parties are physically closer than they really are. We show that proposed distance-bounding protocols of Hu, Perrig and Johnson (2003), Sastry, Shankar and Wagner (2003), and Čapkun and Hubaux (2005, 2006) are vulnerable to a guessing attack where the malicious prover preemptively transmits guessed values for a number of response bits. We also show that communication channels not optimized for minimal latency imperil the security of distance-bounding protocols. The attacker can exploit this to appear closer himself or to perform a relaying attack against other nodes. We describe attack strategies to achieve this, including optimizing the communication protocol stack, taking early decisions as to the value of received bits and modifying the waveform of transmitted bits. We consider applying distance-bounding protocols to constrained devices and evaluate existing proposals for distance bounding in ad hoc networks.