Skip to main content
SpringerLink
Log in

A Novel RFID Distance Bounding Protocol Based on Physically Unclonable Functions

  • Conference paper
RFID. Security and Privacy (RFIDSec 2011)

Part of the book series: Lecture Notes in Computer Science ((volume 7055))

Abstract

Radio Frequency Identification (RFID) systems are vulnerable to relay attacks (i.e., mafia, terrorist and distance frauds) when they are used for authentication purposes. Distance bounding protocols are particularly designed as a countermeasure against these attacks. These protocols aim to ensure that the tags are in a distant area by measuring the round-trip delays during a rapid challenge-response exchange of short authenticated messages. Terrorist fraud is the most challenging attack to avoid, because a legitimate user (a tag owner) collaborates with an attacker to defeat the authentication system. Many RFID distance bounding protocols have been proposed recently, with encouraging results. However, none of them provides the ideal security against the terrorist fraud.

Motivated by this need, we first introduce a strong adversary model for Physically Unclonable Functions (PUFs) based authentication protocol in which the adversary has access to volatile memory of the tag. We show that the security of Sadeghi et al.’s PUF based authentication protocol is not secure in this model. We provide a new technique to improve the security of their protocol. Namely, in our scheme, even if an adversary has access to volatile memory she cannot obtain all long term keys to clone the tag. Next, we propose a novel RFID distance bounding protocol based on PUFs which satisfies the expected security requirements. Comparing to the previous protocols, the use of PUFs in our protocol enhances the system in terms of security, privacy and tag computational overhead. We also prove that our extended protocol with a final signature provides the ideal security against all those frauds, remarkably the terrorist fraud. Besides that, our protocols enjoy the attractive properties of PUFs, which provide the most cost efficient and reliable means to fingerprint chips based on their physical properties.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Avoine, G., Bingöl, M.A., Kardaş, S., Lauradoux, C., Martin, B.: A Framework for Analyzing RFID Distance Bounding Protocols. Journal of Computer Security – Special Issue on RFID System Security 19(2), 289–317 (2011)

    Google Scholar 

  2. Avoine, G., Floerkemeier, C., Martin, B.: RFID Distance Bounding Multistate Enhancement. In: Roy, B., Sendrier, N. (eds.) INDOCRYPT 2009. LNCS, vol. 5922, pp. 290–307. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  3. Beth, T., Desmedt, Y.: Identification Tokens – or: Solving the Chess Grandmaster Problem. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 169–177. Springer, Heidelberg (1991)

    Google Scholar 

  4. Bolotnyy, L., Robins, G.: Physically unclonable function-based security and privacy in rfid systems. In: Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications, pp. 211–220. IEEE Computer Society, Washington, DC, USA (2007)

    Chapter  Google Scholar 

  5. Brands, S., Chaum, D.: Distance Bounding Protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)

    Google Scholar 

  6. Bussard, L., Bagga, W.: Distance-bounding proof of knowledge to avoid real-time attacks. In: Ryoichi, S., Sihan, Q., Eiji, O. (eds.) Security and Privacy in the Age of Ubiquitous Computing, Chiba, Japan. IFIP International Federation for Information Processing, vol. 181, pp. 223–238. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  7. Conway, J.H.: On Numbers and Games. London Mathematical Society Monographs, vol. 6. Academic Press, London (1976)

    MATH  Google Scholar 

  8. Desmedt, Y., Goutier, C., Bengio, S.: Special Uses and Abuses of the Fiat Shamir Passport Protocol. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 21–39. Springer, Heidelberg (1988)

    Google Scholar 

  9. Devadas, S., Suh, E., Paral, S., Sowell, R., Ziola, T., Khandelwal, V.: Design and Implementation of PUF-Based ”Unclonable” RFID ICs for Anti-Counterfeiting and Security Applications. In: 2008 IEEE International Conference on RFID, pp. 58–64 (2008)

    Google Scholar 

  10. Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)

    Article  MATH  MathSciNet  Google Scholar 

  11. Dolev, D., Yao, A.C.-C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–207 (1983)

    Article  MATH  MathSciNet  Google Scholar 

  12. Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold-boot attacks on encryption keys. Commun. ACM 52, 91–98 (2009)

    Article  Google Scholar 

  13. Hancke, G.: A Practical Relay Attack on ISO 14443 Proximity Cards (February 2005) (manuscript)

    Google Scholar 

  14. Hancke, G., Kuhn, M.: An RFID Distance Bounding Protocol. In: Conference on Security and Privacy for Emerging Areas in Communication Networks – SecureComm 2005, Athens, Greece. IEEE (2005)

    Google Scholar 

  15. Hancke, G.P., Mayes, K., Markantonakis, K.: Confidence in smart token proximity: Relay attacks revisited. Computers & Security 28(7), 615–627 (2009)

    Article  Google Scholar 

  16. Hancke, G.P.: Practical Attacks on Proximity Identification Systems (Short Paper). In: IEEE Symposium on Security and Privacy – S&P 2006, Oakland, California, USA. IEEE, IEEE Computer Society (2006)

    Google Scholar 

  17. Hlaváč, M., Rosa, T.: A Note on the Relay Attacks on e-Passports: The Case of Czech e-Passports. In: Cryptology ePrint Archive, Report 2007/244 (2007)

    Google Scholar 

  18. Holcomb, D.E., Burleson, W.P., Fu, K.: Initial SRAM state as a fingerprint and source of true random numbers for RFID tags. In: Proceedings of the Conference on RFID Security (2007)

    Google Scholar 

  19. Kara, O., Kardaş, S., Bingöl, M.A., Avoine, G.: Optimal Security Limits of RFID Distance Bounding Protocols. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 220–238. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  20. Kim, C.H., Avoine, G., Koeune, F., Standaert, F.-X., Pereira, O.: The Swiss-Knife RFID Distance Bounding Protocol. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 98–115. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  21. Kulseng, L.: Lightweight mutual authentication, ownership transfer, and secure search protocols for rfid systems. Master’s thesis, Electrical & Computer Engineering Department, Iowa State University (2009)

    Google Scholar 

  22. Markantonakis, K., Tunstall, M., Hancke, G., Askoxylakis, I., Mayes, K.: Attacking smart card systems: Theory and practice. Information Security Technical Report 14(2), 46–56 (2009); Smart Card Applications and Security

    Google Scholar 

  23. Munilla, J., Peinado, A.: Distance bounding protocols for RFID enhanced by using void-challenges and analysis in noisy channels. Wireless Communications and Mobile Computing 8(9), 1227–1232 (2008)

    Article  Google Scholar 

  24. Naccache, D., Fremanteau, P.: Unforgeable identification device, identification device reader and method of identification. Patent-EP0583709 (1994)

    Google Scholar 

  25. Nikov, V., Vauclair, M.: Yet Another Secure Distance-Bounding Protocol. In: Cryptology ePrint Archive, Report 2008/319 (2008)

    Google Scholar 

  26. NXP. NXP mifare plus – benchmark security for mainstream applications (2009), http://mifare.net/downloads/NXP_Mifare_Plus_leaflet.pdf

  27. Ranasinghe, D.C., Engels, D.W., Cole, P.H.: Security and Privacy: Modest Proposals for Low-Cost RFID Systems. In: Proc. Auto-ID Labs Research Workshop Systems (2004)

    Google Scholar 

  28. Reid, J., Gonzaez Neito, J., Tang, T., Senadji, B.: Detecting relay attacks with timing based protocols. In: Bao, F., Miller, S. (eds.) Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security – ASIACCS 2007, Singapore, Republic of Singapore, pp. 204–213. ACM (March 2007)

    Google Scholar 

  29. Sadeghi, A.-R., Visconti, I., Wachsmann, C.: PUF-Enhanced RFID Security and Privacy. In: Secure Component and System Identification – SECSI 2010, Cologne, Germany (April 2010)

    Google Scholar 

  30. Singelée, D., Preneel, B.: Key Establishment Using Secure Distance Bounding Protocols. In: MOBIQUITOUS 2007: Proceedings of the 2007 Fourth Annual International Conference on Mobile and Ubiquitous Systems: Networking&Services (MobiQuitous), Philadelphia, Pennsylvania, USA, pp. 1–6. IEEE Computer Society (August 2007)

    Google Scholar 

  31. Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: DAC 2007: Proceedings of the 44th Annual Design Automation Conference, pp. 9–14. ACM, New York (2007)

    Chapter  Google Scholar 

  32. Trujillo-Rasua, R., Martin, B., Avoine, G.: The Poulidor Distance-Bounding Protocol. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 239–257. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  33. Tu, Y.-J., Piramuthu, S.: RFID Distance Bounding Protocols. In: First International EURASIP Workshop on RFID Technology, Vienna, Austria (September 2007)

    Google Scholar 

  34. Tuyls, P., Batina, L.: RFID-Tags for Anti-counterfeiting. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 115–131. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  35. Vaudenay, S.: On Privacy Models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  36. Čapkun, S., Buttyán, L., Hubaux, J.-P.: SECTOR: secure tracking of node encounters in multi-hop wireless networks. In: SASN 2003: Proceedings of the 1st ACM Workshop on Security of Ad Hoc and Sensor Networks, pp. 21–32. ACM, New York (2003)

    Google Scholar 

  37. Dodis, Y., Reyzin, L., Smith, A.: Fuzzy Extractors. In: Security with Noisy Data, pp. 79–99. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. TUBITAK UEKAE, Gebze, Kocaeli, Turkey

    Süleyman Kardaş, Mehmet Sabir Kiraz, Muhammed Ali Bingöl & Hüseyin Demirci

  2. Sabanci University, Istanbul, TR-34956, Turkey

    Süleyman Kardaş

  3. Institute of Science and Technology, Istanbul Technical University, Istanbul, Turkey

    Muhammed Ali Bingöl

Authors
  1. Süleyman Kardaş
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mehmet Sabir Kiraz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Muhammed Ali Bingöl
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hüseyin Demirci
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. RSA Laboratories/ EMC, 11 Cambridge Center, 02142, Cambridge, MA, USA

    Ari Juels

  2. Horst Görtz Institute for IT Security, Ruhr-University, Bochum, Germany

    Christof Paar

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kardaş, S., Kiraz, M.S., Bingöl, M.A., Demirci, H. (2012). A Novel RFID Distance Bounding Protocol Based on Physically Unclonable Functions. In: Juels, A., Paar, C. (eds) RFID. Security and Privacy. RFIDSec 2011. Lecture Notes in Computer Science, vol 7055. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25286-0_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-25286-0_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-25285-3

  • Online ISBN: 978-3-642-25286-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation