Wireless Personal Communications

, Volume 85, Issue 3, pp 711–726 | Cite as

An RFID Search Protocol Secured Against Relay Attack Based on Distance Bounding Approach

  • Hoda Jannati
  • Abolfazl Falahati


RFID search protocols are suggested for the past decade to efficiently find a specific tag among a large number of tags by a reader. For instance, in a pharmacy, according to a physician prescribed data, a pharmacy staff finds a specific drug package (with an attached RFID tag) by a reader employing an RFID search protocol. This paper reveals the existing RFID search protocols are vulnerable to a relay attack. In such a relay attack, an attacker is able to introduce its desirable tag instead of the specific tag which is searched by the reader and is not in the reader’s vicinity. Furthermore, in order to overcome this weakness, a new RFID search protocol using a distance bounding approach is proposed. In the proposed RFID search protocol, the reader not only authenticates the discovered tag but also establishes an upper bound for the physical distance between the discovered tag and itself. This implies the presence of the searched tag in the reader’s vicinity. The analytical results for the proposed protocol show that, with the proper selection of the system parameters, the proposed search protocol provides a desirable security level against the relay attack.


Distance bounding protocol Impersonation attack Mafia fraud attack Relay attack RFID search protocol 


  1. 1.
    Miles, S. B., Sarma, S. E., & Williams, J. R. (2008). RFID technology and applications. Cambridge: Cambridge University Press.CrossRefGoogle Scholar
  2. 2.
    Jannati, H., & Falahati, A. (2011). Cryptanalysis and enhancement of a secure group ownership transfer protocol for RFID tags. In C. K. Georgiadis, H. Jahankhani, E. Pimenidis, R. Bashroush, & A. Al-Memrat (Eds.), Global security, safety and sustainability and e-democracy (pp. 186–193)., LNICS: Vol. 99 Heiledberg: Springer.Google Scholar
  3. 3.
    Kim, Z., Kim, J., Kim, K., Choi. I., & Shon, T. (2011). Untraceable and serverless RFID authentication and search protocols. In Proceedings of ninth IEEE international symposium on parallel and distributed processing with applications workshops (ISPAW’11) (pp. 278 - 283). Busan.Google Scholar
  4. 4.
    Tan, C. C., Sheng, B., & Li, Q. (2008). Secure and serverless RFID authentication and search protocols. IEEE Transactions on Wireless Communications, 7(4), 1400–1407.CrossRefGoogle Scholar
  5. 5.
    Kulseng, L., Yu, Z., Wei, Y., & Guan, Y. (2009). Lightweight secure search protocols for low-cost RFID systems. In Proceedings of 29th IEEE international conference on distributed computing systems (ICDCS’09) (pp. 40–48). Montreal.Google Scholar
  6. 6.
    Hoque, M. E., Rahman, F., Ahamed, S. I., & Park, J. I. (2010). Enhancing privacy and security of RFID system with serverless authentication and search protocols in pervasive environments. Wireless Personal Communications, 55(1), 65–79.CrossRefGoogle Scholar
  7. 7.
    Zuo, Y. (2009). Secure and private search protocols for RFID systems. Information Systems Frontiers, 12(5), 507–519.CrossRefGoogle Scholar
  8. 8.
    Hoque, M. E., Rahman, F., & Ahamed, S. I. (2010). S-search: Finding RFID tags using scalable and secure search protocol. In Proceedings of the 25th ACM symposium on applied computing (SAC’10) (pp. 439–443). Sierre.Google Scholar
  9. 9.
    Dhal, S., & Sengupta. I. (2013). A new object searching protocol for multi-tag RFID. IACR Cryptology ePrint Archive, 485.Google Scholar
  10. 10.
    Chun, J. Y., Hwang, J. Y., & Lee, D. H. (2011). RFID tag search protocol preserving privacy of mobile reader holders. IEICE Electronics Express, 8(2), 50–56.CrossRefGoogle Scholar
  11. 11.
    Jialaing, H., Youjun, X., & Zhiqiang, X. (2014). Secure and private protocols for server-less RFID systems. International Journal of Control and Automation, 7(2), 131–142.CrossRefGoogle Scholar
  12. 12.
    Lin, I. C., Tsaur, S. C, & Chang, K. P. (2009). Lightweight and serverless RFID authentication and search protocol. In Proceedings of second international conference on computer and electrical engineering (ICCEE’09) (pp. 95–99). Dubai.Google Scholar
  13. 13.
    Sundaresan, S., Doss, R., & Zhou, W. (2012). A serverless ultra-lightweight secure search protocol for EPC Class-l Gen-2 UHF RFID tags. In Proceedings of International Conference on Computer & Information Science (ICCIS’12), Kuala Lumper, Malaysia (pp. 580–585).Google Scholar
  14. 14.
    Won, T. Y., Chun, J. Y., & Lee, D. H. (2008). Strong authentication protocol for secure RFID tag search without help of central database. In Proceedings of IEEE/IFIP international conference on embedded and ubiquitous computing (EUC’08) (pp. 153–158). Shanghai.Google Scholar
  15. 15.
    Hossain, M. S., & Ahamed, S. I. (2008). Towards a simple secured searching protocol for future RFID applications. In Proceedings of 12th IEEE International Workshop on Future Trends of Distributed Computing Systems (FTDCS’08) (pp. 151–157). Kunming.Google Scholar
  16. 16.
    Lee, Y. K., Batina, L., Singelee, D., & Verbauwhede, I. (2010). Low-cost untraceable authentication protocols for RFID. In Proceedings of the third ACM conference on wireless network security (WiSec’10) (pp. 55–64). Hoboken.Google Scholar
  17. 17.
    Yoon, H. S., & Youm, H. Y. (2011). An anonymous search protocol for RFID systems. Journal of Convergence Information Technology, 6(8), 44–50.CrossRefGoogle Scholar
  18. 18.
    Sundaresan, S., Doss, R., Zhou, & W. Senior. (2012). A secure search protocol based on quadratic residues for epc class-1 gen-2 uhf rfid tags. In Proceedings of ieee 23rd international symposium on personal indoor and mobile radio communications (PIMRC) (pp. 30–35). Sydney.Google Scholar
  19. 19.
    Piramuth, S. (2012). Vulnerabilities of RFID protocols proposed in ISF. Information Systems Frontiers, 14(3), 647–651.CrossRefGoogle Scholar
  20. 20.
    Safkhani, M., Lopez, P. P., Bagheri, N., Naderi, M., & Castro, J. C. H. (2013). On the security of Tan et al. serverless RFID authentication and search protocols. In J. H. Hoepman & I. Verbauwhede (Eds.), Radio frequency identification, security and privacy issues (pp. 1–19)., LNCS: Vol. 7739 Heiledberg: Springer.CrossRefGoogle Scholar
  21. 21.
    Hancke, G. P., Mayes, K., & Markantonakis, K. (2009). Confidence in smart token proximity: Relay attacks revisited. Computers and Security, 28(7), 615–627.CrossRefGoogle Scholar
  22. 22.
    Issovits, W., & Hutter, M. (2011). Weaknesses of the ISO/IEC 14443 protocol regarding relay attacks. In Proceedings of IEEE international conference on RFID technologies and applications (RFID-TA’11) (pp. 335–342). Sitges.Google Scholar
  23. 23.
    Francillon, A., Danev, B., & Capkun, S. (2011). Relay attacks on passive keyless entry and start systems in modern cars. In Proceedings of 18th annual network and distributed system security symposium (NDSS’11) (pp. 1–15). San Diego, CA.Google Scholar
  24. 24.
    Yang, T., Kong, L., Xin, W., Hu, J., & Chen, Z. (2012). Resisting relay attacks on vehicular passive keyless entry and start systems. In Proceedings of 9th international conference on fuzzy systems and knowledge discovery (FSKD’12) (pp. 2232–2236). Sichuan.Google Scholar
  25. 25.
    Falahati, A., & Jannati, H. (2014). Distance bounding-based RFID binding proof protocol to protect inpatient medication safety against relay attack. International Journal of Ad-Hoc and Ubiquitous Computing. Published online 2014.
  26. 26.
    Hancke, G. P., & Kuhn, M. (2005). An RFID distance bounding protocol. In Proceedings of 1st IEEE international conference on security and privacy for emergent areas in communications networks (SecureComm’05) (pp. 67–73). Athens.Google Scholar
  27. 27.
    Jannati, H., & Falahati, A. (2012). Mutual implementation of predefined and random challenges over RFID distance bounding protocol. In Proceedings of 9th international conference on information security and cryptology (ISCISC’12) (pp. 43–47). Tabriz.Google Scholar
  28. 28.
    Falahati, A., & Jannati, H. (2012). Application of distance bounding protocols with random challenges over RFID noisy communication systems. In Proceedings of IET conference on wireless sensor systems (WSS’12)(pp. 1–5). London.Google Scholar
  29. 29.
    Jannati, H., & Falahati, A. (2013). Mutual distance bounding protocol with its implementability over a noisy channel and its utilization for key agreement in peer-to-peer wireless networks. Wireless Personal Communications, 77(1), 127–149.CrossRefGoogle Scholar
  30. 30.
    Desmedt, Y., Goutier, C., & Bengio, S. (1988). Special uses and abuses of the Fiat-Shamir passport protocol. In C. Pomerance (Ed.), Advances in cryptology (pp. 21–39)., LNCS: Vol. 299 Heiledberg: Springer.Google Scholar
  31. 31.
    Mandal, K., Fan, X., & Gong, G. (2012). Warbler: A lightweight pseudorandom number generator for EPC C1 Gen2 tags. In Proceedings of workshop on RFID and IoT security, (RFIDSec’12 Asia) (pp. 73–84). Taipei.Google Scholar
  32. 32.
    Melia-Segui, J., Garcia-Alfaro, J., & Herrera-Joancomarti, J. (2013). J3Gen: A PRNG for low cost passive RFID. Sensors, 13, 3816–3830.CrossRefGoogle Scholar
  33. 33.
    EPCglobal (2013) EPCC1Gen2 EPC radio-frequency identity protocols class-1 Gen-2 UHF RFID protocol for communications at 860 MHz–960 MHz.
  34. 34.
    Jannati, H., & Falahati, A. (2013). An efficient mutual distance bounding protocol over a noisy channel. International Journal of Ad-Hoc and Ubiquitous Computing. Published online 2014.
  35. 35.
    Jannati, H., & Falahati, A. (2014). Achieving an appropriate security level for distance bounding protocols over a noisy channel. Telecommunication Systems, 58(3), 219–231.CrossRefGoogle Scholar
  36. 36.
    Zhang, Y., & Li, M. (2013). Fast tag searching protocol for large-scale RFID systems. IEEE/ACM Transactions on Networking, 21(3), 924–934.CrossRefGoogle Scholar
  37. 37.
    Chen, M., Luo, W., Mo, Z., Chen, S., & Fang, Y. (2013). An efficient tag search protocol in large-scale RFID systems. In Proceedings of the 32nd IEEE international conference on computer communications (INFOCOM’13) (pp. 899-9-7). Turin.Google Scholar

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  1. 1.School of Computer ScienceInstitute for Research in Fundamental Sciences (IPM)TehranIran
  2. 2.Department of Electrical Engineering (DCCS Lab)Iran University of Science and TechnologyTehranIran

Personalised recommendations