Telecommunication Systems

, Volume 58, Issue 3, pp 219–231 | Cite as

Achieving an appropriate security level for distance bounding protocols over a noisy channel

  • Hoda Jannati
  • Abolfazl Falahati


A relay attack is probably the most popular assault that is normally executed over RFID security protocols. To protect RFID systems against this attack, distance bounding protocols are commonly employed. Within such protocols, the reader estimates an upper bound for the physical distance between the tag and itself as well as authenticating the tag. In this paper, as a general case, the concept of a distance bounding protocol is introduced with five adjustable security parameters characterized by \(p_d\), \(k\), \(n\), \(t_1\) and \(t_2\). Since RFID systems and distance bounding protocols are principally vulnerable to noise, the security analysis for the introduced distance bounding protocol is performed over a noisy channel. With such analysis, the attacker’s success probability due to mafia fraud and distance fraud attacks are obtained in a closed form through the five security parameters and the probability of erroneous transmission. The analytic results show that, with the proper selection of the mentioned security parameters in a known noisy environment, a distance bounding protocol provides the optimal attackers’ success probabilities with the desirable number of iterations and memory requirements.


Distance bounding protocol Distance fraud attack Mafia fraud attack Radio frequency identification Relay attack 


  1. 1.
    Avoine, G., Bingol, M. A., Kardas, S., Lauradoux, C., & Martin, B. (2011). A framework for analyzing RFID distance bounding protocols. Journal of Computer Security, 19(2), 289–317. IOS Press.Google Scholar
  2. 2.
    Avoine, G., & Kim, C. H. (2012). Mutual distance bounding protocols. IEEE Transactions on Mobile Computing, 12(5), 830–839.CrossRefGoogle Scholar
  3. 3.
    Avoine, G., & Tchamkerten, A., (2009). An efficient distance bounding RFID authentication protocol: balancing false-acceptance rate and memory requirement. In 12th International Conference on Information Security-ISC’09 (vol. 5735 of LNCS, pp. 250–261). Springer.Google Scholar
  4. 4.
    Conway, J. H. (1976). On numbers and games, number 6 in London mathematical society monographs. London-New-San Francisco: Academic Press.Google Scholar
  5. 5.
    Cremers, C., Rasmussen, K. B., & Capkun, S. (2012). Distance hijacking attacks on distance bounding protocols. In IEEE Computer Society Symposium on Security and Privacy-SP’12 (pp. 113–127).Google Scholar
  6. 6.
    Chien, H. Y., Yang, C. S., & Hou, H. P. (2012). Non-linearity cannot help RFID resist full-disclosure attacks and terrorist fraud attacks. Security and Communication Networks. doi: 10.1002/sec.410, John Wiley.
  7. 7.
    Desmedt, Y., Goutier, C., & Bengio, S. (1988). Special uses and abuses of the Fiat-Shamir passport protocol. In Advances in Cryptology-CRYPTO ’87 (vol. 293 of LNCS, pp. 21–39). Springer.Google Scholar
  8. 8.
    Drimer, S., & Murdoch, S. J. (2007). Keep your enemies close: distance bounding against smartcard relay attacks. In 16th USENIX Security Symposium on USENIX Security Symposium (vol. 7). USENIX Association Berkeley.Google Scholar
  9. 9.
    Francillon, A., Danev, B., & Capkun, S. (2011). Relay attacks on passive keyless entry and start systems in modern cars. In 18th Annual Network and Distributed System Security Symposium. The Internet Society.Google Scholar
  10. 10.
    Francis, L., Hancke, G. P., Mayes, K., & Markantonakis, K. (2010). Practical NFC peer-to-peer relay attack using mobile phones. In 6th International Conference on Radio Frequency Identification: Security and Privacy Issues-RFIDSec’10 (vol. 6370 of LNCS, pp. 35–49). Springer.Google Scholar
  11. 11.
    Falahati, A., & Jannati, H. (2012). Application of distance bounding protocols with random challenges over RFID noisy communication systems. In IET Conference on Wireless Sensor Systems-WSS’12 (pp. 1–5). London: RIBA.Google Scholar
  12. 12.
    Hancke, G. P. (2006). Practical attacks on proximity identification systems. In IEEE Symposium on Security and Privacy-SP 2006 (pp. 328–333). IEEE Computer Society.Google Scholar
  13. 13.
    Hancke, G. P. (2011). Design of a secure distance-bounding channel for RFID. Journal of Network and Computer Applications, 34(3), 877–887. Elsevier.CrossRefGoogle Scholar
  14. 14.
    Hancke, G. P., & Kuhn, M. (2005). An RFID distance bounding protocol. In 1st International Conference on Security and Privacy for Emergent Areas in Communications Networks (SECURECOMM’05) (pp. 67–73). IEEE Computer Society.Google Scholar
  15. 15.
    Hancke, G. P., Mayes, K., & Markantonakis, K. (2009). Confidence in smart token proximity: relay attacks revisited. Computers and Security, 28(7), 615–627. Elsevier.CrossRefGoogle Scholar
  16. 16.
    Halvac, M., & Rosa, T. (2007). A note on the relay attacks on e-passports: The case of Czech e-passports. Cryptology ePrint Archive, Report 2007/244, IACR.Google Scholar
  17. 17.
    Han, G., Xu, H., Duong, T. Q., Jiang, J., & Hara, T. (2011). Localization algorithms of wireless sensor networks: a survey. Telecommunication Systems Journal, doi: 10.1007/s11235-011-9564-7.
  18. 18.
    Issovits, W., & Hutter, M. (2011). Weaknesses of the ISO/IEC 14443 protocol regarding relay attacks. In International Conference on RFID Technologies and Applications (pp. 335–342). IEEE.Google Scholar
  19. 19.
    Jannati, H., & Falahati, A., (2011). Cryptanalysis and enhancement of a secure group ownership transfer protocol for RFID tags. In International Conference on Global Security, Safety and Sustainability-ICGS3’11 (vol. 99 of LNICS, pp. 186–193). Springer.Google Scholar
  20. 20.
    Jannati, H., & Falahati, A. (2012). Cryptanalysis and enhancement of two low cost RFID authentication protocols. International Journal of UbiComp (IJU), 3(1), 1–9.CrossRefGoogle Scholar
  21. 21.
    Kim, C. H., & Avoine, G. (2011). RFID distance bounding protocols with mixed challenges. IEEE Transactions on Wireless Communications, 10(5), 1618–1626.CrossRefGoogle Scholar
  22. 22.
    Kim, C. H., Avoine, G., Koeune, F., Standaert, F. X., & Pereira, O. (2009). The swiss-knife RFID distance bounding protocol. In International Conference on Information Security and Cryptology-ICISC’08 (vol. 5461 of LNCS, pp. 98–115). Springer.Google Scholar
  23. 23.
    Kim, Y. S., & Kim, S. H. (2011). RFID distance bounding protocol using m-ary challenges. International Conference on ICT Convergence-ICTC. (pp. 782–783). IEEE.Google Scholar
  24. 24.
    Kara, O., Kardas, S., Bingol, M. A., & Avoine, G. (2010). Optimal security limits of RFID distance bounding protocols. In 6th International Conference on Radio Frequency Identification: Security and Privacy Issues-RFIDSec’10 (vol. 6370 of LNCS, pp. 220–238). Springer.Google Scholar
  25. 25.
    Kardas, S., Kiraz, M. S., Bingol, M. A., & Demirci, H. (2012). A novel RFID distance bounding protocol based on physically unclonable functions. In 7th International Workshop on RFID Security and Privacy-RFIDSec’11 (vol. 7055 of LNCS, pp. 78–93). Springer.Google Scholar
  26. 26.
    Mitrokotsa, A., Dimitrakakis, C., Peris-Lopez, P., & Hernandez-Castro, J. C. (2010). Reid et al’.s distance bounding protocol and mafia fraud attacks over noisy channels. IEEE Communications Letters, 14(2), 121–123.CrossRefGoogle Scholar
  27. 27.
    Marinoni, S., & Kari, H. H. (2006). Ad hoc routing protocol’s performance: a realistic simulation based study. Telecommunication Systems Journal, 33(1–3), 269–289.CrossRefGoogle Scholar
  28. 28.
    Munilla, J., Ortiz, A., & Peinado, A. (2006). Distance bounding protocols with void-challenges for RFID. In Workshop on RFID Security-RFIDSec’06 Graz.Google Scholar
  29. 29.
    Munilla, J., & Peinado, A. (2008). Distance bounding protocols for RFID enhanced by using void-challenges and analysis in noisy channels. Wireless Communications and Mobile Computing, 8(9), 1227–1232. an extended abstract appears in [28].CrossRefGoogle Scholar
  30. 30.
    Munilla, J., & Peinado, A. (2010). Enhanced low-cost RFID protocol to detect relay attacks. Wireless Communications and Mobile Computing, 10(3), 361–371.Google Scholar
  31. 31.
    Niculescu, D., & Nath, B. (2003). DV based positioning in ad hoc networks. Telecommunication Systems Journal, 22(1–4), 267–280.CrossRefGoogle Scholar
  32. 32.
    Rasmussen, K. B., & Capkun, S. (2010). Realization of RF distance bounding. In 19th USENIX Conference on Security, USENIX Security’10.Google Scholar
  33. 33.
    Rasua, R. T., Martin, B., & Avoine, G. (2010). The poulidor distance-bounding protocol. 6th International Conference on Radio Frequency Identification: Security And Privacy Issues-RFIDSec’10 (vol. 6370 of LNCS, pp. 239–257). Springer.Google Scholar
  34. 34.
    Reid, J., Nieto, J. G., Tang, T., & Senadji, B. (2007). Detecting relay attacks with timing based protocols. In 2nd ACM Symposium on Information, Computer and Communications Security (pp. 204–213). ACM.Google Scholar
  35. 35.
    Stoyanova, T., Kerasiotis, F., Prayati, A., & Papadopoulos, G. (2009). Evaluation of impact factors on RSS accuracy for localization and tracking applications in sensor networks. Telecommunication Systems Journal, 42(3–4), 235–248.CrossRefGoogle Scholar
  36. 36.
    Singelee, D., & Preneel, B. (2005). Location verification using secure distance bounding protocols. In IEEE International Conference on Mobile Adhoc and Sensor Systems (pp. 834–840).Google Scholar
  37. 37.
    Thong, T. V., & Buttyan, L. (2011). On automating the verification of secure ad-hoc network routing protocols. Telecommunication Systems Journal. doi: 10.1007/s11235-011-9592-3.
  38. 38.
    Xin, W., Yang, T., Tang, C., Hu, J., & Chen, Z., (2011). A distance bounding protocol using error state and punishment. In First International Conference on Instrumentation, Measurement, Computer, Communication and Control (pp. 436–440). IEEE Computer Society.Google Scholar
  39. 39.
    Xiong, H, Zhang, D., Zhang, D., & Gauthier, V. (2012). Predicting mobile phone user locations by exploiting collective behavioral patterns. In 9th International Conference on Ubiquitous Intelligence and Computing and 9th International Conference on Autonomic and Trusted Computing-UIC/ATC’12 (pp. 164–171). IEEE Computer Society.Google Scholar
  40. 40.
    Yum, D. H., Kim, J. S., Hong, S. J., & Lee, P. J. (2011). Distance bounding protocol for mutual authentication. IEEE Transactions on Wireless Communications, 10(2), 592–601.CrossRefGoogle Scholar
  41. 41.
    Yum, D. H., Kim, J. S., Hong, S. J., & Lee, P. J. (2011). Distance bounding protocol with adjustable false acceptance rate. IEEE Communications Letters, 15(4), 434–436.CrossRefGoogle Scholar
  42. 42.
    Zhang, D., Huang, H., Chen, M., & Liao, X. (2012). Empirical study on taxi GPS traces for vehicular ad hoc networks. In IEEE International Conference on Communications-ICC’12 (pp. 581–585).Google Scholar
  43. 43.
    Zhang, D., Vasilakos, A. V., & Xiong, H. (2012). Predicting location using mobile phone calls. ACM SIGCOMM 2012 Conference (pp. 295–296).Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  1. 1.Department of Electrical Engineering (DCCS Lab)Iran University of Science and TechnologyTehranIran

Personalised recommendations