Survey of Distance Bounding Protocols and Threats

  • Agnès Brelurut
  • David Gerault
  • Pascal LafourcadeEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9482)


NFC and RFID are technologies that are more and more present in our life. These technologies allow a tag to communicate without contact with a reader. In wireless communication an intruder can always listen and forward a signal, so he can mount a so-called worm hole attack. In the last decades, several Distance Bounding (DB) protocols have been introduced to avoid such attacks. In this context, there exist several threat models: Terrorist Fraud, Mafia Fraud, Distance Fraud etc. We first show the links between the existing threat models. Then we list more than forty DB protocols and give the bounds of the best known attacks for different threat models. In some cases, we explain how we are able to improve existing attacks. Then, we present some advices to the designers of the DB protocols and to the intruders to mount some attacks.


Distance bounding Threat models Mafia fraud Terrorist fraud Distance fraud RFID NFC Relay attack Collusion fraud 


  1. 1.
    Abyaneh, M.R.S.: Security analysis of two distance-bounding protocols (2011). CoRR abs/1107.3047Google Scholar
  2. 2.
    Aumasson, J.-P., Mitrokotsa, A., Peris-Lopez, P.: A note on a privacy-preserving distance-bounding protocol. In: Qing, S., Susilo, W., Wang, G., Liu, D. (eds.) ICICS 2011. LNCS, vol. 7043, pp. 78–92. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Avoine, G., Bingöl, M.A., Kardas, S., Lauradoux, C., Martin, B.: A formal framework for cryptanalyzing RFID distance bounding protocols. IACR Crypt. ePrint Arch. 2009, 543 (2009)Google Scholar
  4. 4.
    Avoine, G., Lauradoux, C., Martin, B.: How secret-sharing can defeat terrorist fraud. In: Wisec 2011, pp. 145–156. ACM (2011)Google Scholar
  5. 5.
    Avoine, G., Tchamkerten, A.: An efficient distance bounding RFID authentication protocol: balancing false-acceptance rate and memory requirement. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 250–261. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Bay, A., Boureanu, I., Mitrokotsa, A., Spulber, I., Vaudenay, S.: The bussard-bagga and other distance bounding protocols under man-in-the-middle attacks. In: Inscrypt (2012)Google Scholar
  7. 7.
    Benfarah, A., Miscopein, B., Gorce, J., Lauradoux, C., Roux, B.: Distance bounding protocols on TH-UWB radios. In: GLOBECOM, pp. 1–6 (2010)Google Scholar
  8. 8.
    Boureanu, I., Mitrokotsa, A., Vaudenay, S.: On the pseudorandom function assumption in (secure) distance-bounding protocols. In: Hevia, A., Neven, G. (eds.) LatinCrypt 2012. LNCS, vol. 7533, pp. 100–120. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  9. 9.
    Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Practical and provably secure distance-bounding. IACR Crypt. ePrint Arch. 2013, 465 (2013)Google Scholar
  10. 10.
    Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Secure and lightweight distance-bounding. In: Avoine, G., Kara, O. (eds.) LightSec 2013. LNCS, vol. 8162, pp. 97–113. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  11. 11.
    Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Towards secure distance bounding. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 55–68. Springer, Heidelberg (2014)Google Scholar
  12. 12.
    Boureanu, I., Vaudenay, S.: Optimal proximity proofs. In: Lin, D., Yung, M., Zhou, J. (eds.) Inscrypt 2014. LNCS, vol. 8957, pp. 170–190. Springer, Heidelberg (2015)Google Scholar
  13. 13.
    Boureanu, I., Vaudenay, S.: Challenges in distance bounding. IEEE Secur. Priv. 13(1), 41–48 (2015)CrossRefGoogle Scholar
  14. 14.
    Brands, S., Chaum, D.: Distance bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  15. 15.
    Bussard, L., Bagga, W.: Distance-bounding proof of knowledge to avoid real-time attacks. In: IFIP SEC 2005 (2005)Google Scholar
  16. 16.
    Capkun, S., Buttyn, L., Hubaux, J.-P.: Sector: secure tracking of node encounters in multi-hop wireless networks. In: ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN), pp. 21–32 (2003)Google Scholar
  17. 17.
    Cremers, C., Rasmussen, K.B., Schmidt, B., Capkun, S.: Distance hijacking attacks on distance bounding protocols. In: IEEE S & P (2012)Google Scholar
  18. 18.
    Desmedt, Y.: Major security problems with the “unforgeable” (feige-)fiat-shamir proofs of identity and how to overcome them. In: Securicom 1988, pp. 147–159 (1988)Google Scholar
  19. 19.
    Dürholz, U., Fischlin, M., Kasper, M., Onete, C.: A formal approach to distance-bounding RFID protocols. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 47–62. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  20. 20.
    Entezari, R., Bahramgiri, H., Tajamolian, M.: A mafia and distance fraud high-resistance RFID distance bounding protocol. In: ISCISC, pp. 67–72 (2014)Google Scholar
  21. 21.
    Falahati, A., Jannati, H.: All-or-nothing approach to protect a distance bounding protocol against terrorist fraud attack for low-cost devices. Electron. Commer. Res. 15(1), 75–95 (2015)CrossRefGoogle Scholar
  22. 22.
    Fatemeh Baghernejad, M.S., Bagheri, N.: Security analysis of the distance bounding protocol proposed by Jannati, Falahati. Electr. Comput. Eng. 2(2), 85–92 (2014)Google Scholar
  23. 23.
    Finkenzeller, K.: RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification, 2nd edn. Wiley, New York (2003)CrossRefGoogle Scholar
  24. 24.
    Fischlin, M., Onete, C.: Provably secure distance-bounding: an analysis of prominent protocols. IACR Crypt. ePrint Arch. 2012, 128 (2012)Google Scholar
  25. 25.
    Fischlin, M., Onete, C.: Terrorism in distance bounding: modeling terrorist-fraud resistance. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 414–431. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  26. 26.
    Gambs, S., Killijian, M.-O., Lauradoux, C., Onete, C., Roy, M., Traoré, M.: VSSDB: A verifiable secret-sharing and distance-bounding protocol. In: BalkanCryptSec 2014 (2014)Google Scholar
  27. 27.
    Gambs, S., Onete, C., Robert, J.: Prover anonymous and deniable distance-bounding authentication. IACR Crypt. ePrint Arch. 2014, 114 (2014)Google Scholar
  28. 28.
    Özhan Gürel, A., Arslan, A., Akgün, M.: Non-uniform stepping approach to RFID distance bounding problem. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cavalli, A., Leneutre, J. (eds.) DPM 2010 and SETOP 2010. LNCS, vol. 6514, pp. 64–78. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  29. 29.
    Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: SECURECOMM 2005, pp. 67–73. IEEE Computer Society, Washington, DC (2005)Google Scholar
  30. 30.
    Hermans, J., Peeters, R., Onete, C.: Efficient, secure, private distance bounding without key updates. In: WISEC 2013, pp. 207–218 (2013)Google Scholar
  31. 31.
    Hoda Jannati, A.F.: Mutual implementation of predefined and random challenges over RFID distance bounding protocol. In: ISCISC, pp. 43–47 (2012)Google Scholar
  32. 32.
    ju Tu, Y., Piramuthu, S.: RFID distance bounding protocols. In: First International EURASIP Workshop on RFID Technology (2007)Google Scholar
  33. 33.
    Kapoor, G., Zhou, W., Piramuthu, S.: Distance bounding protocol for multiple RFID tag authentication. In: IEEE/IPIP EUC 2008, pp. 115–120 (2008)Google Scholar
  34. 34.
    Kardaş, S., Kiraz, M.S., Bingöl, M.A., Demirci, H.: A novel RFID distance bounding protocol based on physically unclonable functions. In: Juels, A., Paar, C. (eds.) RFIDSec 2011. LNCS, vol. 7055, pp. 78–93. Springer, Heidelberg (2012)Google Scholar
  35. 35.
    Kim, C.H.: Security analysis of YKHL distance bounding protocol with adjustable false acceptance rate. IEEE Commun. Lett. 15(10), 1078–1080 (2011)CrossRefGoogle Scholar
  36. 36.
    Kim, C.H., Avoine, G.: RFID distance bounding protocol with mixed challenges to prevent relay attacks. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 119–133. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  37. 37.
    Kim, C.H., Avoine, G., Koeune, F., Standaert, F.-X., Pereira, O.: The swiss-knife RFID distance bounding protocol. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 98–115. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  38. 38.
    Lee, S., Kim, J.S., Hong, S.J., Kim, J.: Distance bounding with delayed responses. IEEE Commun. Lett. 16(9), 1478–1481 (2012)CrossRefGoogle Scholar
  39. 39.
    Meadows, C., Poovendran, R., Pavlovic, D., Chang, L., Syverson, P.F.: Distance bounding protocols: authentication logic analysis and collusion attacks. In: Secure Localization and Time Synchronization for Wireless Sensor and Ad Hoc Networks, pp. 279–298 (2007)Google Scholar
  40. 40.
    Meghdadi, M., Ozdemir, S., Gler, I.: A survey of wormhole-based attacks and their countermeasures in wireless sensor networks. IETE Tech. Rev. 28(2), 89–102 (2011)CrossRefGoogle Scholar
  41. 41.
    Mitrokotsa, A., Onete, C., Vaudenay, S.: Mafia fraud attack against the RČ distance-bounding protocol. RFID-TA 2012, 74–79 (2012)Google Scholar
  42. 42.
    Munilla, J., Peinado, A.: Distance bounding protocols for RFID enhanced by using void-challenges and analysis in noisy channels. Wirel. Commun. Mob. Comput. 8(9), 1227–1232 (2008)CrossRefGoogle Scholar
  43. 43.
    Munilla, J., Peinado, A.: Security analysis of tu and piramuthu’s protocol. NTMS 2008, 1–5 (2008)Google Scholar
  44. 44.
    Nikov, V., Vauclair, M.: Yet another secure distance-bounding protocol. SECRYPT 2008, 218–221 (2008)Google Scholar
  45. 45.
    Peris-Lopez, P., Castro, J.C.H., Estévez-Tapiador, J.M., van der Lubbe, J.C.A.: Shedding some light on RFID distance bounding protocols and terrorist attacks (2009). CoRR abs/0906.4618
  46. 46.
    Rasmussen, K.B., Capkun, S.: Location privacy of distance bounding protocols. CCS 2008, 149–160 (2008)Google Scholar
  47. 47.
    Reid, J., Nieto, J.M.G., Tang, T., Senadji, B.: Detecting relay attacks with timing-based protocols. In: ASIACCS 2007, pp. 204–213. ACM (2007)Google Scholar
  48. 48.
    Singelée, D., Preneel, B.: Distance bounding in noisy environments. In: Stajano, F., Meadows, C., Capkun, S., Moore, T. (eds.) ESAS 2007. LNCS, vol. 4572, pp. 101–115. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  49. 49.
    Tippenhauer, N.O., Čapkun, S.: ID-based secure distance bounding and localization. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 621–636. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  50. 50.
    Trujillo-Rasua, R., Martin, B., Avoine, G.: The poulidor distance-bounding protocol. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 239–257. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  51. 51.
    Trujillo-Rasua, R., Martin, B., Avoine, G.: Distance-bounding facing both mafia, distance frauds: technical report (2014). CoRR abs/1405.5704
  52. 52.
    Vaudenay, S.: On modeling terrorist frauds. In: Susilo, W., Reyhanitabar, R. (eds.) ProvSec 2013. LNCS, vol. 8209, pp. 1–20. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  53. 53.
    Vaudenay, S.: Proof of proximity of knowledge. IACR ePrint Arch. 2014, 695 (2014)MathSciNetGoogle Scholar
  54. 54.
    Vaudenay, S.: Private and secure public-key distance bounding. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 207–216. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  55. 55.
    Yang, A., Zhuang, Y., Wong, D.S.: An efficient single-slow-phase mutually authenticated RFID distance bounding protocol with tag privacy. In: Chim, T.W., Yuen, T.H. (eds.) ICICS 2012. LNCS, vol. 7618, pp. 285–292. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  56. 56.
    Yum, D.H., Kim, J.S., Hong, S.J., Lee, P.J.: Distance bounding protocol with adjustable false acceptance rate. IEEE Commun. Lett. 15(4), 434–436 (2011)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Agnès Brelurut
    • 1
  • David Gerault
    • 1
  • Pascal Lafourcade
    • 1
    Email author
  1. 1.University Clermont Auvergne, LIMOSClermont-FerrandFrance

Personalised recommendations