Optimality Results on the Security of Lookup-Based Protocols

  • Sjouke Mauw
  • Jorge Toro-Pozo
  • Rolando Trujillo-Rasua
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10155)


Distance-bounding protocols use the round-trip time of a challenge-response cycle to provide an upper-bound on the distance between prover and verifier. In order to obtain an accurate upper-bound, the computation time at the prover’s side should be as short as possible, which can be achieved by precomputing the responses and storing them in a lookup table. However, such lookup-based distance bounding protocols suffer from a trade-off between the achieved security level and the size of the lookup table. In this paper, we study this security-memory trade-off problem for a large class of lookup-based distance bounding protocols; called layered protocols. Relying on an automata-based security model, we provide mathematical definitions for different design decisions used in previous lookup-based protocols, and perform general security analyses for each of them. We also formalize an interpretation of optimal trade-off and find a non-trivial protocol transformation approach towards optimality. That is to say, our transformation applied to any layered protocol results in either an improved or an equal protocol with respect to the optimality criterion. This transformation allows us to provide a subclass of lookup-based protocol that cannot be improved further, which means that it contains an optimal layered protocol.


Distance bounding RFID Security Mafia-fraud Relay attack 


  1. 1.
    Avoine, G., Bingöl, M.A., Kardas, S., Lauradoux, C., Martin, B.: A framework for analyzing RFID distance bounding protocols. J. Comput. Secur. 19(2), 289–317 (2011)CrossRefGoogle Scholar
  2. 2.
    Avoine, G., Tchamkerten, A.: An efficient distance bounding rfid authentication protocol: balancing false-acceptance rate and memory requirement. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 250–261. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-04474-8_21 CrossRefGoogle Scholar
  3. 3.
    Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Secure and lightweight distance-bounding. In: Avoine, G., Kara, O. (eds.) LightSec 2013. LNCS, vol. 8162, pp. 97–113. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40392-7_8 CrossRefGoogle Scholar
  4. 4.
    Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994). doi: 10.1007/3-540-48285-7_30 Google Scholar
  5. 5.
    Bussard, L., Bagga, W.: Distance-bounding proof of knowledge to avoid real-time attacks. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds.) SEC 2005. IAICT, vol. 181, pp. 223–238. Springer, Boston, MA (2005). doi: 10.1007/0-387-25660-1_15 CrossRefGoogle Scholar
  6. 6.
    Desmedt, Y., Goutier, C., Bengio, S.: Special uses and abuses of the fiat-shamir passport protocol (extended abstract). In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 21–39. Springer, Heidelberg (1988). doi: 10.1007/3-540-48184-2_3 Google Scholar
  7. 7.
    Özhan Gürel, A., Arslan, A., Akgün, M.: Non-uniform stepping approach to rfid distance bounding problem. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cavalli, A., Leneutre, J. (eds.) DPM/SETOP -2010. LNCS, vol. 6514, pp. 64–78. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19348-4_6 CrossRefGoogle Scholar
  8. 8.
    Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm-2005), Athens, Greece, 5–9 September 2005, pp. 67–73. IEEE Computer Society, Washington, DC (2005)Google Scholar
  9. 9.
    Kardaş, S., Kiraz, M.S., Bingöl, M.A., Demirci, H.: A novel RFID distance bounding protocol based on physically unclonable functions. In: Juels, A., Paar, C. (eds.) RFIDSec 2011. LNCS, vol. 7055, pp. 78–93. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-25286-0_6 CrossRefGoogle Scholar
  10. 10.
    Kim, C.H., Avoine, G.: RFID distance bounding protocols with mixed challenges. IEEE Trans. Wireless Commun. 10(5), 1618–1626 (2011)CrossRefGoogle Scholar
  11. 11.
    Kim, C.H., Avoine, G., Koeune, F., Standaert, F.-X., Pereira, O.: The swiss-knife RFID distance bounding protocol. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 98–115. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-00730-9_7 CrossRefGoogle Scholar
  12. 12.
    Mauw, S., Toro-Pozo, J., Trujillo-Rasua, R.: A Class of precomputation-based distance-bounding protocols. In: Proceedings of the 1st IEEE European Symposium on Security and Privacy - EuroS&P’16. Saarbrücken, Germany (2016)Google Scholar
  13. 13.
    Munilla, J., Peinado, A.: Distance bounding protocols for RFID enhanced by using void-challenges and analysis in noisy channels. Wirel. Commun. Mob. Comput. 8(9), 1227–1232 (2008)CrossRefGoogle Scholar
  14. 14.
    Trujillo-Rasua, R., Martin, B., Avoine, G.: The poulidor distance-bounding protocol. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 239–257. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-16822-2_19 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Sjouke Mauw
    • 1
    • 2
  • Jorge Toro-Pozo
    • 1
  • Rolando Trujillo-Rasua
    • 2
  1. 1.CSCUniversity of LuxembourgLuxembourgLuxembourg
  2. 2.SnTUniversity of LuxembourgLuxembourgLuxembourg

Personalised recommendations