Design and Implementation of a Terrorist Fraud Resilient Distance Bounding System

  • Aanjhan Ranganathan
  • Nils Ole Tippenhauer
  • Boris Škorić
  • Dave Singelée
  • Srdjan Čapkun
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7459)


Given the requirements of fast processing and the complexity of RF ranging systems, distance bounding protocols have been challenging to implement so far; only few designs have been proposed and implemented. Currently, the most efficient implementation of distance bounding protocols uses analog processing and enables the prover to receive a message, process it and transmit the reply within 1 ns, two orders of magnitude faster than the most efficient digital implementation. However, even if implementing distance bounding using analog processing clearly provides tighter security guarantees than digital implementations, existing analog implementations do not support resilience against Terrorist Fraud attacks; they protect only against Distance Fraud and Mafia Fraud attacks. We address this problem and propose a new, hybrid digital-analog design that enables the implementation of Terrorist Fraud resilient distance bounding protocols. We introduce a novel attack, which we refer to as the “double read-out” attack and show that our proposed system is also secure against this attack. Our system consists of a prototype prover that provides strong security guarantees: if a dishonest prover performs the Terrorist Fraud attack, it can cheat on its distance bound to the verifier only up to 4.5 m and if it performs Distance Fraud or Mafia Fraud attacks up to 0.41 m. Finally, we show that our system can be used to implement existing (Terrorist Fraud resilient) distance bounding protocols (e.g., the Swiss Knife and Hancke-Kuhn protocol) without requiring protocol modifications.


Secure Ranging Distance Bounding Terrorist Fraud 


  1. 1.
  2. 2.
    Avoine, G., Bingöl, M.A., Kardaş, S., Lauradoux, C., Martin, B.: A framework for analyzing RFID distance bounding protocols. J. Comput. Secur. 19(2), 289–317 (2011)Google Scholar
  3. 3.
    Basin, D., Capkun, S., Schaller, P., Schmidt, B.: Let’s Get Physical: Models and Methods for Real-World Security Protocols. In: Berghofer, S., Nipkow, T., Urban, C., Wenzel, M. (eds.) TPHOLs 2009. LNCS, vol. 5674, pp. 1–22. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Brands, S., Chaum, D.: Distance Bounding Protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)Google Scholar
  5. 5.
    Bussard, L., Bagga, W.: Distance-Bounding Proof of Knowledge to Avoid Real-Time Attacks. In: Proceedings of 20th International Conference on Security and Privacy in the Age of Ubiquitous Computing, pp. 223–238 (May 2005)Google Scholar
  6. 6.
    Capkun, S., Buttyn, L., Hubaux, J.P.: Sector: secure tracking of node encounters in multi-hop wireless networks. In: Workshop on Security of Ad Hoc and Sensor Networks (SASN), pp. 21–32. ACM (October 2003)Google Scholar
  7. 7.
    Cremers, C., Rasmussen, K.B., Schmidt, B., Capkun, S.: Distance Hijacking Attacks on Distance Bounding Protocols. In: Proceedings of the 33rd IEEE Symposium on Security and Privacy (May 2012)Google Scholar
  8. 8.
    Desmedt, Y., Goutier, C., Bengio, S.: Special Uses and Abuses of the Fiat Shamir Passport Protocol. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 21–39. Springer, Heidelberg (1988)Google Scholar
  9. 9.
    Fischer, C., Gellersen, H.: Location and Navigation Support for Emergency Responders: A Survey. IEEE Pervasive Computing 9, 38–47 (2010)CrossRefGoogle Scholar
  10. 10.
    Francillon, A., Danev, B., Ĉapkun, S.: Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars. In: Proceedings of the 18th Annual Network and Distributed System Security Symposium. The Internet Society (February 2011)Google Scholar
  11. 11.
    Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: On the security issues of NFC enabled mobile phones. International Journal of Internet Technology and Secured Transactions 2 (December 2010)Google Scholar
  12. 12.
    Gupta, S.K.S., Mukherjee, T., Venkatasubramanian, K., Taylor, T.B.: Proximity Based Access Control in Smart-Emergency Departments. In: Proceedings of the 4th Annual IEEE International Conference on Pervasive Computing and Communications Workshops, pp. 512–516 (March 2006)Google Scholar
  13. 13.
    Hancke, G.P.: Design of a secure distance-bounding channel for RFID. J. Netw. Comput. Appl. 34(3), 877–887 (2011)CrossRefGoogle Scholar
  14. 14.
    Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: Proceedings of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, pp. 67–73 (September 2005)Google Scholar
  15. 15.
    Hu, Y.C., Perrig, A., Johnson, D.B.: Packet leashes: A defense against wormhole attacks in wireless networks. In: INFOCOM (2003)Google Scholar
  16. 16.
    Hu, Y.C., Perrig, A., Johnson, D.B.: Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks. Wireless Networks 11(1-2), 21–38 (2005)CrossRefGoogle Scholar
  17. 17.
    Kim, C.H., Avoine, G., Koeune, F., Standaert, F.-X., Pereira, O.: The Swiss-Knife RFID Distance Bounding Protocol. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 98–115. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  18. 18.
    Kuhn, M., Luecken, H., Tippenhauer, N.O.: UWB Impulse Radio Based Distance Bounding. In: Proceedings of the 7th Workshop on Positioning, Navigation and Communication, pp. 28–37 (March 2010)Google Scholar
  19. 19.
    Liu, H., Darabi, H., Banerjee, P., Liu, J.: Survey of Wireless Indoor Positioning Techniques and Systems. IEEE Transactions on Systems, Man, and Cybernetics 37(6), 1067–1080 (2007)CrossRefGoogle Scholar
  20. 20.
    Munilla, J., Ortiz, A., Peinado, A.: Distance bounding protocols with void-challenges for RFID. Printed handout at the Workshop on RFID Security, RFIDSec (2006)Google Scholar
  21. 21.
    Peris-Lopez, P., Castro, J.C.H., Estévez-Tapiador, J.M., van der Lubbe, J.C.A.: Shedding Some Light on RFID Distance Bounding Protocols and Terrorist Attacks. CoRR abs/0906.4618 (2009)Google Scholar
  22. 22.
    Peris-Lopez, P., Castro, J.C.H., Estévez-Tapiador, J.M., Palomar, E., van der Lubbe, J.C.A.: Cryptographic puzzles and distance-bounding protocols: Practical tools for RFID security. In: IEEE International Conference on RFID, pp. 45–52 (April 2010)Google Scholar
  23. 23.
    Poturalski, M., Flury, M., Papadimitratos, P., Hubaux, J.P., Boudec, J.Y.L.: Distance Bounding with IEEE 802.15.4a: Attacks and Countermeasures. IEEE Transactions on Wireless Communications 10(4), 1334–1344 (2011)CrossRefGoogle Scholar
  24. 24.
    Rasmussen, K.B., Castelluccia, C., Heydt-Benjamin, T.S., Čapkun, S.: Proximity-based Access Control for Implantable Medical Devices. In: Proceedings of the 16th ACM conference on Computer and Communications Security, pp. 410–419. ACM (November 2009)Google Scholar
  25. 25.
    Rasmussen, K.B., Čapkun, S.: Realization of RF Distance Bounding. In: Proceedings of the 19th USENIX Security Symposium, pp. 389–402 (August 2010)Google Scholar
  26. 26.
    Reid, J., Nieto, J.M.G., Tang, T., Senadji, B.: Detecting relay attacks with timing-based protocols. In: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, pp. 204–213 (March 2007)Google Scholar
  27. 27.
    Singelée, D., Preneel, B.: Distance Bounding in Noisy Environments. In: Stajano, F., Meadows, C., Capkun, S., Moore, T. (eds.) ESAS 2007. LNCS, vol. 4572, pp. 101–115. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  28. 28.
    Tippenhauer, N.O.: Physical-Layer Security Aspects of Wireless Localization. Ph.D. thesis, ETH Zurich, Switzerland (2012), draft versionGoogle Scholar
  29. 29.
    Tippenhauer, N.O., Čapkun, S.: ID-Based Secure Distance Bounding and Localization. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 621–636. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  30. 30.
    Tu, Y.J., Piramuthu, S.: RFID Distance Bounding Protocols. In: First International EURASIP Workshop on RFID Technology, Vienna, Austria (September 2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Aanjhan Ranganathan
    • 1
  • Nils Ole Tippenhauer
    • 1
  • Boris Škorić
    • 2
  • Dave Singelée
    • 3
  • Srdjan Čapkun
    • 1
  1. 1.ETH ZurichZurichSwitzerland
  2. 2.TU EindhovenEindhovenNetherlands
  3. 3.K.U. Leuven ESAT/SCD-COSICLeuvenBelgium

Personalised recommendations