Private and Secure Public-Key Distance Bounding

Application to NFC Payment
  • Serge VaudenayEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8975)


Distance-Bounding is used to defeat relay attacks. For wireless payment systems, the payment terminal is not always online. So, the protocol must rely on a public key for the prover (payer). We propose a generic transformation of a (weakly secure) symmetric distance bounding protocol which has no post-verification into wide-strong-private and secure public-key distance bounding.


Credit Card Distance Bounding Threat Model Digital Signature Scheme Challenge Phase 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



The author would like to thank Erik-Oliver Blass, Tom Chothia, and Yvo Desmedt for valuable remarks. This work is part of the ICT COST Action IC1403 (Cryptacus).


  1. 1.
    Avoine, G., Tchamkerten, A.: An efficient distance bounding RFID authentication protocol: balancing false-acceptance rate and memory requirement. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 250–261. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  2. 2.
    Bay, A., Boureanu, I., Mitrokotsa, A., Spulber, I., Vaudenay, S.: The Bussard-Bagga and other distance-bounding protocols under attacks. In: Kutyłowski, M., Yung, M. (eds.) Inscrypt 2012. LNCS, vol. 7763, pp. 371–391. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  3. 3.
    Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Towards secure distance bounding. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 55–68. Springer, Heidelberg (2014) Google Scholar
  4. 4.
    Boureanu, I., Vaudenay, S.: Optimal proximity proofs. In: Lin, D., Yung, M., Zhou, J. (eds.) Inscrypt 2014. LNCS, vol. 8957, pp. 170–190. Springer, Heidelberg (2015) Google Scholar
  5. 5.
    Brands, S., Chaum, D.: Distance bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994) Google Scholar
  6. 6.
    Bussard, L., Bagga, W.: Distance-bounding proof of knowledge to avoid real-time attacks. In: Sasaki, R., Qing, S., Okamoto, E., Yoshiura, H. (eds.) Security and Privacy in the Age of Ubiquitous Computing. IFIP Advances in Information and Communication Technology, vol. 181, pp. 223–238. Springer, New York (2005) CrossRefGoogle Scholar
  7. 7.
    Cremers, C.J. F., Rasmussen, K.B., Schmidt, B., Capkun, S.: Distance hijacking attacks on distance bounding protocols. In: IEEE Symposium on Security and Privacy S&P 2012, San Francisco, California, USA, pp. 113–127. IEEE Computer Society (2012)Google Scholar
  8. 8.
    Desmedt, Y.: Major security problems with the “unforgeable” (Feige-)Fiat-Shamir proofs of identity and how to overcome them. In: Congress on Computer and Communication Security and Protection Securicom 1988, Paris, France, pp. 147–159. SEDEP, Paris (1988)Google Scholar
  9. 9.
    Francillon, A., Danev, B., Čapkun, S.: Relay attacks on passive keyless entry and start systems in modern cars. In: Network and Distributed System Security Symposium (NDSS 2011), San Diego, CA, USA. The Internet Society (2011)Google Scholar
  10. 10.
    Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: On the security issues of NFC enabled mobile phones. Int. J. Internet Technol. Secured Trans. (IJITST) 2, 336–356 (2010)CrossRefGoogle Scholar
  11. 11.
    Gambs, S., Onete, C., Robert, J.-M.: Prover anonymous and deniable distance-bounding authentication. In: ACM Symposium on Information, Computer and Communications Security (ASIACCS 2014), Kyoto, Japan, pp. 501–506. ACM Press (2014)Google Scholar
  12. 12.
    Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: Conference on Security and Privacy for Emerging Areas in Communications Networks SecureComm 2005, Athens, Greece, pp. 67–73. IEEE (2005)Google Scholar
  13. 13.
    Hermans, J., Peeters, R., Onete, C.: Efficient, secure, private distance bounding without keyupdates. In: ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC 2013, Budapest, Hungary, pp. 195–206. ACM (2013)Google Scholar
  14. 14.
    Hermans, J., Pashalidis, A., Vercauteren, F., Preneel, B.: A new RFID privacy model. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 568–587. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  15. 15.
    Ouafi, K., Vaudenay, S.: Strong privacy for RFID systems from plaintext-aware encryption. In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 247–262. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  16. 16.
    Singelée, D., Preneel, B.: Distance bounding in noisy environments. In: Stajano, F., Meadows, C., Capkun, S., Moore, T. (eds.) ESAS 2007. LNCS, vol. 4572, pp. 101–115. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  17. 17.
    Vaudenay, S.: On privacy models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  18. 18.
    Vaudenay, S.: Proof of Proximity of Knowledge. IACR Eprint 2014/695 report (2014)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  1. 1.EPFLLausanneSwitzerland

Personalised recommendations