Addressing Relay Attacks Without Distance-Bounding in RFID Tag Inclusion/Exclusion Scenarios

  • Selwyn PiramuthuEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 968)


With the widespread adoption and use of RFID tags, a valid scenario is one in which an RFID-tagged object includes several components that each have their own individual RFID tags. Under such a context, each of the components are bound to be included in or excluded from the main object over its lifetime. In order for only the tags that are a part of the main object to be authenticated by the main object, there is a need for a secure protocol that ensures that no other tag has access to the shared secrets among the main object and the component objects. Moreover, there is also a need to address relay attacks by adversaries under such scenarios. Existing authentication protocols address relay attacks through round-trip distance measurements in such inclusion/exclusion scenarios. While this works in principle, distance-bounding approaches are not always reliable. We consider another approach for inclusion/exclusion scenarios and develop a protocol sketch for this context. We also provide related security analysis.


RFID Tag inclusion/exclusion Authentication protocol Non distance-bounding 


  1. 1.
    Greenberg, A.: Radio Attack lets Hackers Steal 24 Different Car Models. Wired, 21 March 2016.
  2. 2.
    Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: Proceedings of the IEEE/Create-Net SecureComm, pp. 67–73 (2005)Google Scholar
  3. 3.
    Kim, C.H., Avoine, G.: RFID distance bounding protocol with mixed challenges to prevent relay attacks. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 119–133. Springer, Heidelberg (2009). Scholar
  4. 4.
    Mauw, S., Toro-Pozo, J., Trujillo-Rasua, R.: A class of precomputation-based distance-bounding protocols. In: Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P), pp. 97–111 (2016)Google Scholar
  5. 5.
    Mitrokotsa, A., Onete, C., Vaudenay, S.: Mafia fraud attack against the RC distance-bounding protocol. In: Proceedings of the IEEE International Conference on RFID -Technologies and Applications (RFID-TA), pp. 74–79 (2012)Google Scholar
  6. 6.
    Piramuthu, S.: Relay attack-resisting inclusion/exclusion protocol for RFID. In: 2nd International Workshop on DYnamic Networks: Algorithms and Security (DYNAS) (2010)Google Scholar
  7. 7.
    Piramuthu, S.: Inclusion/exclusion protocol for RFID tags. In: Meghanathan, N., Kaushik, B.K., Nagamalai, D. (eds.) CCSIT 2011. CCIS, vol. 133, pp. 431–437. Springer, Heidelberg (2011). Scholar
  8. 8.
    Piramuthu, S.: Authentication protocols for an object with dynamic RFID tags. In: Doss, R., Piramuthu, S., Zhou, W. (eds.) FNSS 2018. CCIS, vol. 878, pp. 93–101. Springer, Cham (2018). Scholar
  9. 9.
    Rasmussen, K., Čapkun, S.: Location privacy of distance bounding. In: Proceedings of the Annual Conference on Computer and Communications Security (CCS), pp. 149–160 (2008)Google Scholar
  10. 10.
    Reid, J., Gonzalez Nieto, J.M., Tang, T., Senadji, B.: Detecting Relay Attacks with Timing-Based Protocols. Queensland University of Technology ePrint (2006).
  11. 11.
    Tu, Y.-J., Piramuthu, S.: RFID distance bounding protocols. In: 1st International EURASIP Workshop on RFID Technology, pp. 67–68 (2007)Google Scholar
  12. 12.
    Tu, Y.-J., Piramuthu, S.: Non-distance-bounding means to address RFID relay attacks. Decis. Support Syst. 102, 12–21 (2017)CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Information Systems and Operations ManagementUniversity of FloridaGainesvilleUSA

Personalised recommendations