From Relay Attacks to Distance-Bounding Protocols

Open Access


We present the concept of relay attacks, and discuss distance-bounding schemes as the main countermeasure. We give details on relaying mechanisms, we review canonical distance-bounding protocols, as well as their threat-model (i.e., covering attacks beyond relaying) stemming from the authentication dimension in distance bounding. Advanced aspects of distance-bounding security are also covered. We conclude by presenting what we consider to be the most important challenges in distance bounding.

7.1 An Introduction to Relay Attacks and Distance Bounding

In this section, we first explain the concept of relay attacks. Then, we present distance bounding, the main countermeasure, but also discuss other ways of possibly counteracting relaying.

7.1.1 Relay Attacks

A relay attack against two legitimate parties A and B is one whereby a man-in-the-middle C forwards A’s messages to B and/or B’s messages to A, unbeknown to them. In doing so, C wishes to obtain a facility meant for A and granted by B or vice-versa. For instance, C could get to fraudulently spend the funds associated with A’s bank-card at a payment terminal embodied by B.

Relay attacks are hard to detect and deter, as they subvert all conventional cryptographic mechanisms potentially employed in the protocols: C only forwards the messages, and does not need to break the cryptography that is used. This is even more acute in the case of contactless applications: user A simply brings a token (e.g., a card or phone) within range of a reader B, and the protocol starts automatically, with no consent or input by the person who is getting the privilege. Thus, a relay attack can be mounted without hindrance.

7.1.2 Distance Bounding

The further A is from B, the longer the messages relayed by C from A take to arrive at B. Hence, imposing an upper-bound on the round-trip times (RTTs) of message-exchanges was proposed as a countermeasure in [83]. This lowers the probability of successful relay attacks. This mechanism is often referred to as distance bounding (DB).

The idea of distance-bounding protocols is as follows: a verifier (e.g., an RFID reader) is equipped in the physical layer with a reliable clock that measures the RTTs of certain communication exchanges to check that a prover (e.g., a card) is no further than some allowed distance. So, at some point in the protocol, the verifier starts its clock, sends a challenge, and stops the clock when it receives the response. The measured time Δt corresponds to twice the time it takes for a message to travel from the prover to the verifier, plus the time taken by the prover to reply. Since no information can travel faster than the speed of light c, \(d=\frac {{\varDelta _t} \cdot c}{2}\) is an upper bound on the distance between the prover and the verifier. If the prover was any further than d, then it would mean that the messages traveled faster than light, which is impossible. Consequently, if d is short enough, then the verifier can deduce that the prover is within range. In other words, a time bound \({\mathcal {B}}\) can be a priori fixed such that, if \({\varDelta _t} > {\mathcal {B}}\), then the verifier rejects the prover.

As described above, distance bounding would be just a proximity-checking mechanism. However, most distance-bounding protocols do not stop at proximity-checking. Instead, they also encompass a unilateral authentication dimension: the prover authenticates itself to the verifier. Authentication is generally achieved cryptographically: by using well-established primitives, such as signature schemes, HMAC, encryption, and others.

7.1.3 Other Relay-Countermeasures

Approaches to relay-counteraction other than distance bounding have been proposed. In his seminal paper [178], Desmedt proposed that a prover computed his exact location on earth, signed it, and sent it to the verifier. The inconvenience in this approach is that it requires one to trust the prover not to cheat. In addition, it requires a safe localization system, which is not trivial to realize. In particular, using the GPS technology does not seem to be a robust solution [242] due to the fact that the GPS signal is sensitive to obstacles and not accurate enough. In [133], position-based cryptography is further studied and proven to be impossible.

Another option against relay attacks is to measure the strength of the signal received by the verifier [347]: since it decreases as the distance increases, it gives indications about the distance from the prover. However, an attacker can amplify the signal to make the prover appear closer to the verifier, and defeat this approach.

Similarly, a solution based on sensing the local environment (for instance the air temperature) was proposed, with the idea that if the prover was actually close to the verifier, then it would sense similar values [561]. This approach however fails if the adversary is able to manipulate the value that is being sensed, which can be relatively easy to do.

To prevent relay attacks, one can also isolate the prover inside a Faraday cage [74] during the protocol, to make sure that it cannot communicate with external entities. While efficient, this solution is not very user friendly, and severely limits the usability of the system.

Finally, radio frequency fingerprinting [496] can be used. It identifies the devices based on variations in the signal features due to imperfections in the manufacturing process. However, such fingerprinting can be counterfeited [168].

Comparing all the aforementioned relay-countermeasures, distance bounding appears the most promising option to defeat relay attacks.

7.2 Relay Attacks in Practice

Relay attacks have been implemented against contact-based smart cards [189], contactless smart cards [256], and keyless car entry systems [221]. First, in Sect. 7.2.1, we discuss attacks against “unprotected systems”. Then, in Sect. 7.2.2, taking into consideration the fact that distance-bounding type countermeasures are starting to be implemented, we consider more advanced practical relay strategies against systems thus “protected”.

7.2.1 Basic Relay Strategies

A basic relay equates to the attack described in Sect. 7.1. Purpose-Built Relays

There are several relay-attack implementations against radio frequency identification (RFID) systems using purpose-built attack proxies and relay links, which incur minimal delay in executing the attack, e.g., [221, 256, 548]. The conventional approach to implementing an attack uses custom-built attack proxies, using a combination of custom hardware and hacked readers [256, 548]. The proxy will first demodulate the data symbols from the reader or token, and then forward data over an analog radio link, e.g., a video channel [256], and this tends to introduce a delay in the order of a few to tens of microseconds (2–20 μs). These implementations are also capable of active relay attacks, equivalent to a conventional man-in-the-middle or ‘wedge’ attack, which can modify communication with negligible additional delay, e.g., using an FPGA to reshape analog signals in real-time [256]. If the goal is to minimize the relay delay to less than a microsecond then the relay link can be implemented without demodulating the data first [221, 548]. In these cases, the proxies are either connected via a wire (120–500 ns delay), or forward data by direct up-mixing of the LF/HF carrier onto a UHF radio carrier for transmission (120–750 ns delay). Off-the-Shelf Relays

It has also been shown that software-only implementations using off-the-shelf NFC-enabled mobile devices are effective, which simplifies the attack and allows any person with the right type of NFC-enabled mobile phone to implement a token emulator or a reader. These attacks can therefore use a standard phone as a proxy-reader and a second phone as a proxy-token and relay the data across Bluetooth, WiFi or the mobile data network [222, 392, 539]. Even though such attack implementations incur a larger attack delay (200-500 ms), these remain effective against real systems, as was demonstrated in an attack against Google Wallet [505]. There are an increasing number of non-mobile NFC devices, such as the Adafruit NFC breakout board, that easily connects with embedded hardware Arduino or Raspberry Pi, which could be used as readily available proxy platforms.

7.2.2 Advanced Relay Strategies

The relay attacks above were executed on systems that implemented no proximity checks. As systems start to implement such checks over conventional low-bandwidth communication channels there are practical strategies for gaining time that can hide the relay delay. Even if the attacker can gain part of a bit period, e.g., a few microseconds, it could leave enough time to mount one of the attacks in Sect. 7.2.1. Early Send and Late Commit

If the attacker can send a challenge or response late but still get the prover or verifier to accept it as a valid message then that could also hide the relay delay. Receivers do not evaluate the bit value right at the beginning of the bit period TB. To make the channel more reliable this evaluation is done later, in the middle or at the end of the bit period, which could be exploited to gain the attacker some time [149, 255]. For example, for NRZ (non-return to zero) coding the signal is high for the entire bit period for ‘1’ and low for the entire bit period for ‘0’, and the receiver samples only once in the middle of the bit period to determine the bit value, as shown in Fig. 7.1a. This means the attacker could start his response bit up to TA = TB∕2 late, and still have the bit sampled correctly. Several receiver architectures, to be resistant to noise, integrate the signal across the entire bit period and evaluate the bit value at the end. In this case, the attack could ‘late commit’ by transmitting a larger, shorter signal later in the bit period and still achieve the same integration output at the time of bit value evaluation. If combined with early send, where the attacker guesses the value based on the observation of the first part of the bit period, the attack in Fig. 7.2 becomes possible. The attacker will guess the value of challenge Ci from the verifier early, and send it to the prover late. It will repeat this approach for the response Ri that the prover sends to the verifier, and will therefore appear to be closer to the verifier than the true distance of the prover.
Fig. 7.1

Gaining attack time by exploiting channel characteristics. (a) Late commit for non-return to zero (NRZ) coding. (b) Speeding up Manchester code data clock [255]: Sampling clock is 8× time data clock (trigger and synchronization counter for sampling signal transition shown)

Fig. 7.2

Early send and late commit can make a Prover P appear closer than it really is. In the figure, one challenge round is relayed, with the dotted lines indicating the propagation time (the line stops and starts at transmission and reception). If the proxy-prover P′ guesses Ci early, and the proxy-verifier V commits late then the response Ri is received by the Verifier V  at the same time as expected for a prover located at \(\tilde {P}\) even though the Prover P is much further away [149] Speeding Up the Prover’s Response

If the attacker can get the prover to provide the response earlier than expected by the verifier, then the relay delay could remain hidden, with the round-trip time of the message remaining within the bound. There are two approaches to making the prover process the challenge faster [255]. Smart tokens receive their system clock from the reader, with contact-based cards having a clock line and contactless cards recovering a clock from the received radio carrier. This allows the proxy-verifier to overclock the token, which causes the response to be calculated and transmitted earlier. If the token has its own, independent clock, then the attacker can also gain some time by exploiting data clock recovery from the data coding. For example, for Manchester coding (‘1’ is high to low,‘0’ is low to high) each bit period has an edge transition to which the receiver can synchronize its decoding data clock. If the transition is moved slightly ahead in each bit, as shown in Fig. 7.1b, then the receiver will sample earlier as the message is received and the message is decoded TA faster than normal. This approach can also effect distance fraud if a dishonest prover is able to speed up its own response, either by calculating a response faster than expected or sending a correct response early, e.g., if the verifier sends a challenge followed by some framing bits and expects the provers to start calculating the response only once the entire message, including the stop frame bit, is received but instead the prover can send the correct response immediately after the challenge bit is received.

7.3 Canonical Distance-Bounding Protocols

In this section, we describe and discuss two protocols that can be considered the cornerstones of distance-bounding schemes. The Brands-Chaum protocol is the earliest distance-bounding protocol ever published, and is based on Beth and Desmedt’s [83] idea that roundtrip times (RTTs) can detect mafia fraud. The Hancke-Kuhn protocol resurrected research interest in distance-bounding protocols, and was specifically designed for contactless devices.

7.3.1 General Structure

General Setup

Distance-bounding schemes can use either symmetric- or public-key cryptography. In the symmetric-key scenario, the prover and verifier share a secret key K. For public-key primitives, the prover stores a private/public key-pair (ski, pki), for which the verifier only holds the public key. Each verifier is assumed to possess a clock able to measure roundtrip times (RTTs) with a fine-grained resolution (ideally, less than a nanosecond). In the protocol, the verifier uses the clock to measure RTT values for several so-called time-critical rounds.

General 3-Phase Structure

The general structure of distance-bounding protocols follows these three phases (each consisting of zero, one, or multiple rounds of communication): session set-up, proximity checking, and verification. During session set-up, the prover and verifier exchange session-specific data and possibly pre-compute some values that will be used during the next stage. During proximity checking, the parties execute n fast phases of communication: the verifier generally starts the clock at the beginning of each round, and stops it at the end. The responses ri sent by the prover, and the round-trip time (RTT) of each round are stored by the verifier. Finally, during verification, the verifier performs some cryptographic operations, may exchange some more messages with the prover, and it compares the measured RTT values of the proximity-checking phase with a threshold. At the end of this phase, the verifier must output an authentication bit, which is typically 1 if the prover is assumed to be legitimate and within a correct distance, and 0 otherwise.

7.3.2 The Hancke-Kuhn Protocol

The protocol presented by Hancke and Kuhn [254] in 2005 performs symmetric-key distance bounding. It relies on a pseudorandom function (PRF), which takes two inputs, a key and a message, and outputs a string of fixed length (in our case, 2n). Figure 7.3 depicts this protocol for a prover \({\mathcal {P}}\) and a verifier \({\mathcal {V}}\). At session set-up, \({\mathcal {P}}\) and \({\mathcal {V}}\) exchange nonces.1 The two parties then use the PRF to map the key K and the concatenation of the two nonces to a bit-string of length 2 ⋅ n. This value is divided into a left and a right register of length n each, which we denote R0 and R1 respectively. During proximity-checking, in each of the n subsequent fast rounds, the challenger chooses a bit ci at random, and the prover is expected to respond with the i-th bit from either the left response register (if ci = 0) or from the right one. We denote these bits \({R}^0_i\) and \({R}^1_i\) respectively. For each round, the RTT is measured. At the end of the protocol, during verification, the prover is authenticated if, and only if, all the responses provided by the prover were correct, and if all the measured RTT values are under the \({{t_{\max }}}\) bound.
Fig. 7.3

The Hancke and Kuhn protocol between a prover \({\mathcal {P}}\) and a verifier \({\mathcal {V}}\). The notation || describes string concatenation

Design Intuition

As long as the key K is unknown to an attacker, the PRF guarantees the security-crux herein: two independent response strings. Indeed, a man-in-the-middle attacker can relay the exact nonces used by an honest prover and verifier. This allows the adversary to establish two sessions (one with the prover, the other, with the verifier) which share the same response strings R0 and R1. This adversary can now use its session with the prover to extract data: before it receives the honest verifier’s challenge, the adversary can query the prover with any kind of request. If the protocol were to rely on only one response string, the adversary could obtain the entire response and forward it to the attacker.

7.3.3 The Brands-Chaum Protocol

The public-key counterpart of the Hancke-Kuhn protocol was proposed by Brands and Chaum [113] and relies on commitment schemes and digital signatures. Commitment schemes allow users to temporarily hide a value; the commitment will also only open to that hidden value, and not to any other. Signature schemes are public-key primitives allowing a signer to generate signatures for a given message and a secret key; the signature can be verified for that message with the public key.

Figure 7.4 depicts an execution of the Brands-Chaum protocol. The session set-up and verification consist of one-message rounds each. During set-up, the prover chooses and commits (in a message C) to a number of responses to be used at proximity checking. Note that Chides the contents of the message, from both an attacker and the verifier. In each round of the proximity-checking phase the verifier picks a one-bit random challenge ci and sends it to \({\mathcal {P}}\). The latter’s response is ci ⊕ ri, where ri is the response bit to which the prover committed for this round. The values Ri and the measured RTT values are stored by the verifier. Finally, during verification, \({\mathcal {P}}\) sends to \({\mathcal {V}}\) the opening of the commitment C and a signature on the concatenated challenge and response values exchanged at proximity-checking. The verifier retrieves the randomly-chosen ri values from C and uses them to ascertain the validity of the prover’s time-critical responses and the signature σ and Ri values. If these values verify and the measured RTTs are below the \({{t_{\max }}}\) bound, then the verifier authenticates the prover.
Fig. 7.4

The Brands–Chaum protocol for a prover \({\mathcal {P}}\) and a verifier \({\mathcal {V}}\)

Design Intuition

The commitment serves a dual purpose: it hides the values of ri until they become useless to the attacker (i.e., until after the proximity-checking rounds); and the commitment compensates for the fact that the response values are chosen entirely by the prover. Finally, the commitment allows the verifier to retrieve the ri values without exchanging or sharing any further keys with the prover. The commitment, however, does not authenticate \({\mathcal {P}}\); that is achieved by the signature σ. The signature also effectively prevents pre-ask strategies during the proximity-checking phase.

7.4 Distance-Bounding Threat Model and Its Formal Treatments

In this section, we present the main threats in distance bounding, and the state of formal security analysis in this field. We also review more recent protocols, comparing their advantages and disadvantages.

7.4.1 Main Threat-Model

Distance-bounding schemes are vulnerable to attacks other than relaying, issued out of the proximity-checking measure. For instance, any attack that makes the prover appear closer than it actually is defeats the purpose of a distance-bounding protocol, which is to compute a correct upper bound on this distance. The threats we present can be classified as attacks by outsiders and attacks by insiders. In the first category lies mafia fraud, where an unauthorized adversary attempts to be accepted by the verifier. In the second, comprising distance fraud, distance hijacking and terrorist fraud, a faraway dishonest prover attempts to be accepted by the verifier despite his distance. Mafia Fraud (MF) [178]

In mafia fraud, an adversary \({\mathcal {A}}\) authenticates in the presence of a far-away honest prover. A mafia fraud typically involves a faraway prover, and two collaborating adversaries: one near the prover, and one near the verifier. The fraud succeeds if the authentication of the adversary located close to the verifier is accepted by the verifier. Distance Fraud (DF) [113]

In distance fraud, a malicious prover located far away from the verifier attempts to convince the verifier that he is close. The fraud succeeds if the authentication of the faraway malicious prover is accepted. Distance Hijacking (DH) [160]

Distance hijacking is a distance fraud in which honest provers are present near the verifier. This gives the malicious prover more surface of attack, so that some protocols are resistant to distance fraud, while being vulnerable to distance hijacking. For instance, in the Brands-Chaum protocol (Sect. 7.3.3), which is resistant to distance fraud, a faraway prover can eavesdrop on a session played by an honest prover P (located close to the verifier), send the final message before P does, and be authenticated in place of P. Distance hijacking succeeds if the verifier accepts the authentication of the faraway malicious prover. Terrorist Fraud (TF) [178]

Terrorist fraud is an attack in which a malicious prover, located far away from the verifier, is helped by an accomplice located near the verifier. A trivial attack in this scenario would be that the prover simply gives all his secret keys to his accomplice. Since this attack cannot be prevented if the prover has access to his secret key, we make the additional assumption that the prover does not want the accomplice to impersonate him later. Hence, a terrorist fraud succeeds if the verifier accepts the authentication of the faraway prover through his accomplice, and the accomplice cannot authenticate on his own in a later execution of the protocol.

7.4.2 Provable Security and Formal Verification

Provable security is the field of research which aims at building formal, mathematical proofs of the security of systems or protocols. Early distance-bounding protocols were analyzed in an ad hoc fashion, so a call for provable security of distance bounding was needed. A preliminary framework [41] for modelling distance bounding paved the way to formal treatment of distance-bounding security.

In terms of formal security for distance bounding, we have: computational formalisms [110, 193], and symbolic ones [177, 401]. Computational models treat the messages as bitstrings and attackers as probabilistic polynomial-time algorithms trying to defeat cryptographic goals. Symbolic security verification represents messages as terms in a term algebra, abstracts the cryptographic primitives to black box functions and models attackers as rules manipulating the terms and black-box cryptographic functions. Due to these abstractions, symbolic models are easier to mechanize into automatic verifiers, yet generally an attack found in such models is more a logical flaw than a cryptographic-design problem. Symbolic Verification

The two symbolic models permit us to use semiautomatic tools, Tamarin [406] and Proverif [93], respectively, to verify the security of distance-bounding protocols. They slightly differ in their approach: [177] models time and distance explicitly, while [401] abstracts this into some classification of the order of messages. However, they find similar attacks. Moreover, both methodologies take a step beyond the scope of previous computational models: they consider that the verifiers can be corrupted. Also, outside formalizations, in distance bounding, verifiers were traditionally considered honest (except when user privacy is considered).

However, as symbolic models, there are some attacks that they cannot find, due to the abstractions they make. For instance, if a prover is within the distance bound, it might be possible for a mafia-fraud adversary to flip challenge bits on the fly without being detected, which allows him to recover the secret key of the provers in some protocols [62]. This kind of attack can be found using the computational models, but not the symbolic ones, which abstract bitstrings to terms. Provable Security

Due to abstracting the cryptographic primitives into black-boxes, symbolic-verification mechanisms also cannot detect attacks by “PRF programming” [108]. Some protocols, such as Swiss-Knife or Hancke-Kuhn, use a PRF to compute the response vectors. However, as noted in [108], the pseudorandomness of a PRF is only guaranteed if the adversary does not know anything about the involved key and if there is no oracle/reuse for/of the key anywhere else in the protocol. Yet dishonest provers in distance-fraud attacks do know the key of the PRF. And, in distance-bounding protocols such as the Swiss-Knife protocol [328], the key is re-used outside of the PRF call in forming the responses. So, [108] exhibit “programmed PRFs”: dishonest provers can use the PRF to mount distance fraud, and man-in-the-middle attackers can adaptively chose inputs to mount mafia fraud. In turn, this means that in provably-secure distance bounding, care needs to be taken with security claims resting just on pseudorandomness.

For both symbolic and computational models, modelling terrorist fraud is a big challenge. The symbolic models for terrorist fraud are either too strong or too weak, and the computational ones are often tailored definitions proposed for specific protocols. For instance, SimTF [216] imposes restrictions on the communications between the prover and his accomplice, and in [109], the prover helps his accomplice several times instead of just once. Provably-(in)Secure Protocols

Designing a distance-bounding protocol that is both efficient and provably-secure has proved a difficult task.

For instance, the Hancke-Kuhn scheme presented in Sect. 7.3 only provides sub-optimal mafia-fraud resistance (3∕4 per round as opposed to the optimal 1∕2); in addition, it is vulnerable to distance frauds by PRF-programming. Striving for optimal mafia- and distance-fraud resistance, Avoine and Tchamkerten [45] describe a scheme in which the proximity-check responses are inter-dependent: this strategy makes the per-round mafia-fraud security asymptotically approach the optimal bound of 1∕2, but fails to thwart PRF-programming strategies. By combining a late authentication like Brands-Chaum and two pseudorandom response registers like Hancke-Kuhn, Kim et al. attempted to achieve optimal mafia- and distance-fraud resistance, as well as terrorist-fraud resistance [328]. However, its design includes a circularity in the use of the key which does not allow provable mafia-fraud resistance; in addition, its use of PRFs is problematic with respect to achieving distance-fraud resistance.

Protocols that provably guarantee the four properties described above are rare in the literature [40, 114]. The SKI protocols [110] introduced a new countermeasure to terrorist fraud by using a leakage function. This design is further refined and made efficient by Boureanu and Vaudenay [111, 325]. A recent protocol called SPADE [118] circumvents PRF-programming attacks by using one-time keys during the proximity-checking phase; in that case, terrorist-fraud resistance is achieved by adding in a backdoor. An extended family of protocols using the same basic designs was proposed in [42]; it can be instantiated with various primitives, achieving different degrees of provable security and privacy.

The reader is referred to extensive distance-bounding surveys, such as [40, 114].

7.5 Distance-Bounding Protocols in Practice

7.5.1 NXP’s Mifare Technology

NXP is a world-wide semiconductor supplier especially involved in secure identification, automotive and digital networking industries. Mifare is a series of NXP’s contactless products that includes four families, namely Classic, Plus, Ultralight, and DESFire. Mifare Plus (X and EV1) as well as Mifare DESFire (EV2) benefit from a distance-bounding protocol [445, 446]. Note that the DB protocols are not activated by default on these cards, and the data sheets do not explain how the system operator should evaluate the value of the round-trip time upper bound.

Although the protocols have not been publicly released, it is worth noting that NXP published several patents on distance-bounding protocols. Figure 7.5 depicts the protocol described in [303, 553]. In contrast to most DB protocols available in the literature, this NXP DB protocol is byte-oriented, meaning that the messages of the fast phase contain one or several bytes instead of a single bit. The byte-length x of the random values is not enforced in the patents, but suggested only. They can typically be 7 or 8 bytes. The fast phase is followed by a verification phase where MACs are exchanged. The MACs are computed “over the complete 7-byte random numbers and some information about the speed at which the [reader] and [transponder] operate”. Note that “the random number ordering for the MAC input reflects the same split as during the sending of the proximity check commands.” Obviously, the two final MACs must contain the message direction to avoid a trivial reflection attack. The NXP DB protocol is unlikely to be resistant to purpose-built relays—because the measurement resolution is probably not high enough to detect fast relays—but it might resist off-the-shelf relays.
Fig. 7.5

Sketch of the patented NXP DB Protocol [303, 553]

7.5.2 3DB Technology

3DB Access AG is a Swiss company founded in 2013, by Boris Danev and David Barras. 3DB developed an integrated circuit that contains a distance-bounding protocol based on Ultra-Wide Band (UWB) pulses compliant to IEEE 802.15.4f. The technology allows a reader to estimate the distance to reach a given contactless receiver. It aims to avoid mafia-fraud attacks, but it does not consider the other frauds presented in Sect. 7.4 (e.g., it does not consider distance fraud). The distance range is 120 meters (line of sight) and the accuracy of the distance-bounding protocol is 10 cm according to the product’s datasheet.2 The 3DB technology specifically (but not only) targets the market of keyless entry and start systems (PKES), given that such systems are particularly vulnerable to relay attacks [221]. It is likely that most vehicles will be equipped with such a DB-friendly PKES in the future.

The protocol implemented in the 3DB technology, described in [531], is based on the Brands-Chaum protocol [113]. However, it takes the channel characteristics into account and includes countermeasures to thwart physical-layer attacks, in particular the “early detect and late commit” attack described in Sect. 7.2 that is mitigated since the basic symbol pulses have a very short period. These countermeasures rely on the reordering and blinding of the pulses. The reordering consists in applying a permutation to the pulse positions associated with each bit. The number of bits considered in the pulse reordering is actually an adjustable security parameter. The blinding consists in XORing the stream of pulses with a mask. The cryptographic primitives used to generate the permutation and the mask are not described. No attack has been suggested so far on these reordering and blinding techniques. Apart from security properties, UWB channels can also provide very accurate time-of-arrival measurement as the timing resolution achievable with a signal of bandwidth B, is 1∕2B.

7.5.3 Relay-Resistance in EMV

Relay attacks are particularly relevant in contactless-payment systems. Indeed, no PIN code or other payee-originating input is requested with such payments. Moreover, most contactless payment cards rely on ISO 14443, which is a standard available in most of today’s smartphones. Consequently, performing a relay attack between a payment terminal and a payment card is as simple as uploading an app on a smartphone [567].

Indeed, using off-the-shelf smartphones and some in-house Android software, this relay threat was exhibited in practice by Chothia et al. [141] against the EMV (Europay, Mastercard and Visa) contactless-payment protocol; this is the most wide-spread type for contactless payments. In their work, Chothia et al. also introduced a countermeasure to mitigate their own relay attack. Their so-called PaySafe protocol is put forward as a slight variant of the contactless version of PayWave, i.e., the EMV protocol used by Visa. In PaySafe, a new command is introduced into the EMV contactless protocol such that a calculation of the round trip times becomes possible for EMV readers. Namely, the reader sends a nonce to the card and expects that the latter will respond with a pre-generated nonce; the reader measures the time taken by the whole exchange and if it is beyond a pre-established bound, then the reader aborts the protocol. In PaySafe, the nonces used in this timed phase are encompassed in some other messages, included in a MAC issued by the card and keyed on a key the card shares only with the bank.

It is worth noting that PaySafe did not aim to be a full distance-bounding protocol (i.e., it did not mean to protect against the distance-bounding frauds presented in Sect. 7.4)

EMVCo—is the consortium behind EMV—give the EMV contactless payments’ specifications in [199] (current version is 2.7, April 2018). Since 2016, these specifications include the possibility for a relay-resistance mechanism, which is inspired by PaySafe [141]. A friendly introduction to this protocol is provided in [563]. As of today, there are unfortunately no public figures about the number of MasterCard/Visa readers that benefit from this feature.

7.6 Current Challenges in Distance Bounding

7.6.1 Theory vs. Practice

Provable-security/formal-methods models for DB (see Sect. 7.4) generally do not capture accurately the DB threats shown in practice. For instance, one major assumption that most DB formal models make is that the computation on the prover’s side, during the timed exchanges, is instantaneous or constant. In practice, as [141] showed, different cards have significantly distinct response-times, leading to practical attacks which cannot be easily found via theoretical tools.

Besides such coarse abstractions, other approximations are made by provable-security models for cryptographic-proofs to become possible. For instance, in some variants of the model in [193], no communication is allowed between colluding attacking parties during the timed phase (i.e., the coalition has to be active outside the timed phase). Or, in the formalism in [110], the time taken to compute over bits equal to 0 is always considered the same as that to compute over bits equal to 1, which—as Sect. 7.2 explained—is not always factually true. These two approximations entail that the respective models are too weak. But also there is the possibility that some formal security definition is too strong, i.e., that it would classify a protocol as insecure when in practice the protocol is secure (see [216]).

Last but not least, the theoretical DB protocols presented in Sect. 7.3 follow a design whereby the fast phase is generally formed of a repetition of a number of timed rounds, where each challenge/response is one bit. These designs (endorsed by formal models/proofs, etc.) were traditionally anchored in practice, and Sect. 7.2 alluded to this: i.e., a challenge given as a bitstring can lead to bit-by-bit early reads and therefore possible early responses by dishonest provers. But, as of recently, there seem to be mechanisms for these early-send attacks to be effectively counteracted by other ingenious, practical mechanisms in designs even in cases where the timed challenges/responses are bitstrings (see Sect. 7.5 or [531]). However, it is important to recall that the security of the DB design in [531] has not yet been formally analyzed, and the protocol only claims to protect against relay attacks, not other DB threats.

7.6.2 Application-Aware DB

In the formal models presented in Sect. 7.4 and even in the practical considerations given in Sect. 7.2, we saw that the DB threat-model has thus far been generally focused on this primitive in isolation; that is, it assumes an honest verifier, a dishonest prover and a malicious man-in-the-middle. However, as DB is adopted in different applications (e.g., PKES as per the above), these security considerations will need adjustments. To begin with, the verifier may be dishonest, or some threats—such as terrorist fraud—may become irrelevant, or specific anonymity concerns may be considered. In this space of fine-tuned threat models for DB, two lines have recently emerged [107, 326]. Namely, [107] advances a formal DB threat-model where a fine-grained level of corruption of the prover (i.e., white-box, black-box) is taken into account, such that each application can “pick and choose”. In turn, this also leads to clear-cut, DB-security properties and even the exclusion of resistance to terrorist fraud, in some cases. Complementary to this, [326] recently advances a formal DB model with three parties, where the new party is a named piece of hardware and this also leads to a fine taxonomy of DB-security properties, with an application-ready nature.

DB efficiency is paramount, but it varies from application to application. A DB solution that can be acceptable on a smartphone, may be unacceptable on a simple, passive card. A series of research lines [111, 325] discussed the efficiency of DB protocols with “traditional” structure, i.e., following the designs presented in Sect. 7.3, from a theoretical-analysis viewpoint. At the same time, the practical solution for proximity-checking in PKES offered by 3DB (see Sect. 7.5) is extremely efficient in practice. However, this question of efficiency stands, especially if new DB solutions are to be given on top of different applications, such as EMV.

In DB adoption, there are also strong backwards-compatibility constraints. For instance, in EMV, the public-key infrastructure or the restrictions of keeping as close as possible to old-generation EMV cards/readers are such that a DB protocol, following the designs we saw in Sect. 7.3, is simply un-adoptable out of the box.

7.6.3 Specialist Implementations and Slow Adoption

On the one hand, PKES with relay-protection are finally becoming commercial—arguably due to relay attacks being exploited by fraudsters in the automotive sector. On the other hand, in DB-enhanced EMV contactless protocols (à la PaySafe), a dishonest party already has a tangible incentive to mount a distance-fraud attack;—a purchase receipt carries an intrinsic proof that the card was in the range of the reader. Yet, EMV with relay-protection is not widely deployed and, indeed, the markets do not appear to call for protocols to be enhanced with full DB-protection yet.

Should such DB frauds appear in practice, would we then see fully-fledged DB solutions being implemented for commercial purposes? Or, will the 5th generation of mobile networks (5G) and its increased spectrum and higher bands lead to the true rise of DB technology in the ubiquitous systems of the 2020s, and raise new DB research questions?


  1. 1.

    In an early version of this protocol, only \({\mathcal {V}}\) sent a nonce; \({\mathcal {P}}\) did not. That version of the protocol is insecure against worst-case attackers; thus we choose to present a later version here.

  2. 2.

    Available at the 3DB Access AG Website,, May 2018.


  1. 40.
    Gildas Avoine, Muhammed Ali Bingöl, Ioana Boureanu, Srdjan čapkun, Gerhard Hancke, Süleyman Kardaş, Chong Hee Kim, Cédric Lauradoux, Benjamin Martin, Jorge Munilla, Alberto Peinado, Kasper Bonne Rasmussen, Dave Singelée, Aslan Tchamkerten, Rolando Trujillo-Rasua, and Serge Vaudenay. Security of distance-bounding: A survey. ACM Comput. Surv., 51(5):94:1–94:33, September 2018.Google Scholar
  2. 41.
    Gildas Avoine, Muhammed Ali Bingöl, Süleyman Kardaş, Cédric Lauradoux, and Benjamin Martin. A formal framework for analyzing RFID distance bounding protocols. In Journal of Computer Security - Special Issue on RFID System Security, 2010, volume 19, pages 289–317, 2011.Google Scholar
  3. 42.
    Gildas Avoine, Xavier Bultel, Sébastien Gambs, David Gérault, Pascal Lafourcade, Cristina Onete, and Jean-Marc Robert. A terrorist-fraud resistant and extractor-free anonymous distance-bounding protocol. In ACM on Asia Conference on Computer and Communications Security, ASIA CCS ’17, pages 800–814, New York, NY, USA, 2017. ACM.Google Scholar
  4. 45.
    Gildas Avoine and Aslan Tchamkerten. An efficient distance bounding RFID authentication protocol: Balancing false-acceptance rate and memory requirement. In International Conference on Information Security (ISC) 2009, volume 5735 of Lecture Notes in Computer Science, pages 250–261. Springer, 2009.Google Scholar
  5. 62.
    Aslı Bay, Ioana Boureanu, Aikaterini Mitrokotsa, Iosif Spulber, and Serge Vaudenay. The bussard-bagga and other distance-bounding protocols under attacks. In Mirosław Kutyłowski and Moti Yung, editors, Information Security and Cryptology, pages 371–391. Springer, 2013.Google Scholar
  6. 74.
    Samy Bengio, Gilles Brassard, Yvo G. Desmedt, Claude Goutier, and Jean-Jacques Quisquater. Secure implementation of identification systems. Journal of Cryptology, 4(3):175–183, January 1991.CrossRefGoogle Scholar
  7. 83.
    Thomas Beth and Yvo Desmedt. Identification tokens – or: Solving the chess grandmaster problem. In Alfred J. Menezes and Scott A. Vanstone, editors, Advances in Cryptology-CRYPT0’ 90, pages 169–176. Springer, 1991.Google Scholar
  8. 93.
    Bruno Blanchet. An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In IEEE Computer Security Foundations Workshop, pages 82–96, Novia Scotia, Canada, 2001. IEEE.Google Scholar
  9. 107.
    Ioana Boureanu, David Gerault, and Pascal Lafourcade. Fine-grained and application-ready distance-bounding security. Cryptology ePrint Archive, Report 2018/384, 2018.Google Scholar
  10. 108.
    Ioana Boureanu, Aikaterini Mitrokotsa, and Serge Vaudenay. On the pseudorandom function assumption in (secure) distance-bounding protocols. In Alejandro Hevia and Gregory Neven, editors, Progress in Cryptology – LATINCRYPT 2012, pages 100–120. Springer, 2012.Google Scholar
  11. 109.
    Ioana Boureanu, Aikaterini Mitrokotsa, and Serge Vaudenay. Towards secure distance bounding. In Fast Software Encryption - 20th International Workshop, FSE 2013, pages 55–67, Singapore, March 2013.Google Scholar
  12. 110.
    Ioana Boureanu, Aikaterini Mitrokotsa, and Serge Vaudenay. Practical and provably secure distance-bounding. In Yvo Desmedt, editor, Information Security, pages 248–258, Cham, 2015. Springer.Google Scholar
  13. 111.
    Ioana Boureanu and Serge Vaudenay. Optimal proximity proofs. In Information Security and Cryptology - 10th International Conference, Inscrypt 2014, Beijing, China, December 13–15, 2014, Revised Selected Papers, pages 170–190, 2014.Google Scholar
  14. 113.
    Stefan Brands and David Chaum. Distance-bounding protocols. In Tor Helleseth, editor, Advances in Cryptology – EUROCRYPT ’93, volume 765 of Lecture Notes in Computer Science, pages 344–359. Springer, 1994.Google Scholar
  15. 114.
    Agnès Brelurut, David Gerault, and Pascal Lafourcade. Survey of distance bounding protocols and threats. In Joaquin Garcia-Alfaro, Evangelos Kranakis, and Guillaume Bonfante, editors, Foundations and Practice of Security, pages 29–49, Cham, 2016. Springer.Google Scholar
  16. 118.
    Xavier Bultel, Sébastien Gambs, David Gérault, Pascal Lafourcade, Cristina Onete, and Jean-Marc Robert. A prover-anonymous and terrorist-fraud resistant distance-bounding protocol. In ACM Conference on Security & Privacy in Wireless and Mobile Networks, WiSec ’16, pages 121–133, New York, NY, USA, 2016. ACM.Google Scholar
  17. 133.
    Nishanth Chandran, Vipul Goyal, Ryan Moriarty, and Rafail Ostrovsky. Position based cryptography. In International Cryptology Conference on Advances in Cryptology – CRYPTO’09, Lecture Notes in Computer Science, pages 391–407. Springer, 2009.Google Scholar
  18. 141.
    Tom Chothia, Flavio D. Garcia, Joeri de Ruiter, Jordi van den Breekel, and Matthew Thompson. Relay cost bounding for contactless EMV payments. In Rainer Böhme and Tatsuaki Okamoto, editors, Financial Cryptography and Data Security - 19th International Conference, FC 2015, San Juan, Puerto Rico, January 26–30, 2015, Revised Selected Papers, volume 8975 of Lecture Notes in Computer Science, pages 189–206, Puerto Rico, January 2015. Springer.Google Scholar
  19. 149.
    Jolyon Clulow, Gerhard P Hancke, Markus G Kuhn, and Tyler Moore. So near and yet so far: Distance-bounding attacks in wireless networks. In European Workshop on Security in Ad-hoc and Sensor Networks, volume 4357 of Lecture Notes in Computer Science, pages 83–97. Springer, 2006.Google Scholar
  20. 160.
    Cas Cremers, Kasper B. Rasmussen, Benedikt Schmidt, and Srdjan Capkun. Distance hijacking attacks on distance bounding protocols. In IEEE Symposium on Security and Privacy, SP ’12, pages 113–127, Washington, DC, USA, 2012. IEEE.Google Scholar
  21. 168.
    Boris Danev, Heinrich Luecken, Srdjan Capkun, and Karim El Defrawy. Attacks on physical-layer identification. In ACM Conference on Wireless Network Security, WiSec ’10, pages 89–98, New York, NY, USA, 2010. ACM.Google Scholar
  22. 177.
    Alexandre Debant, Stéphanie Delaune, and Cyrille Wiedling. Proving physical proximity using symbolic models. Technical report, Univ Rennes, CNRS, IRISA, France, February 2018.Google Scholar
  23. 178.
    Yvo Desmedt. Major security problems with the “unforgeable” (feige-)fiat-shamir proof of identity and how to overcome them. In Securicom 88, 6th worldwide congress on computer and communications security and protection, pages 147–159. SEDEP Paris France, 1988.Google Scholar
  24. 189.
    Saar Drimer and Steven J. Murdoch. Keep your enemies close: Distance bounding against smartcard relay attacks. In USENIX security symposium, volume 312, 2007.Google Scholar
  25. 193.
    Ulrich Dürholz, Marc Fischlin, Michael Kasper, and Cristina Onete. A formal approach to distance bounding RFID protocols. In Information Security Conference ISC 2011, volume 7001 of Lecture Notes in Computer Science, pages 47–62. Springer, 2011.Google Scholar
  26. 199.
    EMVCo. Book C-2 kernel 2 specification v2.5. EMV contactless specifications for payment system, March 2015.Google Scholar
  27. 216.
    Marc Fischlin and Cristina Onete. Terrorism in distance bounding: Modeling terrorist-fraud resistance. In Applied Cryptography and Network Security, ACNS’13, pages 414–431. Springer, 2013.Google Scholar
  28. 221.
    Aurélien Francillon, Boris Danev, and Srdjan Capkun. Relay attacks on passive keyless entry and start systems in modern cars. In Network and Distributed System Security Symposium (NDSS). Eidgenössische Technische Hochschule Zürich, Department of Computer Science, 2011.Google Scholar
  29. 222.
    Lishoy Francis, Gerhard Hancke, Keith Mayes, and Konstantinos Markantonakis. Practical NFC peer-to-peer relay attack using mobile phones. In International Workshop on Radio Frequency Identification: Security and Privacy Issues, pages 35–49. Springer, 2010.Google Scholar
  30. 242.
    Xavier Torrent Gorjón. Protecting against relay attacks forging increased distance reports. Research Project, Universiteit van Amsterdam, 2015.Google Scholar
  31. 254.
    Gerhard P. Hancke and Markus G. Kuhn. An RFID distance bounding protocol. In Conference on Security and Privacy for Emergency Areas in Communication Networks (SecureComm) 2005, pages 67–73. IEEE, 2005.Google Scholar
  32. 255.
    Gerhard P Hancke and Markus G Kuhn. Attacks on time-of-flight distance bounding channels. In ACM conference on Wireless network security, pages 194–202. ACM, 2008.Google Scholar
  33. 256.
    Gerhard P Hancke, KE Mayes, and Konstantinos Markantonakis. Confidence in smart token proximity: Relay attacks revisited. Computers & Security, 28(7):615–627, 2009.Google Scholar
  34. 303.
    Pieter Janssens. Proximity check for communication devices, April 2015.Google Scholar
  35. 325.
    Handan Kilinç and Serge Vaudenay. Optimal proximity proofs revisited. In Tal Malkin, Vladimir Kolesnikov, Allison Bishop Lewko, and Michalis Polychronakis, editors, ACNS 15: 13th International Conference on Applied Cryptography and Network Security, volume 9092 of Lecture Notes in Computer Science, pages 478–494, New York, NY, USA, June 2–5, 2015. Springer.Google Scholar
  36. 326.
    Handan Kılınç and Serge Vaudenay. Formal analysis of distance bounding with secure hardware. Cryptology ePrint Archive, Report 2018/440, 2018.Google Scholar
  37. 328.
    Chong Hee Kim, Gildas Avoine, François Koeune, François-Xavier Standaert, and Olivier Pereira. The Swiss-Knife RFID distance bounding protocol. In Information Security and Cryptology (ICISC) 2008, volume 5461 of Lecture Notes in Computer Science, pages 98–115. Springer, 2008.Google Scholar
  38. 347.
    J. Krumm and E. Horvitz. Locadio: inferring motion and location from wi-fi signal strengths. In The First Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services, 2004. MOBIQUITOUS 2004., pages 4–13, August 2004.Google Scholar
  39. 392.
    Konstantinos Markantonakis, Lishoy Francis, Gerhard Hancke, and Keith Mayes. Practical relay attack on contactless transactions by using nfc mobile phones. Radio Frequency Identification System Security: RFIDsec, 12:21, 2012.Google Scholar
  40. 401.
    S. Mauw, Z. Smith, J. Toro-Pozo, and R. Trujillo-Rasua. Distance-bounding protocols: Verification without time and location. In IEEE Symposium on Security and Privacy, volume 00, pages 152–169, 2018.Google Scholar
  41. 406.
    Simon Meier, Benedikt Schmidt, Cas Cremers, and David Basin. The tamarin prover for the symbolic analysis of security protocols. In International Conference on Computer Aided Verification, CAV’13, pages 696–701. Springer, 2013.Google Scholar
  42. 445.
    NXP. Nxp mifare plus ev1 – latest features on highest security level scalable – flexible – future proof, April 2016.Google Scholar
  43. 446.
    NXP. Nxp mifare desfire ev2 – contactless IC for next-generation, multi-application solutions in smart cities, May 2018.Google Scholar
  44. 496.
    Kasper Bonne Rasmussen and Srdjan Čapkun. Location privacy of distance bounding protocols. In Conference on Computer and Communications Security (CCS), pages 149–160. ACM, 2008.Google Scholar
  45. 505.
    Michael Roland, Josef Langer, and Josef Scharinger. Applying relay attacks to google wallet. In Near Field Communication (NFC), 2013 5th International Workshop on, pages 1–6. IEEE, 2013.Google Scholar
  46. 531.
    Mridula Singh, Patrick Leu, and Srdjan Capkun. UWB with pulse reordering: Securing ranging against relay and physical layer attacks. IACR ePrint Report 2017/1240, December 2017.Google Scholar
  47. 539.
    Luigi Sportiello and Andrea Ciardulli. Long distance relay attack. In International Workshop on Radio Frequency Identification: Security and Privacy Issues, pages 69–85. Springer, 2013.Google Scholar
  48. 548.
    Pierre-Henri Thevenon and Olivier Savry. Implementation of a countermeasure to relay attacks for contactless hf systems. In Radio Frequency Identification from System to Applications. InTech, 2013.Google Scholar
  49. 553.
    Peter Thueringer, Hans De Jong, Bruce Murray, Heike Neumann, Paul Hubmer, and Susanne Stern. Decoupling of measuring the response time of a transponder and its authentication, November 2008.Google Scholar
  50. 561.
    Pascal Urien and Selwyn Piramuthu. Elliptic curve-based rfid/nfc authentication with temperature sensor input for relay attacks. Decis. Support Syst., 59:28–36, March 2014.CrossRefGoogle Scholar
  51. 563.
    Jordi van den Breekel, Diego A. Ortiz-Yepes, Erik Poll, and Joeri de Ruiter. EMV in a nutshell. June, KPMG, IBM Research Zurich, Radboud University Nijmegen, 2016.Google Scholar
  52. 567.
    José Vila and Ricardo J. Rodríguez. Practical experiences on NFC relay attacks with android: Virtual pickpocketing revisited. In Stefan Mangard and Patrick Schaumont, editors, Radio Frequency Identification. Security and Privacy Issues - 11th International Workshop, RFIDsec 2015, New York, NY, USA, June 23-24, 2015, Revised Selected Papers, volume 9440 of Lecture Notes in Computer Science, pages 87–103, New York City, USA, June 2015. Springer.Google Scholar

Copyright information

© The Author(s) 2021

Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Authors and Affiliations

  1. 1.Univ Rennes, INSA RennesCNRS, IRISARennesFrance
  2. 2.University of SurreyGuildfordUK
  3. 3.Université Clermont AuvergneClermont-FerrandFrance
  4. 4.City University of Hong KongHong KongPR China
  5. 5.University of LimogesXLIMLimogesFrance

Personalised recommendations