Revisiting Two-Hop Distance-Bounding Protocols: Are You Really Close Enough?

  • Nektaria Kaloudi
  • Aikaterini MitrokotsaEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10741)


The emergence of ubiquitous computing has led to multiple heterogeneous devices with increased connectivity. In this communication paradigm everything is inter-connected and proximity-based authentication is an indispensable requirement in multiple applications including contactless payments and access control to restricted services/places. Distance-bounding (DB) protocols is the main approach employed to achieve accurate proximity-based authentication. Traditional distance-bounding requires that the prover and the verifier are in each other’s communication range. Recently, Pagnin et al. have proposed a two-hop DB protocol that allows proximity-based authentication, when the prover and the verifier need to rely on an intermediate untrusted party (linker). In this paper, we investigate further the topic of two-hop distance-bounding. We analyse the security of the Pagnin et al. protocol for internal adversaries and we investigate the impact of the position of the linker in the distance-bounding process. We propose a new two-hop DB protocol that is more lightweight and avoids the identified problems. Finally, we extend the protocol to the multi-hop setting and we provide a detailed security analysis for internal adversaries.


Distance-bounding Authentication Relay attacks 



This work was partially supported by the People Programme (Marie Curie Actions) of the European Union’s Seventh Framework Programme (FP7/2007-2013) under REA grant agreement no 608743, the VR grant “PRECIS: Privacy and Security in Wearable Computing Devices” no 621-2014-4845, the STINT grant “Secure, Private & Efficient Healthcare with wearable computing no IB2015-6001 and the ERASMUS+HE2015 project.


  1. 1.
    Dimitrakakis, C., Mitrokotsa, A.: Distance-bounding protocols: are you close enough? IEEE Secur. Priv. 13(4), 47–51 (2015)CrossRefGoogle Scholar
  2. 2.
    Mitrokotsa, A.: Authentication in constrained settings. In: Ors, B., Preneel, B. (eds.) BalkanCryptSec 2014. LNCS, vol. 9024, pp. 3–12. Springer, Cham (2015). Scholar
  3. 3.
    Dimitrakakis, C., Mitrokotsa, A., Vaudenay, S.: Expected loss bounds for authentication in constrained channels. In: Proceedings of INFOCOM 2012, Orlando, Florida, March 2012Google Scholar
  4. 4.
    Dimitrakakis, C., Mitrokotsa, A., Vaudenay, S.: Expected loss analysis for authentication in constrained channels. J. Comput. Secur. 23(3), 309–329 (2015)CrossRefGoogle Scholar
  5. 5.
    Mitrokotsa, A., Peris-Lopez, P., Dimitrakakis, C., Vaudenay, S.: On selecting the nonce length in distance-bounding protocols. Comput. J. 56, 1216–1227 (2013)CrossRefGoogle Scholar
  6. 6.
    Mitrokotsa, A., Onete, C., Vaudenay, S.: Location leakage in distance bounding: why location privacy does not work. Comput. Secur. 45, 199–209 (2014)CrossRefGoogle Scholar
  7. 7.
    Aumasson, J.-P., Mitrokotsa, A., Peris-Lopez, P.: A note on a privacy-preserving distance-bounding protocol. In: Qing, S., Susilo, W., Wang, G., Liu, D. (eds.) ICICS 2011. LNCS, vol. 7043, pp. 78–92. Springer, Heidelberg (2011). Scholar
  8. 8.
    Pagnin, E., Yang, A., Hu, Q., Hancke, G., Mitrokotsa, A.: HB+ DB: distance bounding meets human based authentication. Future Gener. Comput. Syst. 80, 627–639 (2016)CrossRefGoogle Scholar
  9. 9.
    Mitrokotsa, A., Dimitrakakis, C., Peris-Lopez, P., Castro, J.C.H.: Reid et al’.s distance bounding protocol and mafia fraud attacks over noisy channels. IEEE Commun. Lett. 14(2), 121–123 (2010)CrossRefGoogle Scholar
  10. 10.
    Bay, A., Boureanu, I., Mitrokotsa, A., Spulber, I., Vaudenay, S.: The Bussard-Bagga and other distance-bounding protocols under attacks. In: Kutyłowski, M., Yung, M. (eds.) Inscrypt 2012. LNCS, vol. 7763, pp. 371–391. Springer, Heidelberg (2013). Scholar
  11. 11.
    Mitrokotsa, A., Onete, C., Vaudenay, S.: Mafia fraud attack against the RC distance-bounding protocol. In: Proceedings of the 2012 IEEE RFID Technology and Applications (IEEE RFID T-A), pp. 74–79. IEEE Press, Nice, November 2012Google Scholar
  12. 12.
    Pagnin, E., Yang, A., Hancke, G.P., Mitrokotsa, A.: HB+ DB, mitigating man-in-the-middle attacks against HB+ with distance bounding. In: Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, New York, NY, USA, 22–26 June 2015, pp. 3:1–3:6 (2015)Google Scholar
  13. 13.
    Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Practical and provably secure distance-bounding. J. Comput. Secur. 23(2), 229–257 (2015)CrossRefGoogle Scholar
  14. 14.
    Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Practical and provably secure distance-bounding. In: Proceedings of the 16th Information Security Conference (ISC), Dallas, Texas, USA, November 2013Google Scholar
  15. 15.
    Karlsson, C., Mitrokotsa, A.: Grouping-proof-distance-bounding protocols: keep all your friends close. IEEE Commun. Lett. 20(7), 1365–1368 (2016)Google Scholar
  16. 16.
    Pagnin, E., Hancke, G., Mitrokotsa, A.: Using distance-bounding protocols to securely verify the proximity of two-hop neighbours. IEEE Commun. Lett. 19(7), 1173–1176 (2015)CrossRefGoogle Scholar
  17. 17.
    Mitrokotsa, A., Onete, C., Pagnin, E., Perera, M.: Multi-hop distance estimation: how far are you? Cryptology ePrint Archive, Report 2017/705 (2017).
  18. 18.
    Kim, C.H., Avoine, G., Koeune, F., Standaert, F.-X., Pereira, O.: The swiss-knife RFID distance bounding protocol. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 98–115. Springer, Heidelberg (2009). Scholar
  19. 19.
    Tu, Y.J., Piramuthu, S.: RFID distance bounding protocols. In: Proceeidngs of 1st International EURASIP Workshop on RFID Technology (2007)Google Scholar
  20. 20.
    Shih, C.Y., Marrón, P.J.: Cola: complexity-reduced trilateration approach for 3D localization in wireless sensor networks. In: 2010 Fourth International Conference on Sensor Technologies and Applications (SENSORCOMM), pp. 24–32, July 2010Google Scholar
  21. 21.
    Papamanthou, C., Preparata, F.P., Tamassia, R.: Algorithms for location estimation based on RSSI sampling. In: Fekete, S.P. (ed.) ALGOSENSORS 2008. LNCS, vol. 5389, pp. 72–86. Springer, Heidelberg (2008). Scholar

Copyright information

© IFIP International Federation for Information Processing 2018

Authors and Affiliations

  1. 1.University of the AegeanSamosGreece
  2. 2.Chalmers University of TechnologyGothenburgSweden

Personalised recommendations