EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Secure verification of location claims
WiSe '03 Proceedings of the 2nd ACM workshop on Wireless security
SECTOR: secure tracking of node encounters in multi-hop wireless networks
Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks
An RFID Distance Bounding Protocol
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Detecting relay attacks with timing-based protocols
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Keep your enemies close: distance bounding against smartcard relay attacks
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Distance bounding in noisy environments
ESAS'07 Proceedings of the 4th European conference on Security and privacy in ad-hoc and sensor networks
So near and yet so far: distance-bounding attacks in wireless networks
ESAS'06 Proceedings of the Third European conference on Security and Privacy in Ad-Hoc and Sensor Networks
Towards provable secure neighbor discovery in wireless networks
Proceedings of the 6th ACM workshop on Formal methods in security engineering
Attacks on public WLAN-based positioning systems
Proceedings of the 7th international conference on Mobile systems, applications, and services
Effectiveness of distance-decreasing attacks against impulse radio ranging
Proceedings of the third ACM conference on Wireless network security
Attacks on a distance bounding protocol
Computer Communications
ID-based secure distance bounding and localization
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Practical NFC peer-to-peer relay attack using mobile phones
RFIDSec'10 Proceedings of the 6th international conference on Radio frequency identification: security and privacy issues
Realization of RF distance bounding
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Design of a secure distance-bounding channel for RFID
Journal of Network and Computer Applications
How secret-sharing can defeat terrorist fraud
Proceedings of the fourth ACM conference on Wireless network security
Physical-layer attacks on chirp-based ranging systems
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
Security Risks Associated with Radio Frequency Identification in Medical Environments
Journal of Medical Systems
Implementing graceful RFID privilege reduction
Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
| Hi-index | 0.00 |
Cryptographic distance-bounding protocols verify the proximity of two parties by timing a challenge-response exchange. Such protocols rely on the underlying communication channel for accurate and fraud-resistant round- trip-time measurements, therefore the channel's exact timing properties and low-level implementation details become security critical. We practically implement 'late-commit' attacks, against two commercial radio receivers used in RFID and sensor networks, that exploit the latency in the modulation and decoding stages. These allow the attacker to extend the distance to the verifier by several kilometers. We also discuss how 'overclocking' a receiver can make a prover respond early. We practically implement this attack against an ISO 14443A RFID token and manage to get a response 10 µs earlier than normal. We conclude that conventional RF channels can be problematic for secure distance-bounding implementations and discuss the merits and weaknesses of special distance-bounding channels that have been proposed for RFID applications.