Security analysis of two distance-bounding protocols

Authors:
Mohammad Reza Sohizadeh Abyaneh
Affiliations:
Selmer Center, University of Bergen, Norway
Venue:
RFIDSec'11 Proceedings of the 7th international conference on RFID Security and Privacy
Year:
2011

Citing 10
Cited 2

Distance-bounding protocols

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
An RFID Distance Bounding Protocol

SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Detecting relay attacks with timing-based protocols

ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
The Swiss-Knife RFID Distance Bounding Protocol

Information Security and Cryptology --- ICISC 2008
Security in RFID and Sensor Networks

Security in RFID and Sensor Networks
An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and Memory Requirement

ISC '09 Proceedings of the 12th International Conference on Information Security
RFID Distance Bounding Protocol with Mixed Challenges to Prevent Relay Attacks

CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Optimal security limits of RFID distance bounding protocols

RFIDSec'10 Proceedings of the 6th international conference on Radio frequency identification: security and privacy issues
The Poulidor distance-bounding protocol

RFIDSec'10 Proceedings of the 6th international conference on Radio frequency identification: security and privacy issues
Non-uniform stepping approach to RFID distance bounding problem

DPM'10/SETOP'10 Proceedings of the 5th international Workshop on data privacy management, and 3rd international conference on Autonomous spontaneous security

A formal approach to distance-bounding RFID protocols

ISC'11 Proceedings of the 14th international conference on Information security
Subtle kinks in distance-bounding: an analysis of prominent protocols

Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we analyze the security of two recently proposed distance bounding protocols called the "Hitomi" and the "NUS" protocols. Our results show that the claimed security of both protocols has been overestimated. Namely, we show that the Hitomi protocol is susceptible to a full secret key disclosure attack which not only results in violating the privacy of the protocol but also can be exploited for further attacks such as impersonation, mafia fraud and terrorist fraud attacks. Our results also demonstrates that the probability of success in a distance fraud attack against the NUS protocol can be increased up to $(\frac{3}{4})^n$ and even slightly more, if the adversary is furnished with some computational capabilities.