Security Analysis of the Distance Bounding Protocol Proposed by Jannati and Falahati

Document Type: Research Paper

Authors

1 Faculty of Electrical Engineering, Shahid Rajaee Teacher Training University, Tehran, Iran

2 Faculty of Computer Engineering, Shahid Rajaee Teacher Training University, Tehran, Iran

Abstract

In this paper, the security of a distance bounding protocol is analyzed which has been recently proposed by Jannati and Falahati (so-called JF). We prove that an adversary can recover key bits of JF protocol with probability of “1” while the complexity of attack is “2n” runs of protocol. In addition, we propose an improved protocol and prove that the improved protocol is resistant to mafia fraud attack, distance fraud attack and key recovery attack.

Keywords


[1] J.-P. Aumasson, A. Mitrokotsa, and P. Peris-Lopez, “A Note on a Privacy- Preserving Distance-Bounding Protocol,” In S. Qing, W. Susilo, G. Wang, and D. Liu, editors, ICICS, volume 7043 of Lecture Notes in Computer Science, pp. 78-92. Springer, 2011.

[2] G. Avoine and A. Tchamkerten, “An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and Memory Requirement,” In P. Samarati, M. Yung, F. Martinelli, and C. A. Ardagna, editors, ISC, volume 5735 of Lecture Notes in Computer Science, pp. 250-261. Springer, 2009.

[3] S. Brands and D. Chaum, “Distance-Bounding Protocols,” In T. Helleseth, editor, EUROCRYPT, volume 765 of Lecture Notes in Computer Science, pp. 344-359. Springer, 1993.

[4] G. P. Hancke and M. G. Kuhn, “An RFID Distance Bounding Protocol,” In SecureComm, pp. 67-73. IEEE, 2005.

[5] S. Kardas, M. S. Kiraz, M. A. Bingöl, and H. Demirci, “A Novel RFID Distance Bounding Protocol Based on Physically Unclonable Functions,” In A. Juels and C. Paar, editors, RFIDSec, volume 7055 of Lecture Notes in Computer Science, pp. 78-93. Springer, 2011.

[6] C. H. Kim and G. Avoine, “RFID distance bounding protocol with mixed challenges to prevent relay attacks,” IACR Cryptology ePrint Archive, 2009:310, 2009.

[7] A. Mitrokotsa, C. Onete, and S. Vaudenay, “Mafia fraud attack against the R Distance-Bounding Protocol,” In RFID-TA, pp. 74- 79. IEEE, 2012.

[8] J. Munilla and A. Peinado, “Distance bounding protocols for RFID enhanced by using void-challenges and analysis in noisy channels,” Wireless Communications and Mobile Computing, 8(9), pp.1227-1232, 2008.

[9] P. Peris-Lopez, A. Orfila, E. Palomar, and J. C. Hernandez-Castro, “A secure distance-based RFID identification protocol with an offline backend database,” Personal and Ubiquitous Computing, 16(3), pp.351-365, 2012.

[10] A. Yang, Y. Zhuang, and D. S. Wong, “An Efficient Single-SlowPhase Mutually Authenticated RFID Distance Bounding Protocol with Tag Privacy,” In T. W. Chim and T. H. Yuen, editors, ICICS, volume 7618 of Lecture Notes in Computer Science, pp. 285-292. Springer, 2012.

[11] G. Avoine, M. A. Bingöl, S. Kardas, C. Lauradoux, and B. Martin, “A framework for analyzing RFID distance bounding protocols,” Journal of Computer Security, 19(2), pp.289-317, 2011.

[12] C. J. F. Cremers, K. B. Rasmussen, and S. Capkun, “Distance Hijacking Attacks on Distance Bounding Protocols,” In NDSS. The Internet Society, 2012.

[13] C. H. Kim and G. Avoine, “RFID Distance Bounding Protocols with Mixed Challenges,” IEEE Transactions on Wireless Communications, 10(5), pp.1618-1626, 2011.

[14] H. Jannati and A. Falahati, “Mutual Implementation of Predefined and Random Challenges over RFID Distance Bounding Protocol,” 9 thInternational ISC Conference on Information Security and Cryptology, 2012

[15] A. Ö. Gürel, A. Arslan, and M. Akgün, “Non-uniform Stepping Approach to RFID Distance Bounding Problem,” In J. GarcíaAlfaro, G. Navarro- Arribas, A. R. Cavalli, and J. Leneutre, editors, DPM/SETOP, volume 6514 of Lecture Notes in Computer Science, pp. 64-78. Springer, 2010.

[16] C. H. Kim, G. Avoine, F. Koeune, F.-X. Standaert, and O. Pereira,“The Swiss-Knife RFID Distance Bounding Protocol,” In P. J. Lee and J. H. Cheon, editors, ICISC, volume 5461 of Lecture Notes in Computer Science, pp. 98-115. Springer, 2008.