Document Type : Original Research Paper


1 Faculty of Electrical Engineering, Shahid Rajaee Teacher Training University, Tehran, Iran

2 Faculty of Computer Engineering, Shahid Rajaee Teacher Training University, Tehran, Iran


In this paper, the security of a distance bounding protocol is analyzed which has been recently proposed by Jannati and Falahati (so-called JF). We prove that an adversary can recover key bits of JF protocol with probability of “1” while the complexity of attack is “2n” runs of protocol. In addition, we propose an improved protocol and prove that the improved protocol is resistant to mafia fraud attack, distance fraud attack and key recovery attack.


[1] J.-P. Aumasson, A. Mitrokotsa, and P. Peris-Lopez, “A Note on a Privacy- Preserving Distance-Bounding Protocol,” In S. Qing, W. Susilo, G. Wang, and D. Liu, editors, ICICS, volume 7043 of Lecture Notes in Computer Science, pp. 78-92. Springer, 2011.

[2] G. Avoine and A. Tchamkerten, “An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and Memory Requirement,” In P. Samarati, M. Yung, F. Martinelli, and C. A. Ardagna, editors, ISC, volume 5735 of Lecture Notes in Computer Science, pp. 250-261. Springer, 2009.

[3] S. Brands and D. Chaum, “Distance-Bounding Protocols,” In T. Helleseth, editor, EUROCRYPT, volume 765 of Lecture Notes in Computer Science, pp. 344-359. Springer, 1993.

[4] G. P. Hancke and M. G. Kuhn, “An RFID Distance Bounding Protocol,” In SecureComm, pp. 67-73. IEEE, 2005.

[5] S. Kardas, M. S. Kiraz, M. A. Bingöl, and H. Demirci, “A Novel RFID Distance Bounding Protocol Based on Physically Unclonable Functions,” In A. Juels and C. Paar, editors, RFIDSec, volume 7055 of Lecture Notes in Computer Science, pp. 78-93. Springer, 2011.

[6] C. H. Kim and G. Avoine, “RFID distance bounding protocol with mixed challenges to prevent relay attacks,” IACR Cryptology ePrint Archive, 2009:310, 2009.

[7] A. Mitrokotsa, C. Onete, and S. Vaudenay, “Mafia fraud attack against the R Distance-Bounding Protocol,” In RFID-TA, pp. 74- 79. IEEE, 2012.

[8] J. Munilla and A. Peinado, “Distance bounding protocols for RFID enhanced by using void-challenges and analysis in noisy channels,” Wireless Communications and Mobile Computing, 8(9), pp.1227-1232, 2008.

[9] P. Peris-Lopez, A. Orfila, E. Palomar, and J. C. Hernandez-Castro, “A secure distance-based RFID identification protocol with an offline backend database,” Personal and Ubiquitous Computing, 16(3), pp.351-365, 2012.

[10] A. Yang, Y. Zhuang, and D. S. Wong, “An Efficient Single-SlowPhase Mutually Authenticated RFID Distance Bounding Protocol with Tag Privacy,” In T. W. Chim and T. H. Yuen, editors, ICICS, volume 7618 of Lecture Notes in Computer Science, pp. 285-292. Springer, 2012.

[11] G. Avoine, M. A. Bingöl, S. Kardas, C. Lauradoux, and B. Martin, “A framework for analyzing RFID distance bounding protocols,” Journal of Computer Security, 19(2), pp.289-317, 2011.

[12] C. J. F. Cremers, K. B. Rasmussen, and S. Capkun, “Distance Hijacking Attacks on Distance Bounding Protocols,” In NDSS. The Internet Society, 2012.

[13] C. H. Kim and G. Avoine, “RFID Distance Bounding Protocols with Mixed Challenges,” IEEE Transactions on Wireless Communications, 10(5), pp.1618-1626, 2011.

[14] H. Jannati and A. Falahati, “Mutual Implementation of Predefined and Random Challenges over RFID Distance Bounding Protocol,” 9 thInternational ISC Conference on Information Security and Cryptology, 2012

[15] A. Ö. Gürel, A. Arslan, and M. Akgün, “Non-uniform Stepping Approach to RFID Distance Bounding Problem,” In J. GarcíaAlfaro, G. Navarro- Arribas, A. R. Cavalli, and J. Leneutre, editors, DPM/SETOP, volume 6514 of Lecture Notes in Computer Science, pp. 64-78. Springer, 2010.

[16] C. H. Kim, G. Avoine, F. Koeune, F.-X. Standaert, and O. Pereira,“The Swiss-Knife RFID Distance Bounding Protocol,” In P. J. Lee and J. H. Cheon, editors, ICISC, volume 5461 of Lecture Notes in Computer Science, pp. 98-115. Springer, 2008.


Journal of Electrical and Computer Engineering Innovations (JECEI) welcomes letters to the editor for the post-publication discussions and corrections which allows debate post publication on its site, through the Letters to Editor. Letters pertaining to manuscript published in JECEI should be sent to the editorial office of JECEI within three months of either online publication or before printed publication, except for critiques of original research. Following points are to be considering before sending the letters (comments) to the editor.

[1] Letters that include statements of statistics, facts, research, or theories should include appropriate references, although more than three are discouraged.

[2] Letters that are personal attacks on an author rather than thoughtful criticism of the author’s ideas will not be considered for publication.

[3] Letters can be no more than 300 words in length.

[4] Letter writers should include a statement at the beginning of the letter stating that it is being submitted either for publication or not.

[5] Anonymous letters will not be considered.

[6] Letter writers must include their city and state of residence or work.

[7] Letters will be edited for clarity and length.