Abstract
In authentication protocols, a relay attack allows an adversary to impersonate a legitimate prover, possibly located far away from a verifier, by simply forwarding messages between these two entities. The effectiveness of such attacks has been demonstrated in practice in many environments, such as ISO 14443-compliant smartcards and car-locking mechanisms. Distance-bounding (DB) protocols, which enable the verifier to check his proximity to the prover, are a promising countermeasure against relay attacks. In such protocols, the verifier measures the time elapsed between sending a challenge and receiving the associated response of the prover to estimate their proximity. So far, distance bounding has remained mainly a theoretical concept. Indeed in practice, only three ISO 14443-compliant implementations exist: two proprietary smartcard ones and one on highly-customized hardware. In this paper, we demonstrate a proof-of-concept implementation of the Swiss-Knife DB protocol on smartphones running in RFID-emulation mode. To our best knowledge, this is the first time that such an implementation has been performed. Our experimental results are encouraging as they show that relay attacks introducing more than 1.5 ms are directly detectable (in general off-the-shelf relay attacks introduce at least 10 ms of delay). We also leverage on the full power of the ISO-DEP specification to implement the same protocol with 8-bit challenges and responses, thus reaching a better security level per execution without increasing the possibility of relay attacks. The analysis of our results leads to new promising research directions in the area of distance bounding.
The authors are listed by alphabetical order.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
These sources can be downloaded at https://source.android.com/source/downloading.html.
- 2.
These versions are available at https://developers.google.com/android/nexus/images.
References
Avoine, G., Tchamkerten, A.: An efficient distance bounding RFID authentication protocol: balancing false-acceptance rate and memory requirement. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 250–261. Springer, Heidelberg (2009)
Brands, S., Chaum, D.: Distance bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)
Carluccio, D., Kasper, T., Paar, C.: Implementation details of a multi purpose ISO 14443 rfidtool. In: Printed handout of RFIDSec 06 (2006)
Clulow, J., Hancke, G.P., Kuhn, M.G., Moore, T.: So near and yet so far: distance-bounding attacks in wireless networks. In: Buttyán, L., Gligor, V.D., Westhoff, D. (eds.) ESAS 2006. LNCS, vol. 4357, pp. 83–97. Springer, Heidelberg (2006)
Desmedt, Y.G., Goutier, C., Bengio, S.: Special uses and abuses of the fiat shamir passport protocol (extended abstract). In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 21–39. Springer, Heidelberg (1988)
Fischlin, M., Onete, C.: Subtle kinks in distance bounding: an analysis of prominent protocols. In: Proceedings of WiSec 2013, pp. 195–206. ACM (2013)
Francillon, A., Danev, B., Čapkun, S.: Relay attacks on passive keyless entry and start systems in modern cars. In: Proceedings of NDSS 2011 (2011)
Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Practical relay attack oncontactless transactions by using NFC mobile phones. In: Proceedings of RFID-Sec 2010, pp. 35–49 (2010)
Haataja, K., Toivanen, P.: Two practical man-in-the-middle attacks on bluetooth secure simple pairing and countermeasures. Trans. Wirel. Commun. 9(1), 384–392 (2010)
Hancke, G., Kuhn, M.: An RFID distance bounding protocol. In: Proceedings of SECURECOMM 2005, pp. 67–73. IEEE Computer Society (2005)
Hancke, G.P.: A practical relay attack on ISO 14443 proximity cards. http://www.rfidblog.org.uk/hancke-rfidrelay.pdf. Accessed 9 January 2015
Henzl, M., Hanáček, P., Kačic, M.: Preventing real-world relay attacks on contactless devices. In: Proceedings of IEEE ICCST 2014, pp. 376–381. IEEE (2014)
Hlaváč, M., Tomáč, R.: A note on the relay attacks on e-passports (2007). http://eprint.iacr.org/2007/244.pdf
ISO/IEC-14443: Identification cards - contactless integrated circuit(s) cards - proximity cards. Technical report, International Organization for Standardization (2008)
Juels, A.: RFID security and privacy: a research survey. IEEE J. Sel. Areas Commun. 24(2), 381–394 (2006)
Kim, C.H., Avoine, G., Koeune, F., Standaert, F.X., Pereira, O.: The swiss-knife RFID distance bounding protocol. In: Proceedings of ICISC 2008 (2008)
NFC Forum TM: NFC Controller Interface (NCI), version 1.1 edn. (2014)
NFC Forum TM: NFC Digital Protocol, version 1.1 edn. (2014)
Oren, Y., Wool, A.: relay attacks on RFID-based electronic voting systems. Cryptology ePrint Archive, Report 2009/442 (2009). http://eprint.iacr.org/2009/422.pdf
Ranganathan, A., Tippenhauer, N.O., Škorić, B., Singelée, D., Čapkun, S.: Design and implementation of a terrorist fraud resilient distance bounding system. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 415–432. Springer, Heidelberg (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Gambs, S., Lassance, C.E.R.K., Onete, C. (2016). The Not-so-Distant Future: Distance-Bounding Protocols on Smartphones. In: Homma, N., Medwed, M. (eds) Smart Card Research and Advanced Applications. CARDIS 2015. Lecture Notes in Computer Science(), vol 9514. Springer, Cham. https://doi.org/10.1007/978-3-319-31271-2_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-31271-2_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31270-5
Online ISBN: 978-3-319-31271-2
eBook Packages: Computer ScienceComputer Science (R0)