Abstract
Radio Frequency Identification (RFID) systems are vulnerable to relay attacks (i.e., mafia, terrorist and distance frauds) when they are used for authentication purposes. Distance bounding protocols are particularly designed as a countermeasure against these attacks. These protocols aim to ensure that the tags are in a distant area by measuring the round-trip delays during a rapid challenge-response exchange of short authenticated messages. Terrorist fraud is the most challenging attack to avoid, because a legitimate user (a tag owner) collaborates with an attacker to defeat the authentication system. Many RFID distance bounding protocols have been proposed recently, with encouraging results. However, none of them provides the ideal security against the terrorist fraud.
Motivated by this need, we first introduce a strong adversary model for Physically Unclonable Functions (PUFs) based authentication protocol in which the adversary has access to volatile memory of the tag. We show that the security of Sadeghi et al.’s PUF based authentication protocol is not secure in this model. We provide a new technique to improve the security of their protocol. Namely, in our scheme, even if an adversary has access to volatile memory she cannot obtain all long term keys to clone the tag. Next, we propose a novel RFID distance bounding protocol based on PUFs which satisfies the expected security requirements. Comparing to the previous protocols, the use of PUFs in our protocol enhances the system in terms of security, privacy and tag computational overhead. We also prove that our extended protocol with a final signature provides the ideal security against all those frauds, remarkably the terrorist fraud. Besides that, our protocols enjoy the attractive properties of PUFs, which provide the most cost efficient and reliable means to fingerprint chips based on their physical properties.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Avoine, G., Bingöl, M.A., Kardaş, S., Lauradoux, C., Martin, B.: A Framework for Analyzing RFID Distance Bounding Protocols. Journal of Computer Security – Special Issue on RFID System Security 19(2), 289–317 (2011)
Avoine, G., Floerkemeier, C., Martin, B.: RFID Distance Bounding Multistate Enhancement. In: Roy, B., Sendrier, N. (eds.) INDOCRYPT 2009. LNCS, vol. 5922, pp. 290–307. Springer, Heidelberg (2009)
Beth, T., Desmedt, Y.: Identification Tokens – or: Solving the Chess Grandmaster Problem. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 169–177. Springer, Heidelberg (1991)
Bolotnyy, L., Robins, G.: Physically unclonable function-based security and privacy in rfid systems. In: Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications, pp. 211–220. IEEE Computer Society, Washington, DC, USA (2007)
Brands, S., Chaum, D.: Distance Bounding Protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)
Bussard, L., Bagga, W.: Distance-bounding proof of knowledge to avoid real-time attacks. In: Ryoichi, S., Sihan, Q., Eiji, O. (eds.) Security and Privacy in the Age of Ubiquitous Computing, Chiba, Japan. IFIP International Federation for Information Processing, vol. 181, pp. 223–238. Springer, Heidelberg (2005)
Conway, J.H.: On Numbers and Games. London Mathematical Society Monographs, vol. 6. Academic Press, London (1976)
Desmedt, Y., Goutier, C., Bengio, S.: Special Uses and Abuses of the Fiat Shamir Passport Protocol. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 21–39. Springer, Heidelberg (1988)
Devadas, S., Suh, E., Paral, S., Sowell, R., Ziola, T., Khandelwal, V.: Design and Implementation of PUF-Based ”Unclonable” RFID ICs for Anti-Counterfeiting and Security Applications. In: 2008 IEEE International Conference on RFID, pp. 58–64 (2008)
Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)
Dolev, D., Yao, A.C.-C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–207 (1983)
Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold-boot attacks on encryption keys. Commun. ACM 52, 91–98 (2009)
Hancke, G.: A Practical Relay Attack on ISO 14443 Proximity Cards (February 2005) (manuscript)
Hancke, G., Kuhn, M.: An RFID Distance Bounding Protocol. In: Conference on Security and Privacy for Emerging Areas in Communication Networks – SecureComm 2005, Athens, Greece. IEEE (2005)
Hancke, G.P., Mayes, K., Markantonakis, K.: Confidence in smart token proximity: Relay attacks revisited. Computers & Security 28(7), 615–627 (2009)
Hancke, G.P.: Practical Attacks on Proximity Identification Systems (Short Paper). In: IEEE Symposium on Security and Privacy – S&P 2006, Oakland, California, USA. IEEE, IEEE Computer Society (2006)
Hlaváč, M., Rosa, T.: A Note on the Relay Attacks on e-Passports: The Case of Czech e-Passports. In: Cryptology ePrint Archive, Report 2007/244 (2007)
Holcomb, D.E., Burleson, W.P., Fu, K.: Initial SRAM state as a fingerprint and source of true random numbers for RFID tags. In: Proceedings of the Conference on RFID Security (2007)
Kara, O., Kardaş, S., Bingöl, M.A., Avoine, G.: Optimal Security Limits of RFID Distance Bounding Protocols. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 220–238. Springer, Heidelberg (2010)
Kim, C.H., Avoine, G., Koeune, F., Standaert, F.-X., Pereira, O.: The Swiss-Knife RFID Distance Bounding Protocol. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 98–115. Springer, Heidelberg (2009)
Kulseng, L.: Lightweight mutual authentication, ownership transfer, and secure search protocols for rfid systems. Master’s thesis, Electrical & Computer Engineering Department, Iowa State University (2009)
Markantonakis, K., Tunstall, M., Hancke, G., Askoxylakis, I., Mayes, K.: Attacking smart card systems: Theory and practice. Information Security Technical Report 14(2), 46–56 (2009); Smart Card Applications and Security
Munilla, J., Peinado, A.: Distance bounding protocols for RFID enhanced by using void-challenges and analysis in noisy channels. Wireless Communications and Mobile Computing 8(9), 1227–1232 (2008)
Naccache, D., Fremanteau, P.: Unforgeable identification device, identification device reader and method of identification. Patent-EP0583709 (1994)
Nikov, V., Vauclair, M.: Yet Another Secure Distance-Bounding Protocol. In: Cryptology ePrint Archive, Report 2008/319 (2008)
NXP. NXP mifare plus – benchmark security for mainstream applications (2009), http://mifare.net/downloads/NXP_Mifare_Plus_leaflet.pdf
Ranasinghe, D.C., Engels, D.W., Cole, P.H.: Security and Privacy: Modest Proposals for Low-Cost RFID Systems. In: Proc. Auto-ID Labs Research Workshop Systems (2004)
Reid, J., Gonzaez Neito, J., Tang, T., Senadji, B.: Detecting relay attacks with timing based protocols. In: Bao, F., Miller, S. (eds.) Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security – ASIACCS 2007, Singapore, Republic of Singapore, pp. 204–213. ACM (March 2007)
Sadeghi, A.-R., Visconti, I., Wachsmann, C.: PUF-Enhanced RFID Security and Privacy. In: Secure Component and System Identification – SECSI 2010, Cologne, Germany (April 2010)
Singelée, D., Preneel, B.: Key Establishment Using Secure Distance Bounding Protocols. In: MOBIQUITOUS 2007: Proceedings of the 2007 Fourth Annual International Conference on Mobile and Ubiquitous Systems: Networking&Services (MobiQuitous), Philadelphia, Pennsylvania, USA, pp. 1–6. IEEE Computer Society (August 2007)
Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: DAC 2007: Proceedings of the 44th Annual Design Automation Conference, pp. 9–14. ACM, New York (2007)
Trujillo-Rasua, R., Martin, B., Avoine, G.: The Poulidor Distance-Bounding Protocol. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 239–257. Springer, Heidelberg (2010)
Tu, Y.-J., Piramuthu, S.: RFID Distance Bounding Protocols. In: First International EURASIP Workshop on RFID Technology, Vienna, Austria (September 2007)
Tuyls, P., Batina, L.: RFID-Tags for Anti-counterfeiting. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 115–131. Springer, Heidelberg (2006)
Vaudenay, S.: On Privacy Models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)
Čapkun, S., Buttyán, L., Hubaux, J.-P.: SECTOR: secure tracking of node encounters in multi-hop wireless networks. In: SASN 2003: Proceedings of the 1st ACM Workshop on Security of Ad Hoc and Sensor Networks, pp. 21–32. ACM, New York (2003)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy Extractors. In: Security with Noisy Data, pp. 79–99. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kardaş, S., Kiraz, M.S., Bingöl, M.A., Demirci, H. (2012). A Novel RFID Distance Bounding Protocol Based on Physically Unclonable Functions. In: Juels, A., Paar, C. (eds) RFID. Security and Privacy. RFIDSec 2011. Lecture Notes in Computer Science, vol 7055. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25286-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-25286-0_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25285-3
Online ISBN: 978-3-642-25286-0
eBook Packages: Computer ScienceComputer Science (R0)