Cryptology ePrint Archive: Report 2011/075

A Novel RFID Distance Bounding Protocol Based on Physically Unclonable Functions

Suleyman Kardas and Mehmet Sabir Kiraz and Muhammed Ali Bingol and Huseyin Demirci

Abstract: Radio Frequency Identification (RFID) systems are vulnerable to relay attacks (i.e., mafia, terrorist and distance frauds) when they are used for authentication purposes. Distance bounding protocols are particularly designed as a countermeasure against these attacks. These protocols aim to ensure that the tags are in a distant area by measuring the round-trip delays during a rapid challenge-response exchange of short authenticated messages. Terrorist fraud is the most challenging attack to avoid, because a legitimate user (a tag owner) collaborates with an attacker to defeat the authentication system. Many RFID distance bounding protocols have been proposed recently, with encouraging results. However, none of them provides the ideal security against the terrorist fraud.

Motivated by this need, we first introduce a strong adversary model for Physically Unclonable Functions (PUFs) based authentication protocol in which the adversary has access to volatile memory of the tag. We show that the security of Sadeghi \textit{et al.}'s PUF based authentication protocol is not secure in this model. We provide a new technique to improve the security of their protocol. Namely, in our scheme, even if an adversary has access to volatile memory she cannot obtain all long term keys to clone the tag. Next, we propose a novel RFID distance bounding protocol based on PUFs which satisfies the expected security requirements. Comparing to the previous protocols, the use of PUFs in our protocol enhances the system in terms of security and privacy. We also prove that our extended protocol with a final signature provides the ideal security against all those frauds, remarkably the terrorist fraud. Besides that, our protocols enjoy the attractive properties of PUFs, which provide a cost efficient and reliable method to fingerprint chips based on their physical properties.

Category / Keywords: RFID, Distance Bounding Protocol, PUF, Security, Terrorist fraud.

Date: received 14 Feb 2011, last revised 4 Mar 2011, withdrawn 18 Jan 2012

Contact author: skardas at gmail com

Available format(s): (-- withdrawn --)

Version: 20120118:182658 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]