Paper 2018/440

Formal Analysis of Distance Bounding with Secure Hardware

Handan Kılınç and Serge Vaudenay


A distance bounding (DB) protocol is a two-party authentication protocol between a prover and a verifier which is based on the distance between the prover and the verifier. It aims to defeat threats by malicious provers who try to convince that they are closer to the verifier or adversaries which seek to impersonate a far-away prover. All these threats are covered in several security definitions and it is not possible to have a single definition covering all. In this paper, we describe a new DB model with three parties where the new party is named hardware. In this model, called secure hardware model (SHM), the hardware is held by the prover without being able to tamper with. We define an all-in-one security model which covers all the threats of DB and an appropriate privacy notion for SHM. In the end, we construct the most efficient (in terms of computation by the prover-hardware and number of rounds) and secure DB protocols achieving the optimal security bounds as well as privacy.

Available format(s)
Publication info
Published elsewhere. MAJOR revision.ACNS 2018
distance boundingRFIDNFCrelay attacktamper resistanceterrorist fraud
Contact author(s)
handan kilinc @ epfl ch
2018-05-14: received
Short URL
Creative Commons Attribution


      author = {Handan Kılınç and Serge Vaudenay},
      title = {Formal Analysis of Distance Bounding with Secure Hardware},
      howpublished = {Cryptology ePrint Archive, Paper 2018/440},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.