Cryptology ePrint Archive: Report 2018/440

Formal Analysis of Distance Bounding with Secure Hardware

Handan KılınÁ and Serge Vaudenay

Abstract: A distance bounding (DB) protocol is a two-party authentication protocol between a prover and a verifier which is based on the distance between the prover and the verifier. It aims to defeat threats by malicious provers who try to convince that they are closer to the verifier or adversaries which seek to impersonate a far-away prover. All these threats are covered in several security definitions and it is not possible to have a single definition covering all. In this paper, we describe a new DB model with three parties where the new party is named hardware. In this model, called secure hardware model (SHM), the hardware is held by the prover without being able to tamper with. We define an all-in-one security model which covers all the threats of DB and an appropriate privacy notion for SHM. In the end, we construct the most efficient (in terms of computation by the prover-hardware and number of rounds) and secure DB protocols achieving the optimal security bounds as well as privacy.

Category / Keywords: distance bounding, RFID, NFC, relay attack, tamper resistance, terrorist fraud

Original Publication (with major differences): ACNS 2018

Date: received 10 May 2018, last revised 14 May 2018

Contact author: handan kilinc at epfl ch

Available format(s): PDF | BibTeX Citation

Version: 20180514:144652 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]