The Not-so-distant Future: Distance-Bounding Protocols on Smartphones - Archive ouverte HAL Access content directly
Conference Papers Year :

The Not-so-distant Future: Distance-Bounding Protocols on Smartphones

(1) , (2) , (3)


In authentication protocols, a relay attack allows an adversary to impersonate a legitimate prover, possibly located far away from a veri fier, by simply forwarding messages between these two entities. The e ffectiveness of such attacks has been demonstrated in practice in many environments, such as ISO 14443-compliant smartcards and carlocking mechanisms. Distance-bounding (DB) protocols, which enable the verifi er to check his proximity to the prover, are a promising countermeasure against relay attacks. In such protocols, the veri fier measures the time elapsed between sending a challenge and receiving the associated response of the prover to estimate their proximity. So far, distance bounding has remained mainly a theoretical concept. Indeed in practice, only three ISO 14443-compliant implementations exist: two proprietary smartcard ones and one on highly-customized hardware. In this paper, we demonstrate a proof-of-concept implementation of the Swiss-Knife DB protocol on smartphones running in RFID-emulation mode. To our best knowledge, this is the fi rst time that such an implementation has been performed. Our experimental results are encouraging as they show that relay attacks introducing more than 1:5 ms are directly detectable (in general off -the-shelf relay attacks introduce at least 10 ms of delay). We also leverage on the full power of the ISO-DEP speci cation to implement the same protocol with 8-bit challenges and responses, thus reaching a better security level per execution without increasing the possibility of relay attacks. The analysis of our results leads to new promising research directions in the area of distance bounding.
Not file

Dates and versions

hal-01244606 , version 1 (16-12-2015)



Sébastien Gambs, Carlos Eduardo Rosar Kos Lassance, Cristina Onete. The Not-so-distant Future: Distance-Bounding Protocols on Smartphones. 14th Smart Card Research and Advanced Application Conference, Nov 2015, Bochum, Germany. p.209-224, ⟨10.1007/978-3-319-31271-2_13⟩. ⟨hal-01244606⟩
3024 View
0 Download



Gmail Facebook Twitter LinkedIn More