Distance-bounding protocol
Distance bounding protocols are cryptographic protocols that enable a verifier V to establish an upper bound on the physical distance to a prover P. They are based on timing the delay between sending out challenge bits and receiving back the corresponding response bits. The delay time for responses enables V to compute an upper-bound on the distance, as the round trip delay time divided into twice the speed of light. The computation is based on the fact that electro-magnetic waves travel nearly at the speed of light, but cannot travel faster.
Distance bounding protocols can have different applications. For example, when a person conducts a cryptographic identification protocol at an entrance to a building, the access control computer in the building would like to be ensured that the person giving the responses is no more than a few meters away.
RF Implementation
The distance bound computed by a radio frequency distance bounding protocol is very sensitive to even the slightest processing delay. This is because any delay introduced, anywhere in the system, will be multiplied by approximately 299,792,458 m/s (the speed of light) in order to convert time into distance. This means that even delays on the order of nanoseconds will result in significant errors in the distance bound (a timing error of 1 ns corresponds to a distance error of 15 cm).
Because of the extremely tight timing constraints and the fact that a distance bounding protocol requires that the prover apply an appropriate function to the challenge sent by the verifier, it is not trivial to implement distance bounding in actual physical hardware. Conventional radios have processing times that are orders of magnitudes too big, even if the function applied is a simple XOR.
In 2010, Rasmussen and Capkun devised a way for the prover to apply a function using pure analog components.[1] The result is a circuit whose processing delay is below 1 nanosecond from receiving a challenge till sending back the response. This processing delay translates into a maximum potential distance error of 15 cm.
In 2015, the same protocol was modified, prototyped and practically evaluated for ten indoor and outdoor locations. The authors modified the originally devised protocol from "channel selection" to "polarization selection" which economizes the whole design in terms of energy, spectrum and hardware. They also proposed a scheme for device synchronization in a passive but secure way. Furthermore, authors took noise analysis into account and calculated bit error rate during their experiments while estimated the protocol failure, false-acceptance and false-rejection probabilities for their protocol.[2]
References
- ↑ "Realization of RF Distance Bounding" (PDF).
- ↑ Muhammad Jawad Hussain, Li Lu, Hongzi Zhu (2015). "TIGHT: A Cross-Layer RF Distance Bounding Realization for Passive Wireless Devices". IEEE Transactions on Wireless Communications 14 (6): 3076–3085.
- Ioana Boureanu, Aikaterini Mitrokotsa, Serge Vaudenay, Practical & Provably Secure Distance-Bounding Proceedings of the Information Security Conference (ISC) 2013.
- Kasper Bonne Rasmussen, Srdjan Capkun, Realization of RF Distance Bounding. Proceedings of the USENIX Security Symposium, 2010
- Gildas Avoine, Muhammed Ali Bingöl, Süleyman Kardaş, Cédric Lauradoux and Benjamin Martin, A Framework for Analyzing RFID Distance Bounding Protocols. Journal of Computer Security, August 2010.
- Srdjan Capkun, Jean-Pierre Hubaux, Secure positioning in wireless networks, IEEE Journal on Selected Areas in Communications: Special Issue on Security in Wireless Ad Hoc Networks, February 2006.
- Gerhard Hancke, Markus Kuhn: An RFID distance-bounding protocol. Proceedings SecureComm 2005.
- Srdjan Capkun, Levente Buttyán and Jean-Pierre Hubaux, SECTOR: Secure Tracking of Node Encounters in Multi-hop Wireless Networks. Proceedings of the ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN), 2003.
- Stefan Brands, David Chaum: Distance-bounding protocols (extended abstract). Proceedings Eurocrypt '93.