Realization of RF Distance Bounding

Kasper Bonne Rasmussen

Department of Computer Science

ETH Zurich

8092 Zurich, Switzerland

kasperr@inf.ethz.ch

Srdjan Capkun

Department of Computer Science

ETH Zurich

8092 Zurich, Switzerland

capkuns@inf.ethz.ch

AbstractOne of the main obstacles for the wider deploymentof radio (RF) distance bounding is the lack of plat-forms that implement these protocols. We addressthis problem and we build a prototype system thatdemonstrates that radio distance bounding protocolscan be implemented to match the strict processingthat these protocols require. Our system implementsa prover that is able to receive, process and transmitsignals in less than 1ns. The security guarantee thata distance bounding protocol built on top of this sys-tem therefore provides is that a malicious prover can,at most, pretend to be about 15cm closer to the ver-ifier than it really is. To enable such fast processingat the prover, we use specially implemented concate-nation as the prover’s processing function and showhow it can be integrated into a distance boundingprotocol. Finally, we show that functions such asXOR and the comparison function, that were used ina number of previously proposed distance boundingprotocols, are not best suited for the implementationof radio distance bounding.

1 Introduction

Distance bounding denotes a class of protocols inwhich one entity (the verifier) measures an upper-bound on its distance to another (untrusted) entity(the prover). In recent years, distance bounding pro-tocols have been extensively studied: a number ofprotocols were proposed [3, 13, 10, 19, 30, 15, 25,17, 12, 29] and analyzed [8, 26, 11, 23]. The use ofdistance bounding was suggested for secure localiza-tion [28], location verification [25], wormhole detec-tion [16, 27], key establishment [22, 32] and accesscontrol [22].Regardless of the type of distance bounding pro-

tocol, the distance bound is obtained from a rapidexchange of messages between the verifier and the

prover. The verifier sends a challenge to the prover,to which the prover replies after some processingtime. The verifier measures the round-trip time be-tween sending its challenge and receiving the replyfrom the prover, subtracts the prover’s processingtime and, based on the remaining time, computesthe distance bound between the devices. The veri-fier’s challenges are unpredictable to the prover andthe prover’s replies are computed as a function ofthese challenges. In most distance bounding proto-cols, a prover XORs the received challenge with alocally stored value [3] or uses the received challengeto determine which of the locally stored values it willreturn [13, 29]. Thus, the prover cannot reply to theverifier sooner than it receives the challenge, it canonly delay its reply. The prover, therefore, cannotpretend to be closer to the verifier than it really is;only further away.

One of the main assumptions on which the secu-rity of distance bounding protocols relies is that thetime that the prover spends in processing the veri-fier’s challenge is negligible compared to the propa-gation time of the signal between the prover and theverifier. If the verifier overestimates the prover’s pro-cessing time (i.e., the prover is able to process signalsin a shorter time than expected), the prover will beable to pretend to be closer to the verifier. If the ver-ifier underestimates this time (i.e., the prover needsmore time to process the signals than expected), thecomputed distance bounds will be too large to beuseful.

The challenge in implementing distance boundingprotocols is therefore to implement a prover that isable to receive, process and transmit signals in negli-gible time. This requirement can be easily met withultrasonic distance bounding implementations wherethe prover’s processing needs to be in the order ofµs. However, because ultrasonic distance bound-ing is vulnerable to RF wormhole attacks [16, 27],

1

its application is limited to few specific applications(e.g., [22]). For most applications, radio distancebounding is the main viable way of verifying prox-imity to or a location of a device. In this case, theprover’s processing time needs to be about 1ns whichwould, in the worse case, allow a malicious proverto pretend to be closer to the verifier by approx.15cm (assuming that the malicious prover is able toprocess signals instantaneously). Currently availableplatforms do not support such fast processing. Thisstrict processing requirement has been, so far, one ofthe main obstacles for the wider deployment of RFdistance bounding protocols and related solutions.

In this work, we address this problem. We makethe following contributions. We build a prototypesystem that demonstrates that radio (RF) distancebounding protocols can be implemented to matchthe prover’s strict processing requirements (i.e., thatthe prover’s processing time is below 1ns). We useconcatenation as the prover’s processing functionand implement it using a scheme that we call Chal-lenge Reflection with Channel Selection (CRCS).Our implementation eliminates the need for signalconversion and demodulation since it does not re-quire that the received challenges are interpreted bythe prover before the prover responds to them. Ourprover is therefore able to receive, process and trans-mit signals in less than 1ns. We design a distancebounding protocol that uses concatenation, imple-mented with CRCS, as the prover’s processing func-tion and we analyze its security; we base this proto-col on Brands and Chaum’s original distance bound-ing protocol [3].

We further show that processing functions such asXOR and the comparison function, that were usedin a number of proposed distance bounding proto-cols, are not best suited for the implementation ofradio distance bounding. The main reason is that,although XOR and comparison can be executed fast,these functions require that the radio signal that car-ries the verifier’s challenge is demodulated, which,with today’s state-of-the-art hardware, results inlong processing times (typically ≥ 50ns). The de-sign and implementation of the distance boundingprotocol based on concatenation shows that the useof functions which require that the prover demod-ulates (interprets) the verifier’s challenge before re-sponding to it is not necessary for the implementa-tion of distance bounding.

To our knowledge this work is the first to proposea realizable distance bounding protocol using radiocommunication, with a processing time at the proverthat is low enough to provide a useful distance gran-ularity.

The rest of the paper is organized as follows. InSection 2 we describe the basic operation of distancebounding protocols. In Section 3, we discuss prover’sprocessing functions and their appropriateness forthe implementation of radio distance bounding. InSection 4 we describe the design of our distancebounding protocol and in Section 5 we analyze itssecurity. In Section 6 we present our implementa-tion and our measurement results. In Section 7 wediscuss related work and we conclude in Section 8.

2 Background on Distance Bounding

Protocols

Distance bounding protocols were first introducedby Brands and Chaum [3] for the prevention ofmafia-fraud attacks on Automatic Teller Machines(ATMs). The purpose of Brands and Chaum’s dis-tance bounding protocol was to enable the user’ssmart-card (verifier) to check its proximity to thelegitimate ATM machine (prover).The core of all distance bounding protocols is the

distance measurement phase (shown in Figure 1),wherein the verifier measures the round-trip timebetween sending its challenge and receiving the re-ply from the prover. More precisely, the verifierchallenges the prover with a b-bit freshly generatednonce Nv (typically b = 1). Upon reception of thechallenge, the prover computes a response fP (Nv),and sends it to the verifier. This process is repeatedk times. After the challenge-response exchange theverifier verifies the authenticity of the replies (in thisstep distance bounding protocols differ) and mea-sures the time tVs − tVr between the challenge andthe response. Based on the measured times, the ver-ifier estimates the upper-bound on the distance tothe prover. The time tPs − tPr between the recep-tion of the challenge and the transmission of the re-sponse at the prover is either negligible compared tothe propagation time tPr − tVs or is lower bounded bythe prover’s processing and communication capabil-ities δ, i.e., tPs − tPr ≥ δ.After the execution of a distance bounding pro-

tocol the verifier knows that the prover is within acertain distance, namely:

dist =tVs − tVr − δ

2· c

where δ is the processing time of the prover (ideally0) and c is the propagation of the radio signal.Although the designs of distance bounding pro-

tocols differ [3, 13, 10, 19, 30, 15, 25, 17, 12, 29],given their common distance measurement phase,

2

P V

Nv[1], . . . , Nv[k] ∈ 1, 0b

(tPr1) Nv[1]oo (tVs1)

(tPs1) f(Nv[1]) // (tVr1) Nv[1]′ ← f(Nv[1])

...(tPrk) Nv[k]oo (tVsk)

(tPsk) f(Nv[k]) // (tVrk) Nv[k]′ ← f(Nv[k])

Verify Nv[1]′, . . . , Nv[k]

′

Compute db(V ,P ) as a function of tVs1 . . . tVsk, t

Vr1 . . . t

Vrk

Figure 1: The distance measurement phase of distance bounding protocols consists of a rapid exchange ofmessages where the verifier measures the round-trip time between sending its challenges and receiving thereplies from the prover.

their security relies on the same underlying ideas.We briefly summarize them here. Distance fraud at-tacks [3], in which the prover tries to pretend to becloser to the verifier, are prevented by the follow-ing: (i) the prover cannot generate the reply beforeit receives the challenge and (ii) the duration of timethe verifier accounts that the prover will process thereply is not longer than the prover’s actual process-ing time. The Mafia-fraud (or man-in-the-middle -MITM) attack [9], by which an attacker convincesthe verifier that the prover is closer than it reallyis, is prevented since the attacker cannot predict ex-changed challenges/replies and since it cannot sped-up the propagation of messages (the messages prop-agate at the speed of light over a radio channel).Given this, the attacker cannot shorten the distancemeasured between the verifier and the prover.

Distance bounding protocols therefore provide theverifier with an upper-bound on its physical distanceto the prover.

3 Functions Appropriate for Distance

Bounding Realization

As discussed in Section 2, one of the main assump-tions on which the security of distance boundingprotocols relies is that the time that the prover isallowed to spend in processing the verifier’s chal-lenge is negligible compared to the propagation timetPr − tVs of the signal between the prover and the ver-ifier. In most applications, the prover’s processingtime would therefore need to be around 1ns. Thiswould, in the worse case, allow a malicious prover topretend to be closer to the verifier by approx. 15cm(assuming that the malicious prover is able to pro-cess signals instantaneously). Such short processingtime cannot be achieved with existing platforms.

The main challenge is therefore to design dis-tance bounding protocols which use prover process-ing functions f(Nv) that can implemented such thatthey can be executed in ≤ 1ns. Before presenting afunction that is well suited for this purpose, we firstdiscuss functions that were used in distance bound-ing protocols that are proposed in the open litera-ture.

The first (obvious) candidate processing functionsare various encryption functions, hash functions,message authentication codes and digital signatures;the use of digital signatures for this purpose was pro-posed by Beth and Desmedt in [1]. The use of suchfunctions would largely simplify the design of dis-tance bounding protocols; it would be sufficient touse well studied challenge-response authenticationprotocols [2] where the verifier would measure theround-trip time between the issued challenge and thereceived response. However, the processing time forthese functions even with the fastest available im-plementations by far exceeds the required processingtime.

In [3] Brands and Chaum proposed a distancebounding protocol that uses XOR as a processingfunction. In this protocol the prover XORs the ver-ifiers challenge with the value that the prover wantsto transmit back and sends the result back to theverifier. The main reasoning behind this choice wasthat XOR is a fast operation and that it should befeasible to execute it within the required process-ing time. Hancke and Kuhn [13] propose a distancebounding protocol where the prover, based on theverifier’s challenge chooses from which of the two lo-cal registers it should send a value back. Again, oneof the main reasons for choosing this function wasthat such a function (comparison and access) can beexecuted fast.

3

Although XOR and comparison can be executedfast, these functions require that the radio signalthat carries the verifier’s challenge is converted froman analog to a digital signal (ADC) and demodu-lated. Only when it is demodulated, the challengecan be used by the prover in an XOR function orfor the selection of the register. Equally, in or-der to communicate the reply back to the verifier,the prover needs to modulate the signal and con-vert it from the digital to the analog signal (DAC).These steps, signal detection, ADC/DAC conversionand signal modulation/demodulation, increase theprovers processing delay by approx. 170ns [24], notincluding possible RX/TX switching costs1. The im-plementations of an XOR or of a comparison func-tion that require the signals to be digitalized and de-modulated therefore require such processing which,using today’s state-of-the-art hardware, is not suf-ficiently fast to meet the security requirements ofdistance bounding protocols. Even if some process-ing steps can be sped-up or removed, the prover willstill need a way of (reliably) detecting if it receiveda challenge that corresponds to a bit ”0” or a bit”1”, which requires some processing and thus reducesthe security guarantees of the protocol. Namely,every nanosecond of additional processing in theimplementation of the prover means that a mali-cious prover with a faster implementation shortenthe measured distance even further.

In what follows, we show that the choice of a con-catenation function as the prover’s processing func-tion, when implemented using a scheme that we callChallenge Reflection with Channel Selection (CRCS)eliminates the need for signal conversion and demod-ulation since it does not require that the receivedchallenges are interpreted by the prover before theprover responds to them. The prover, implementedusing CRCS is therefore able to receive, process andtransmit signals in less than 1ns.

3.1 Prover: Concatenation Imple-

mented using Challenge Reflec-

tion With Channel Selection

In this section we describe our implementation ofconcatenation as the prover’s processing function.

Bit concatenation CAT : Np[i] × Nv[i] → r[i] =Nv[i]||Np[i] takes as input the verifier’s challenge bitNv[i] and the prover’s input bit Np[i] and returns atwo-bit reply r[i] = Nv[i]||Np[i]. CAT is therefore

1We are not aware of the radio design that can performthese operations faster.

Figure 2: The verifier measures the time betweensending a challenge signal c(t) and receiving the re-ply signal r(t) = r1(t)+ r2(t). If c(t) = r(t), the dis-tance bound to the prover is then given by (tr−t0)·c,where c is the speed of light.

given by the following table.

CAT :Np[i]\

Nv [i] 0 10 00 101 01 11

3.2 Verifier: Calculation of the Dis-

tance Bound

In order for concatenation to be useful for dis-tance bounding, we implement it by Challenge Re-flection with Channel Selection. Our implemen-tation uses three (non-overlapping) communicationchannels. The verifier sends its challenge bits tothe prover using one communication channel (C0),whereas the prover replies using two communicationchannels (C1, C2) (Figure 2). While it is receivingthe verifier’s challenge bit (i.e., the signal that en-codes it), the prover is responding with the samesignal (bit), but it is sending it on either channel C1

or channel C2, depending on its current input bitNp[i]. For every challenge bit that it received fromthe verifier, the prover therefore transmits two bitsof the reply back to the verifier, encoded in the formof the signal (it reflect back the same signal that itreceived) and of the response channel (it chose thechannel on which to reply). The response r = 10 isthen interpreted as: the challenge bit 1 is reflectedon channel C1, where the channel C1 denotes bit 0,and channel C2 denotes bit 1). The prover thereforeimplements challenge reflection with channel selec-tion. Note that, although the prover replies with twobits for each challenge bit, the duration of transmis-sion of those two bits is the same as for a singlebit of the verifier’s challenge, since the second bit ofthe prover’s reply is encoded in the form of channelselection. This is illustrated on Figure 2.The schematic of our prover implementing CRCS

is shown on Figure 3. The figure shows the signal in

4

AB

CDEAFD

BEAFD

BFBB

DBF

Figure 3: Schematic of the prover (i.e., of the imple-mentation of concatenation as its processing func-tion using CRCS). The figure shows the signal inthe frequency domain at various stages of the cir-cuit. The challenge-signal (with center frequencyfc) is received by the receiving antenna (on the left)and multiplied by f∆. This multiplication shifts thesignal by ±f∆ to the channels on two sides of theoriginal channel. The bit of the prover’s nonce Np[i]determines which of the two channels is used to sendthe response on the transmitting antenna (on theright).

the frequency domain as it passes through variousstages of the prover’s circuit. The prover receivesthe challenge-signal (centered at the frequency fc)on the receiving antenna. The received signal is thenmultiplied by f∆ which creates two signals on twochannels each with central frequencies fc + f∆ andfc−f∆, respectively. The current bit of the prover’snonceNp[i] determines which of the two channels areused to send the response signal on the transmittingantenna. The verifier’s signal is thus reflected backon the channel selected by the prover. Here, theverifier’s challenge bit can be encoded in the chal-lenge signal using e.g., Pulse Amplitude Modulation(PAM) or Binary Phase Shift Keying Modulation(both of which are used with Ultra-Wide-Band rang-ing systems). The prover’s response carries two bits,one encoded in the signal that it sends back (thesame bit that it received by the verifier), and theother encoded in the channel on which it responds(i.e., Np[i]).

Here, signal multiplication and selection are doneusing analog components only. Namely, the chal-lenge signal passes through an analog mixer whereit is multiplied with a local oscillator signal with afrequency f∆. This mixer outputs two signals onfrequencies fc+f∆ and fc−f∆, which are separatedby a high-pass and a low-pass filter, respectively. Fi-nally, the Np[i] bit (which the prover have commit-ted to), determines which of the two signals will betransmitted back to the verifier.

Figure 2 shows the calculation of the distance

bound by the verifier (the signals are shown in thetime domain). The verifier notes the exact timet0 when it starts transmitting the challenge bitsNv[i], ...Nv[k] encoded in the signal r1(t), and thenlistens on the two reply channels C1 and C2 (thatcorrespond to the frequencies fc + f∆ and fc − f∆).When a reply comes back (e.g., on channel C1) theverifier will mark the exact time tr of the arrival ofthe signal. The verifier will then wait for the arrivalof the entire challenge, noting for every time slot onwhich channel the reply was sent. After the entirenonce has been received and processed by the radio,the verifier checks that the data bits in the reply arethe same as those sent in the challenge, i.e., thatc(t) = r1(t) + r2(t). If that is the case, the distancebound is then computed as (tr−t0) ·c, where c is thespeed of light. This bit comparison is important forthe security of our distance bounding protocol (aswe detail in Section 4); it can be efficiently done us-ing autocorrelation, which can then simultaneouslybe used to calculate the time difference (e.g., as it isused in GPS [20]).

4 Distance Bounding Realization

In this section we present our distance bounding pro-tocol and its realization. The protocol uses concate-nation implemented using CRCS as the prover’s pro-cessing function. The main security properties thatwe want our protocol to achieve are resilience to dis-tance fraud and Mafia fraud attacks.Our protocol is shown in Figure 4. It closely

resembles the original protocol of Brands andChaum [3], except that it does not use rapid bit ex-change, but instead uses full duplex communicationwith signal streams. XOR is replaced with the con-catenation function, and additional checks by theprover and the verifier are added to make sure theimplementation of concatenation using CRCS doesnot introduce vulnerabilities.The prover starts the protocol by picking a fresh

(large) nonce Np. The prover then sends a commit-ment to the nonce (e.g., a signed hash of the nonce)to the verifier. Already now, the prover will activateits distance bounding hardware and set the outputchannel according to the opposite of the first bit ofthe nonce Np. From this moment, any signal thatthe prover receives on channel C0 will be reflected onthe output channel that is set. However, the proverdoes not yet start switching between output chan-nels.Upon receiving the commitment, the verifier picks

a fresh (large) nonce Nv and prepares to initiate thedistance bounding phase in which it will measure

5

P (Prover) V (Verifier)Pick Np

sign(commit(Np))//

Pick Nv

r ← CRCS(Nv, Np)

Nv

r

// Record ∆t

N ′

p ← channel(r)

sign(V,Np,Nv)//

Verify ∆t, Nv, Np, sign(V,Np, Nv)

Figure 4: RF distance bounding protocol.

the distance bound to the prover. The verifier startsa high precision clock to measure the (roundtrip)time of flight of the signal and begins to transmithis nonce Nv on channel C0. From this point on, theverifier will also listen on the two reply channels C1

and C2 and will keep listening on the two channelsuntil he either receives the expected response fromthe prover or until he detects an error and abortsthe protocol.

As soon as the prover receives (and demodulates)the first bit of Nv on C0, he starts switching re-ply channels according to the bits of his nonce Np.Here, we note that while the first few bits are beingdemodulated, the prover is still reflecting the input(challenge) bits, but he did not start the switch-ing of the channels (i.e., he did not start sendingback Np). The demodulation of the bits is not donewithin the distance bounding hardware (that we callthe distance bounding extension), but is done in theprover’s regular radio. It is not important how longit takes for the prover’s radio to demodulate thefirst bits, since the prover does not need to beginto switch the output channels within any predefinedtime (as long as the switching starts within the du-ration of Nv and allows the transmission of Np).Equally, the first part of Nv could be known andconstitute a public, fixed-length preamble upon thedetection of which the prover would start switchingthe channels (i.e., would start sending Np).

When the prover starts sending Np, he will sendthe bits of Np with a fixed frequency (e.g., ev-ery 500ms) by switching channels depending on thevalue of the current bit (Figure 2). In each interval,the prover will therefore reflect back several bits ofNv and a single bit of Np. The bit of Np is encodedin the choice of the reply channel. The prover will,in parallel, also receive the challenge on channel C0

using his regular radio and will demodulate it.

When the verifier has sent all the bits of his nonce,he waits for the prover to complete the reflection of

the signal and then both the prover and verifier dis-able their distance bounding extensions. The ver-ifier can then use an auto-correlation detector likethe ones used in GPS receivers [20] to determine theexact time of flight of the reflected signal. This canalso be done during the distance bounding phase,i.e., in parallel to the analog distance bounding cir-cuit.After the (time-critical) distance bounding phase

is complete the prover sends a signed message con-taining his nonce Np, the identity of the verifier V

and the verifier’s nonce Nv to the verifier. The ver-ifier must then check five things:

• That all the bits of Np reflected by the proverare of the same width (time duration). Thisis necessary to prevent mafia fraud and is de-scribed in more detail in Section 5.3.

• The data that was reflected back from theprover must be exactly the same as what wassent. I.e., when the signal r(t) = r1(t) + r2(t)is demodulated, the message must contain Nv.This is visualized in Figure 2.

• The value of N ′

p obtained during the distancebounding phase must match the commitmentsent in the first protocol message.

• The signature of the final message must be validand it must correspond to the expected identityof the prover.

• The time of flight of the signal ∆t must be lessthan some predefined upper limit tmax. Theupper limit is application dependent. E.g., itcan be the radius of some region of interest, or itcan be the (estimated) maximum transmissionrange of the radio.

The order is which these checks are performed isnot important but all checks must pass for the dis-tance bound to be accepted. If all the checks pass,

6

the verifier calculates the distance to the prover as

d =∆t− δp

2· c (1)

Where c is the speed of light and δp is the very smallprocessing delay of the prover. In our implementa-tion δp < 1ns resulting in a maximum error on about15cm.

5 Security Analysis

In this section we analyze the resistance of our pro-tocol to distance fraud and mafia fraud, as well asattacks against CRCS.

5.1 System And Attacker Model

We consider three nodes, the prover P , the verifierV and the attacker M . The goals for the three par-ticipants are as follows: the verifier wants to acquirean upper bound on the distance to the prover, i.e.,the verifier wants to know that the prover is closerthan a certain distance. The prover wants to proveto the verifier that he is within a certain distance.The goal of the attacker is to disrupt this processsuch that the verifier obtains an incorrect distancebound. The verifier holds an authentic public keyof the prover. The attacker and the prover do notcollude. The attacker corresponds to the standardDolev-Yao attacker that controls the network andthus can eavesdrop on all the communication be-tween the prover and the verifier, can arbitrary in-sert and remove messages to/from the communica-tion channel. She is equally free to transmit nonsen-sical signals. The attacker knows the public param-eters of the distance bounding protocol and the typeof hardware used by the nodes and thus the process-ing times of the prover’s and verifier’s radios. She isonly limited by the fact that it does not have accessto the secrets that are held by the prover and theverifier and cannot break cryptographic primitives.

We consider two attacks: Distance fraud, wherethe prover tries to shorten the measured distancebound, and Mafia fraud where the attacker tries toshorten the bound (but does not collude with theprover). We show that our protocol resists bothattacks. There is a third type of attack in whichthe attacker colludes with the prover and has accessto some, but not all, of the secret key material ofthe prover (e.g., only nonces and short-term secrets).This attack is often called the terrorist attack. Wedo not specifically address terrorist attacks, but ithas been shown [4] that if needed, distance bound-

ing protocols can be extended to generally protectagainst this attack.

5.2 Distance Fraud

Distance fraud is an attack performed by a maliciousprover and consists of the prover trying to shortenthe distance measured by the verifier.

The verifier uses equation (1) to calculate the dis-tance to the prover. For the prover to “shorten”the distance to the verifier (without actually mov-ing closer) he must manipulate the verifiers calcula-tion and the only thing the prover can influence is∆t. For the prover to reduce the ∆t measured bythe verifier, thereby reducing the distance, he mustmake his replies arrive at the verifier sooner thanthey otherwise would, i.e., he must guess the correctreply (i.e., guess the challenge) and send it beforethe verifier expects. In our protocol, the reply whichthe prover must send back is the signal he receiveson channel C0. In order to do this, the prover mustguess the content of the challenge signal since thecontent of the reply is checked by the verifier as apart of the verification process. The content of thechallenge is Nv and the probability of successfullyguessing that is given by 1

2|Nv| .

Attacks that rely on manipulation of the modula-tion scheme, e.g., “late commit”attacks described byHancke and Kuhn [14] will not work on this protocolbecause the verifier uses auto-correlation to find theexact time-of-flight of the signal (as it is done in GPSreceivers [20]) rather than using a peak or energy de-tector. This means that any manipulation done to,say, the first symbol of the response will not have anyeffect unless all subsequent symbols are also shiftedforward. This would require the malicious prover toguess all the symbols in advance and can thereforeonly be done with negligible probability of 1

2|Nv| .

The same argument applies to attacks where theprover tries to guess the first bit of the nonce [8].Because the prover doesn’t store and forward thenonce, but instead must reflect it directly, the proverwould have to guess all the bits of the verifier’s nonceto perform the attack. We can therefore concludethat the prover can commit distance fraud only withprobability 1

2|Nv| .

5.3 Mafia Fraud

Mafia fraud is an attack performed by an externalattacker that physically resides closer to the verifierthan the prover. The attack aims to make one ofthe parties (either the prover or the verifier or both)believe that the protocol was successfully executed

7

when, in fact, the attacker shortened the distancemeasurement. The requirement that the attacker becloser to the verifier than the prover is only necessarybecause, if the attacker is further away the attack istrivially defeated by the protection against distancefraud attacks.

In order for an external attacker to shorten the dis-tance measured by the verifier, the attacker must re-spond before the prover during the distance bound-ing phase. However, because of the checks performedby the verifier at the end of (or during) the distancebounding phase, it is not sufficient to just reply be-fore the prover, the attacker must also make thevalue of his nonce match the commitment sent bythe prover in the beginning of the protocol. Sincethe attacker can not find a nonce to match the com-mitment sent by the prover, e.g., find a collision forthe hash function used to generate the commitment,the attacker is forced to replace the provers com-mitment with his own, thereby passing the commit-ment check. However, the attacker cannot fake theprover’s signature in the final message so he cannotconfirm the nonce.

The attacker can get the prover to reply beforethe prover receivesNv, e.g., by sending his own earlysignal to the prover, however, this will result in theprover getting N ′

v 6= Nv which will be detected bythe verifier in the final message. This assumes thatany malicious change to the signal will result in achange in the demodulated nonce Nv. If that can-not be guarantied, e.g., because of the sample rate atthe prover or the modulation scheme used for com-munication, the prover can record the raw incomingsignal and send it back to the verifier. The verifiercan then, e.g., use autocorrelation to make sure thesignal received by the prover is the same as what theverifier sent.

We can therefore conclude that an attacker canonly commit mafia fraud if he can break, either thecommitment scheme or the signature scheme used inthe protocol.

Because of the way the distance bounding radioextension is designed it is possible for an attackerto get the current bit of the provers nonce. As ex-plained in Section 3.1, the prover’s radio extensionwill shift any signal that arrives on the center chan-nel to either channel C1 or channel C2 depending onthe current bit of the provers nonce. An attackercan exploit this to get the current bit of the prover’snonce without the prover’s knowledge. If the at-tacker sends a very weak signal, e.g., a DSSS [21]signal with a spreading code known only to the at-tacker, the attacker can determine what channel theresponse is sent back on, and therefore the current

Figure 5: Man in the middle attack (Mafia fraud).The figure shows the timing of the messages sent bythe verifier (V), the attacker (M) and the prover (P).Even if the attacker is able to learn the value of thefirst bit on the prover’s nonce, the attack will failbecause the attacker is forced to make the first bitlonger than the subsequent bits if he wants to replyearly.

bit of the prover’s nonce. Unless this is prevented,the attacker can use this information to perform asuccessful mafia fraud attack.

In order to prevent this attack the prover mustmake sure not to expose all the bits of his noncebefore they are needed. There are two ways thiscan be ensured: Either the prover must only en-able his distance bounding hardware once he is surethat the verifier has started his transmission or hemust make sure that his reply bits (of Np) are of ex-actly the same duration. Of course the time durationmust also be known and later checked by the veri-fier. Our protocol uses the second method. Figure 5illustrates how this measure prevents the attack. Inthe example of this figure the attacker obtains thevalue of the first bit of the provers nonce, and usesit to reply early to the verifier’s challenge. However,because the prover doesn’t expose the second bit ofhis nonce until after the duration of the first bit hasexpired, the attacker is forced to make the first bit’too long’, thus getting detected.

In order to perform this attack, the attacker wouldneed to guess all the bits of Np, which she can doonly with the probability 1

2|Np| .

6 Implementation and

Measurements

In this section, we describe our implementation ofthe prover and the related measurement results.

Our prototype can be seen on Figure 6. The cen-tral part of the prototype is the mixer (1) whichis responsible for shifting the received challenge upand down in frequency. The signal from the receiv-ing antenna comes in from the right (A) and passes

8

Figure 6: This picture shows the prototype imple-mentation of the prover. It consists of a mixer (1), ahigh-pass filter (2), a low-pass filter (3), four ampli-fiers (4) (only two visible), a 1dB attenuator (5) anda terminating resistor (6). The signal from the re-ceiving antenna (A) is mixed with the local oscillator(B) and sent to the transmitting antenna (C). Theyellow wires are power (+5V). This prototype is animplementation of the scheme described in Figure 3.

through four amplifiers (4) to bring it up to a powerlevel where is can be mixed by our mixer. The lo-cal 500MHz sine wave used for the mixing, comesin from the bottom of the figure (B) and is passedthrough a 1dB attenuator (5) to bring it to the samelevel as the radio signal before mixing. The output ofthe mixer is split in two and each is passed througheither a high-pass filter (2) or a low-pass filter (3) toeliminate the unwanted channel. In this prototypewe did not implement the switching mechanism. In-stead channel C2 is fed directly to the transmissionantenna (C). In order for the signal to split properly,both sides must have a similar load. for this reasonwe added a 50Ω resistor (6) to terminate the unusedchannel C1. The implementation of the switchingmechanism can be done using a simple transistorbased switch. We note, that the switch can onlymarginally increase the processing delay since, onceset to a particular channel, the switch essentiallyacts as a piece of very short wire connecting thesetup to the antenna. This prototype is an imple-mentation of the scheme described in Figure 3.

6.1 Delay At The Prover

We first wanted to see if our prototype implementa-tion could receive a signal, shift it to another channeland transmit it back to the verifier in ≤ 1ns.

In order to test this, we first transmit the chal-lenge and response signals through cables so as tobetter be able to control signal strength and reduce

0

0.2

0.4

0.6

0.8

1

1.2

1.4

1 2 3 4 5 6 7 8 9 10

Tim

e (

ns)

Measurements

Delay MeasurementsAverage

95% Confidence Interval

Figure 8: Processing time at the prover. The tendifferent delay measurements where done using ourmeasurement setup described in Section 6.1. Thefigure shows that the variation in processing time issmall (σ = 61.22ps) and that the average processingdelay is µ = 912.92ps. I.e., less than 1ns.

noise (later we show that the same setup works usingwireless communication as well). The challenge sig-nal sent on channel C0 is a 3.5GHz sine, modulatedby a 1Hz pulse so it is easy to see and capture thestart of a new“bit”. Our response signal is sent backon channel C2 at 4.0GHz (i.e., fc = 3.5GHz andf∆ = 0.5GHz). We generated the 3.5GHz challengeusing a function generator. The generated signal issplit by a power splitter and one end is fed, via a1 meter cable, into our prototype. The other endwas connected to a 40Gs/s oscilloscope, via another1 meter cable, to provide the ground truth signal towhich we compare the delay of our prototype. Be-cause both cables have the same length, the 3.5GHzsignal (the challenge) will arrive at the same timeat the oscilloscope and at the reception point of ourprototype. The output (the response) from the pro-totype is plugged directly into another input of thesame oscilloscope (keeping the signal path as shortas we could make it using this setup).

Figure 7(a) shows the two signals. The top (yel-low) signal is coming directly from the function gen-erator. It is an exact copy of the signal that arrivesat the input of our prototype (this signal arrivesat the oscilloscope and at the prototype input atthe same time). The bottom (green) signal is whatcomes out of our prototype implementation. It is a4.0GHz signal, i.e., the original signal shifted up by500MHz. We see that the difference in arrival timesbetween these two signals (i.e., the processing time ofthe prover) is 0.888ns. As described in Section 2 thedelay at the prover determines the theoretical advan-tage a powerful attacker might get. If we translate0.888ns into distance, the maximum theoretical dis-tance by which an attacker will be able to shortenits distance is about 12cm.

We repeated this measurement 10 times, using thesame setup. Figure 8 shows all 10 measured process-ing times along with their average value and a 95%

9

ABCDE

F

(a) Cable

ABCD

EFCCB

ABCD

FCBABCD

(b) Wireless

Figure 7: The delay of the prover’s distance bounding radio extension. The top signal is measured at thereception antenna of the provers radio and is transmitted on channel C0 at 3.5GHz. The bottom signal ismeasured at the transmission antenna and is being transmitted at the C2 channel at 4.0GHz. The delaybetween them, and thus the prover’s processing time is 0.888ns.

confidence interval. We see from the figure that theprocessing time of the prover is stable between 0.8nsand 1ns.

Note that if the same setup would have been im-plemented in an integrated circuit, the signal pathwould be a lot shorter and consequently the process-ing time would have been smaller. We therefore donot claim that our prototype is the best that can beachieved, rather it shows the processing time thatcan be achieved using standard SMA components.

6.2 Wireless Implementation

Since distance bounding protocols are primarily use-ful in wireless environments, in this section we showthat our prototype equally enables distance bound-ing using wireless communication (instead of wires).The basic construction of the prover is the same asin the wired setup, except that the prototype inputand output are connected to antennas. The functiongenerator that generates the verifiers signal and theoscilloscope used to measure the round trip time arelikewise connected to antennas.

The result of the wireless implementation can beseen in Figure 7(b). Unfortunately we had to useSMA cables of about 1m to connect the antennasbecause of the way the antennas are mounted. Inaddition there was about .1m between the transmis-sion antenna and the receiving antenna. This resultsin a delay introduced by the cables and the spacebetween the antennas referred to on Figure 7(b) as

“antenna cable delay”. The output of the prototypewas passed through a high-pass filter and the in-put passed through a low-pass filter to prevent thetransmitting antenna from feeding back into the re-ceiving antenna. The oscilloscope used to measurethe difference in arrival time also had filters to sepa-rate the ground truth signal, i.e., the signal comingdirectly from the function generator from the onebeing transmitted by the prototype. The filters al-lowed for a full duplex wireless channel to be createdbetween our wireless prototype and the function gen-erator and oscilloscope.It should be noted that the channel switching

mechanism of our prototype is ideal for a wireless im-plementation. Any wireless distance bounding pro-tocol needs more than one channel (i.e., full duplex)in order to reply as fast as possible. Encoding theprover’s reply in the choice of channel means thatthe solution is strait forward to apply without caus-ing interference between the prover and verifier.

7 Related Work

Distance bounding, as a concept, was first proposedby Brands and Chaum in [3] who introduced tech-niques enabling a verifier to determine an upper-bound on the physical distance to a prover (as sum-marized in Section 2). In addition, they consid-ered the case where the verifier also authenticatesthe prover in addition to establishing the distancebound.

10

Several optimizations and studies of distancebounding were subsequently proposed for wirelessnetworks, including [28, 30, 5] and for sensor net-works [18, 5, 27]. Distance bounding protocolshave also been proposed in other contexts, e.g., forRFIDs [13, 10, 19] and ultra wide band (UWB) de-vices [17, 12].In [23] the authors studied information leakage

in distance bounding protocols. A mutual distancebounding protocol using interleaved challenges andresponses was proposed in [31] and in [28] and [5]the authors investigated the use of distance bound-ing protocols for location verification and secure lo-calization. Sastry, Shankar and Wagner [25] pro-posed the so-called ”in-region verification” appropri-ate for certain applications, such as location-basedaccess control. Collusion attacks on distance bound-ing location verification protocols where consideredin [7, 6]. Ultrasonic distance bounding was used foraccess control [25] and for key establishment [32].In [22] ultrasonic distance bounding was further usedfor proximity based access control to implementablemedical devices. Other attacks have been pro-posed against distance bounding protocols in gen-eral. The so-called“late-commit”attacks where pro-posed in [14], where the attacker exploits the mod-ulation scheme in order to manipulate the distance.Bit guessing attacks [8] that accomplish the samething where also proposed. These attacks were fur-ther studied in practical implementations in [11].Until now, most of the work done in this field has

been theoretical. To our knowledge our work is thefirst to propose a realizable distance bounding pro-tocol using radio communication, with a processingtime at the prover that is low enough to provide auseful distance granularity.

8 Conclusion

We demonstrated that radio distance bounding pro-tocols can be implemented to match the strict pro-cessing that these protocols require (i.e., that theprover receives, processes and transmits signals in≤ 1ns). This can be achieved using a specially im-plemented concatenation as the prover’s processingfunction. Through this we showed that the use ofprocessing functions which require that the proverdemodulates (interprets) the verifier’s challenge be-fore responding to it, is not desirable or necessary fordistance bounding. Finally, we showed that otherprocessing functions such as XOR and the compari-son function, that were used in a number of proposeddistance bounding protocols, are not best suited forthe implementation of radio distance bounding.

References

[1] Thomas Beth and Yvo Desmedt. Identifica-tion tokens - or: Solving the chess grandmasterproblem. In CRYPTO ’90: Proceedings of the10th Annual International Cryptology Confer-ence on Advances in Cryptology, pages 169–177,London, UK, 1991. Springer-Verlag.

[2] Colin Boyd and Anish Mathuria. Protocols forauthentication and key establishment. Springer,1998.

[3] Stefan Brands and David Chaum. Distance-bounding protocols. In EUROCRYPT ’93,pages 344–359, Secaucus, NJ, USA, 1994.Springer-Verlag New York, Inc.

[4] Laurent Bussard and Walid Bagga. Distance-bounding proof of knowledge protocols to avoidterrorist fraud attacks. Technical report, Insti-tut Eurecom, France, 05 2004.

[5] Srdjan Capkun and Jean-Pierre Hubaux. Se-cure positioning of wireless devices with appli-cation to sensor networks. In IEEE INFOCOM,2005.

[6] Nishanth Chandran, Vipul Goyal, Ryan Mori-arty, and Rafail Ostrovsky. Position based cryp-tography. In CRYPTO ’09: Proceedings of the29th Annual International Cryptology Confer-ence on Advances in Cryptology, pages 391–407,Berlin, Heidelberg, 2009. Springer-Verlag.

[7] Jerry T. Chiang, Jason J. Haas, and Yih-ChunHu. Secure and precise location verification us-ing distance bounding and simultaneous multi-lateration. In ACM WiSec ’09, pages 181–192,New York, NY, USA, 2009. ACM.

[8] Jolyon Clulow, Gerhard P. Hancke, Markus G.Kuhn, and Tyler Moore. So near and yet sofar: Distance-bounding attacks in wireless net-works. In Proceedings of the European Work-shop on Security and Privacy in Ad-hoc andSensor Networks (ESAS), 2006.

[9] Yvo Desmedt. Position statement in rfid s&ppanel: From relative security to perceived se-cure. In Financial Cryptography, pages 53–56,2007.

[10] Saar Drimer and Steven J. Murdoch. Keepyour enemies close: Distance bounding againstsmartcard relay attacks. In Proceedings of theUSENIX Security Symposium 2007, 2007.

11

[11] Manuel Flury, Marcin Poturalski, Panos Pa-padimitratos, Jean-Pierre Hubaux, and Jean-Yves Le Boudec. Effectiveness of Distance-Decreasing Attacks Against Impulse RadioRanging. In 3rd ACM Conference on WirelessNetwork Security (WiSec), 2010.

[12] S. Gezici, Zhi Tian, G.B. Giannakis,H. Kobayashi, A.F. Molisch, H.V. Poor,and Z. Sahinoglu. Localization via ultra-wideband radios: a look at positioning aspectsfor future sensor networks. Signal ProcessingMagazine, IEEE, 22(4):70–84, July 2005.

[13] Gerhard P. Hancke and Markus G. Kuhn.An rfid distance bounding protocol. In Se-cureComm ’05: Proceedings of the First Inter-national Conference on Security and Privacyfor Emerging Areas in Communications Net-works, pages 67–73, Washington, DC, USA,2005. IEEE Computer Society.

[14] Gerhard P. Hancke and Markus G. Kuhn. At-tacks on time-of-flight distance bounding chan-nels. In WiSec ’08: Proceedings of the firstACM conference on Wireless net work secu-rity, pages 194–202, New York, NY, USA, 2008.ACM.

[15] Y.-C. Hu, A. Perrig, and D. B. Johnson. PacketLeashes: A Defense against Wormhole Attacksin Wireless Networks. In Proceedings of theIEEE Conference on Computer Communica-tions (InfoCom), San Francisco, USA, April2003.

[16] Yih-Chun Hu, Adrian Perrig, and David B.Johnson. Ariadne: a secure on-demand rout-ing protocol for ad hoc networks. Wirel. Netw.,11(1-2):21–38, 2005.

[17] J.-Y. Lee and R.A. Scholtz. Ranging in a DenseMultipath Environment Using an UWB RadioLink. IEEE Journal on Selected Areas in Com-munications, 20(9), December 2002.

[18] Catherine Meadows, Paul Syverson, and LiWuChang. Towards more efficient distance bound-ing protocols for use in sensor networks. Se-curecomm, pages 1–5, Aug. 28 2006-Sept. 12006.

[19] Jorge Munilla, Andres Ortiz, and AlbertoPeinado. Distance bounding protocols withvoid-challenges for RFID. Printed handout atthe Workshop on RFID Security – RFIDSec 06,July 2006.

[20] National Space-Based Positioning, Navigation,and Timing Coordination Office. Global posi-tioning system. http://www.gps.gov/.

[21] Maxim Integrated Products. An introductionto direct sequence spread spectrum communi-cations. http://www.maxim-ic.com/, 2003.

[22] Kasper Bonne Rasmussen, Claude Castelluccia,Thomas S. Heydt-Benjamin, and Srdjan Cap-kun. Proximity-based access control for im-plantable medical devices. In CCS ’09: Proceed-ings of the 16th ACM conference on Computerand communications security. ACM, 2009.

[23] Kasper Bonne Rasmussen and Srdjan Capkun.Location privacy of distance bounding proto-cols. In CCS ’08: Proceedings of the 15th ACMconference on Computer and communicationssecurity, pages 149–160, New York, NY, USA,2008. ACM.

[24] Qingchun Ren and Qilian Liang. Throughputand energy-efficiency-aware protocol for ultraw-ideband communication in wireless sensor net-works: A cross-layer approach. IEEE Transac-tions on Mobile Computing, 7:805–816, 2007.

[25] Naveen Sastry, Umesh Shankar, and DavidWagner. Secure verification of location claims.InWiSe ’03: Proceedings of the 2nd ACM work-shop on Wireless security, New York, NY, USA,2003. ACM.

[26] Patrick Schaller, Benedikt Schmidt, DavidBasin, and Srdjan Capkun. Modeling and veri-fying physical properties of security protocolsfor wireless networks. In CSF ’09: Proceed-ings of the 2009 22nd IEEE Computer SecurityFoundations Symposium, pages 109–123, Wash-ington, DC, USA, 2009. IEEE Computer Soci-ety.

[27] S. Sedighpour, S. Capkun, S. Ganeriwal, andM. Srivastava. Implementation of attacks onultrasonic ranging systems, nov 2005.

[28] D. Singelee and B. Preneel. Location verifica-tion using secure distance bounding protocols.In Mobile Adhoc and Sensor Systems Confer-ence, 2005. IEEE International Conference on,Nov. 2005.

[29] Nils Ole Tippenhauer and Srdjan Capkun. Id-based secure distance bounding and localiza-tion. In In Proceedings of ESORICS (EuropeanSymposium on Research in Computer Security),2009.

12

[30] S. Capkun, L. Buttyan, and J.-P. Hubaux.SECTOR: Secure Tracking of Node Encountersin Multi-hop Wireless Networks. In Proceed-ings of the ACM Workshop on Security of AdHoc and Sensor Networks (SASN), Washing-ton, USA, October 2003.

[31] Srdjan Capkun, Levente Buttyan, and Jean-Pierre Hubaux. Sector: secure tracking of nodeencounters in multi-hop wireless networks. InACM SASN ’03, pages 21–32, New York, NY,USA, 2003. ACM.

[32] Srdjan Capkun and Mario Cagalj. Integrity re-gions: authentication through presence in wire-less networks. In WiSe ’06: Proceedings of the5th ACM workshop on Wireless security, pages1–10. ACM, 2006.

13