Distance-bounding Protocol

Distance bounding protocols are cryptographic protocols that enable a verifier V to establish an upper bound on the physical distance to a prover P.

They are based on timing the delay between sending out challenge bits and receiving back the corresponding response bits. The delay time for responses enables V to compute an upper-bound on the distance, as the round trip delay time divided into twice the speed of light. The computation is based on the fact that electro-magnetic waves travel nearly at the speed of light, but cannot travel faster.

Distance bounding protocols can have different applications. For example, when a person conducts a cryptographic identification protocol at an entrance to a building, the access control computer in the building would like to be ensured that the person giving the responses is no more than a few meters away.

RF Implementation

The distance bound computed by a radio frequency distance bounding protocol is very sensitive to even the slightest processing delay. This is because any delay introduced, anywhere in the system, will be multiplied by approximately 299,792,458 m/s (the speed of light) in order to convert time into distance. This means that even delays on the order of nanoseconds will result in significant errors in the distance bound (a timing error of 1 ns corresponds to a distance error of 15 cm).

Because of the extremely tight timing constraints and the fact that a distance bounding protocol requires that the prover apply an appropriate function to the challenge sent by the verifier, it is not trivial to implement distance bounding in actual physical hardware. Conventional radios have processing times that are orders of magnitudes too big, even if the function applied is a simple XOR.

In 2010, Rasmussen and Capkun devised a way for the prover to apply a function using pure analog components. The result is a circuit whose processing delay is below 1 nanosecond from receiving a challenge till sending back the response. This processing delay translates into a maximum potential distance error of 15 cm.

In 2015, the same protocol was modified, prototyped and practically evaluated for ten indoor and outdoor locations. The authors modified the originally devised protocol from "channel selection" to "polarization selection" which economizes the whole design in terms of energy, spectrum and hardware. They also proposed a scheme for device synchronization in a passive but secure way. Furthermore, authors took noise analysis into account and calculated bit error rate during their experiments while estimated the protocol failure, false-acceptance and false-rejection probabilities for their protocol.

References

{{More footnotes, date=July 2015
* Ioana Boureanu, Aikaterini Mitrokotsa, Serge Vaudenay
Practical & Provably Secure Distance-Bounding
Proceedings of the Information Security Conference (ISC) 2013.
* Kasper Bonne Rasmussen, Srdjan Capkun
Realization of RF Distance Bounding
Proceedings of the USENIX Security Symposium, 2010
* Gildas Avoine, Muhammad Ali Bingöl, Süleyman Kardaş, Cédric Lauradoux and Benjamin Martin,
A Framework for Analyzing RFID Distance Bounding Protocols
Journal of Computer Security, August 2010.
* Srdjan Capkun, Jean-Pierre Hubaux
Secure positioning in wireless networks
IEEE Journal on Selected Areas in Communications: Special Issue on Security in Wireless Ad Hoc Networks, February 2006.
* Gerhard Hancke, Markus Kuhn
An RFID distance-bounding protocol
Proceedings SecureComm 2005.
* Srdjan Capkun, Levente Buttyán and Jean-Pierre Hubaux
SECTOR: Secure Tracking of Node Encounters in Multi-hop Wireless Networks
Proceedings of the ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN), 2003.

Cryptographic protocols