Beruflich Dokumente
Kultur Dokumente
Wei Xin, Tao Yang, Cong Tang, Jianbin Hu and Zhong Chen
MoE Key Lab of Network and Software Security Assurance
Peking University
Beijing, China
{xinwei, ytao, tangcong,hujb, chen} @infosec.pku.edu.cn
AbstractThis Radio Frequency Identification (RFID) systems
suffer from different security and privacy problems, among
which relay attack is a hot topic recently. A relay attack is a
type of attack related to man-in-the-middle and replay attacks,
in which an attacker relays verbatim a message from the
sender to a valid receiver of the message. The sender may not
be aware of even sending the message to the attacker. The
main countermeasure against relay attack is the use of distance
bounding protocols measuring the round-trip time between the
reader and the tag. In this paper, we consider a modification of
these protocols using `error state' which stands for the number
of response bit errors that have already occurred. We set a
maximal error number to prevent adversary from malicious
queries, we also apply a punishment mechanism for error
responding, which to my best knowledge is proposed at the
first time in distance bounding protocols, if the tag sends one
error bit, it should respond one more challenge bit to
successfully finish the protocol. By using error state and
punishment mechanism, the success probability for an
adversary to access to the system decreases. Finally, we use the
Hancke and Kuhn's protocol as a comparison, to show the
improvements achieved when different cases are analyzed.
moves between two grand masters; the person will either win
against one, or draw against both. Desmedt et al. [2] showed
how such relay attacks could be applied to security protocols,
in their paper relay attack was called mafia fraud.
RFID systems are vulnerable to relay attack where the
attacker relays communication between the reader and the
tag. It is difficult to prevent these attacks since the adversary
does not change any data between the reader and the tag.
Therefore, relay attacks cannot be prevented by
cryptographic protocols that operate at the application layer.
Relay attack is not only exist in RFID system, Drimer and
Murdoch described a relay attack against contact Chip-andPin smart cards in electronic payment system [3].
To deploy relay attack, an attacker needs a tag agent and
a reader agent not only with ability of a real tag and real
reader, but also with ability of transferring communications.
The relay channel between the tag agent and the reader agent
must have a long distance in order to relay information
without being detected. The relay attack setup is shown in
Figure 1. Relay module in the dashed rectangular is made up
of three parts, a tag agent, a reader agent and a relay channel.
The reader agent and the tag agent are placed near the real
tag and reader. Any information transmitted from the real
reader to the real tag is received by the tag agent and relayed
to the reader agent, which will transmit the information to
the real tag. The tag mistakes the reader agent as the real
reader and responds. Response is then relayed back passing
the reader agent and the tag agent to the real reader. The
reader is unable to distinguish between the real tag and the
tag agent and will therefore assume that the tag is in the near
field and associated with owner. A possible relay attack
setup using modified NFC devices was presented by Kfir, et
al. [4]. Gerhard Hancke successfully executed a relay attack
against an ISO 14443A contactless smart card, up to a
distance of 50m [5]. Lishoy Francis [6] describes a relay
attack implementation using legitimate peer-to-peer NFC
communication by installing suitable MIDlets on NFCenabled mobile phones.
I.
INTRODUCTION
436
Relay Module
Relay Channel
Tag
Relay Reader
Relay
Tag
Reader
437
III.
Figure 3. Brands and Chaums protocol
438
IV.
ANALYSIS
n 3
i ( 4 )
i 0
ni
1
( )i
4
(1)
n -1 i 3 n 1 i
( ) ( )
4
0
4
i
i
(2)
439
[2]
[3]
[4]
[5]
[6]
[7]
[8]
V.
[9]
CONCLUSION
[10]
[11]
[12]
[13]
[14]
[15]
[16]
REFERENCES
[17]
[1]
440
Y.Desmedt, Major security problems with the Unforgeable(Feige)Fiat-Shamir proof so fidentiy and how to overcome them, in
SecuriCom88, 1988, pp. 1517
S.Drimer and S.J.Murdoch, Youre your enemies close:distance
bounding against smart card relay attacks, in USENIX Security
Symposium,August2007, pp. 87102.
Z.Kr and A.Wool,Picking virtual pocket susing relay attacks on
contactlesss mart card systems,2005,pp.4758.
G.Hancke, A practical relay attack on iso14443 proximity cards,
Tech.Rep., 2005
L.Francis,G.P. Hancke, K.Mayes, and K.Markantonakis, Practical
NFC Peer-to-Peer Relay Attack using Mobile Phones,in Workshop
on RFID SecurityRFIDSec10, Istanbul, Turkey, June2010.
S.Brands and D.Chaum, Distance-bounding protocols (extended
abstract), in EUROCRYPT, 1993, pp. 344359.
G.Hancke and M.Kuhn, An RFID Distance Bounding Protocol, in
Conference on Security and Privacy for Emerging Areasin
Communication NetworksSecureComm2005, IEEE. Athens, Greece:
IEEE Computer Society, September 2005, pp. 6773.
K. B. Rasmussen and S.Capkun, Implications of radio nger printing
on the security of sensor networks,in PROCEEDINGS OF IEEE
SECURECOMM,2007.
Y.chun Hu, A.Perrig, and D. B. Johnson, Packetleashes:A defense
against wormhole attacks in wireless networks, 2001.
M.Kuhn, An asymmetric security mechanism forn a vigation
signals, in In Proceedings of the Information HidingWorkshop.
Springer, 2004,pp.239252.
T.Beth and Y.Desmedt, Identication to kens-or: Solving the chess
grandmaster problem,in CRYPTO, 1990, pp. 169177.
J. Munilla, A.Ortiz, and A.Peinado, Distance Bounding Protocols
with Void-Challenges for RFID, in Workshop on RFID Security
RFIDSec06. Graz, Austria: Ecrypt, July2006.
J. Reid, J. M. Nieto, T. Tang, and B.Senadji, Detecting relay attacks
with timing-based protocols,in Proceedings of the 2nd ACM Symposium
on
Information,
Computer
and
Communications
Security,2007,pp.204213.
G.Avoine, C. Floerkemeier, and B.Martin, RFID Distance Bounding
Multistate Enhancement,in Proceedings of the 10th International
Conference on Cryptology in IndiaIndocrypt2009, ser. Lecture
Notes in Computer Science, B. K.RoyandN. Sendrier,Eds., vol.5922.
NewDelhi, India:Springer, December2009,pp.290307.
Y. Niu, M. B. Nejad, H. Tenhunen, andL.- R.Zheng, Design of a
digital based and processor for uwb transceiver on rd tag,
Advanced InformationNetworking and Applications Workshops,
International Conference on,vol.2,pp.358361,2007.
P. Yu, P. Schaumont, and D.Ha, Securing RFID with UltraWideband Modulation, in Workshop on RFIDSecurity RFIDSec06.
Graz, Austria:Ecrypt,July2006.