RFID Distance-Bounding: What is Wrong and How to Fix it

Radio Frequency Identification (RFID), the technology for contactless transmission of data between small devices and readers, penetrates more and more our daily life. The technology is nowadays used in passports, transponder keys, or logistics, usually as a mean to identify the tag to the reader. Security solutions for such devices are often vulnerable to so-called man-in-the-middle (MITM) attacks where an adversary tries to impersonate as the device by communicating with the actual RFID tag while talking to the reader, relaying the tag’s data to the reader. Such attacks have been reported in practice, e.g., for the HB protocol, for smartcards, and even for Passive Keyless Entry and Start (PKES) systems in cars [14]. Distance-bounding protocols aim at impeding such attacks by measuring response times: MITM attacks are supposed to take larger response times than executions with the actual tag. So far, many proposed protocols have later been broken, which we attribute to a lack of profound models and formal security claims. In this work we thus give an overview of distance-bounding RFID modeling and design issues. More concretely, we compare the two prominent models in [2,13], assessing how far the definitions capture the intuition behind them. Finally, we describe how to achieve distance bounding security, giving an overview of the techniques most often used in practice.