Distance Hijacking Attacks on Distance Bounding Protocols

Cas CremersETH Zurich

Information Security groupZurich, Switzerland

cas.cremers@inf.ethz.ch

Kasper B. RasmussenUniversity of California, Irvine

Computer Science Dept.Irvine, California

kbrasmus@ics.uci.edu

Benedikt SchmidtETH Zurich

Information Security groupZurich, Switzerland

benschmi@inf.ethz.ch

Srdjan CapkunETH Zurich

Systems Security groupZurich, Switzerland

capkuns@inf.ethz.ch

Abstract—After several years of theoretical research ondistance bounding protocols, the first implementations of suchprotocols have recently started to appear. These protocols aretypically analyzed with respect to three types of attacks, whichare historically known as Distance Fraud, Mafia Fraud, andTerrorist Fraud.

We define and analyze a fourth main type of attack ondistance bounding protocols, called Distance Hijacking. Thistype of attack poses a serious threat in many practical scenarios.We show that many proposed distance bounding protocols arevulnerable to Distance Hijacking, and we propose solutions tomake these protocols resilient to this type of attack.

We show that verifying distance bounding protocols usingexisting informal and formal frameworks does not guaranteethe absence of Distance Hijacking attacks. We extend a formalframework for reasoning about distance bounding protocols toinclude overshadowing attacks. We use the resulting frameworkto prove the absence of all of the found attacks for protocolsto which our countermeasures have been applied.

Keywords-Distance bounding, location verification, positionverification, attacks, hijacking, multi-prover environment, for-mal model, formal verification

I. INTRODUCTION

By using distance bounding protocols, a device (theverifier) can securely obtain an upper bound on its distanceto another device (the prover). A number of distancebounding protocols were proposed in recent years [3], [5],[6], [13], [15], [16], [20]–[22], [24], [25], [27]–[29]. Theproposed protocols differ in terms of the performance andsecurity guarantees that they provide. So far, several distance-bounding protocols were implemented, some using digitalprocessing and short symbols [10], [17], whereas othersrely on analog processing and use signal streams (operatingsimilarly to radar systems) [24].

The security of distance-bounding protocols was so farmainly evaluated by analyzing their resilience to three typesof attacks. For historical reasons, these are known as DistanceFraud, Mafia Fraud and Terrorist Fraud. In Distance Fraudattacks, a sole dishonest prover convinces the verifier thathe is at a different distance than he really is. In Mafia Fraudattacks, the prover is honest, but an attacker tries to modifythe distance that the verifier establishes by interfering withtheir communication. In Terrorist Fraud attacks, the dishonestprover colludes with another attacker that is closer to the

verifier, to convince the verifier of a wrong distance tothe prover. So far, it was assumed that distance boundingprotocols that are resilient against these three attack typescan be considered secure.

However, we show that many of these protocols, irrespec-tive of their physical-layer implementation, and includingthe classical Brands and Chaum protocol [5] and the recentCRCS protocol [24], are vulnerable to attacks when usedin environments with multiple provers. We coin this type ofattack Distance Hijacking. In Distance Hijacking attacks, adishonest prover convinces the verifier that it is at a differentdistance than it actually is, by exploiting the presence of anhonest prover. For example, one of the ways in which thedishonest prover can achieve this is by hijacking the distancemeasurement phase of a distance bounding protocol froman honest (closer or further) prover. This type of attack canpose a serious threat in many practical scenarios.

Conceptually, Distance Hijacking can be placed betweenDistance Fraud and Terrorist Fraud. Unlike Terrorist Fraud,in which a dishonest prover colludes with another attacker,Distance Hijacking involves a dishonest prover interactingwith other honest provers. Unlike Distance Fraud attacks,which involve only a dishonest prover and a verifier, DistanceHijacking attacks additionally involve other honest provers.These differences have significant consequences. For example,the countermeasures proposed against Terrorist Fraud relyon the assumption that dishonest provers are not willingto share their keying material with other attackers. Suchcountermeasures will therefore not deter the dishonest proversfrom executing Distance Hijacking attacks that do not involveother attackers. Furthermore, Distance Hijacking can occureven in situations where Terrorist Fraud is not a concern.In fact, as we will show, protocols that are resilient againstthe three classical attack types may still be vulnerable toDistance Hijacking.

We define an exhaustive classification for attacks ondistance bounding protocols that includes Distance Hijacking.Our classification naturally leads to minor reformulations ofpreviously known attack types. Instead of using the traditionalattack names for our new definitions, we propose names thatare more descriptive and less generic.

We perform a case study of existing protocols. All distance

bounding protocols that were proposed in the last yearsroughly fall into two categories: those based on the Brandsand Chaum protocol, and those based on the Hancke andKuhn protocol. We show that all proposed protocols thatfollowed the structure proposed by Brands and Chaum arevulnerable to Distance Hijacking. Protocols that followed thestructure proposed by Hancke and Kuhn are less vulnerableto this type of attack. We propose two classes of effectiveand generic countermeasures that make Brands and Chaumand related protocols secure against Distance Hijacking inthe above scenario. Our countermeasures are inexpensive:the protocols can be repaired without introducing additionalmessages or cryptographic operations.

Remarkably, none of the existing frameworks for analyzingdistance bounding protocols (e. g., [2], [4], [11], [19], [26])guarantees the absence of our Distance Hijacking attacks,even if some instances of Distance Hijacking can be detectedusing some of those frameworks. We extend the formalframework of Basin et al. [4] to capture all known types ofDistance Hijacking attacks and use the resulting frameworkto analyze several protocols. The new framework enables usto model bit-level manipulations of messages by consideringovershadowing parts of a message [23], as well as flippingsome bits of a message. We use our framework to formallyprove for specific protocols that our fixes indeed prevent thefound attacks.

We show that all distance bounding protocols, includingthose based on the Hancke and Kuhn protocol, may bevulnerable to Distance Hijacking if run alongside anotherdistance bounding protocol. This can occur if more than onedistance bounding protocol is used in the same environment,i. e., a multi-protocol environment. In particular, some pro-tocols, when run by an honest prover, enable a dishonestprover (running, e. g., a Hancke and Kuhn protocol) to hijackthe distance of the honest prover. Such attacks can be seenas a variant of the Chosen Protocol Attack [14]. However,unlike Chosen Protocol attacks, our attacks do not require theprotocols to share any cryptographic material. We discussdesigns of distance bounding protocols that enable suchattacks and show how to mitigate these attacks.

Contributions: First, we identify Distance Hijackingas a threat for distance bounding protocols that are run inmulti-prover environments, whose absence is not guaranteedby existing frameworks. Second, we show that prominentdistance bounding protocols are vulnerable to DistanceHijacking and propose countermeasures. Third, we extend aformal framework for reasoning about Distance Boundingprotocols to model overshadowing attacks and use the result-ing framework to prove correctness of our countermeasuresfor specific protocols. Fourth, we address the security ofdistance bounding protocols in multi-protocol environmentsand propose mitigating measures. Finally, we generalizeDistance Hijacking to Location Hijacking, and show that it ispossible to hijack locations at which no other provers reside.

We proceed as follows. In Section II we provide backgroundon distance bounding protocols. In Section III we introduceDistance Hijacking attacks and analyze the resilience ofexisting distance bounding protocols against these attacks. Werelate the attacks to the classical attack types and provide anexhaustive classification. In Section IV we show how distancebounding protocols can be made resilient against DistanceHijacking. In Section V we present an extended formalframework and analyze a set of protocols. In Section VIwe analyze the resilience of distance bounding protocolsto Distance Hijacking in multi-protocol environments. Weintroduce the notion of Location Hijacking in Section VII,present the related work in Section VIII, and conclude inSection IX.

II. BACKGROUND

The goal of a distance bounding protocol is to enable averifier to establish an upper bound on its physical distance toa prover. As a running example, we consider the basic Brandsand Chaum protocol with signatures [5, p. 7], depicted inFigure 1. In the protocol, the prover P randomly generates(denoted by ∈R ) a bit string m1, . . . ,mk, and sends acommit of this value to the verifier V . Thus, although the bitstring is not revealed yet, V will be able to check whetherP indeed committed to this particular string when V learnsthe string later. The verifier then generates his own randombit string α1, . . . , αk, and initiates the so-called rapid bitexchange. In this exchange, bits are sent one-by-one, andthe prover has to respond as quickly as possible with theexclusive-or (⊕) of the challenge bit string α and his ownbit string. In the end, the verifier will derive an upper boundon the distance to the prover from the response times. Noticethat the prover can delay messages at will, making himselfappear farther away, but he cannot respond faster than whatis dictated by the time-of-flight of the messages. After thisphase, P concatenates the bits as c, and sends to V a means toopen the commit he sent earlier, as well as the concatenationc signed with his signature key. Upon receiving this finalmessage, V verifies that the commit previously sent by Pindeed matches with the response (by computing mi =αi ⊕ βi and opening the commit), concatenates the bits hehas observed, and compares them to the received signatureusing the public key of P .

Because the goal of a distance bounding protocol is toprovide a guarantee for the verifier V , V will never participatein an attack since that would mean V would be attackingitself. The attacker can of course pretend to be another verifierV ′, and abuse his location to attack the real verifier V .

As stated in the introduction, three different classesof attacks are traditionally considered in the analysis ofdistance bounding protocols: Distance Fraud, Mafia Fraudand Terrorist Fraud. All attacks that fall into one of thesethree classes have a similar goal, namely to make the verifierbelieve that the prover P is physically closer to the verifier

Prover

P

Verifier

V

mi ∈R {0, 1}

commit(m1| . . . |mk)

αi ∈R {0, 1}

αi

βi ← αi ⊕miβi

Rapid bit exchange

c← α1|β1| · · · |αk|βk

(open commit), sign(c)

Verify commitc← α1|β1| · · · |αk|βk

verify sign(c)

msc Signature-based Brands and Chaum protocol

Figure 1. Signature-based Brands and Chaum protocol.

V than it really is. The main difference between these attacksis in the parties that carry out the attack, and their mutualrelationships.

Mafia Fraud attacks, also called relay attacks, were firstdescribed by Desmedt [9]. In this type of attack, boththe prover P and verifier V are honest, and the attack isperformed by an external attacker A. The attacker attemptsto shorten the distance measured between the honest proverand the verifier. In Mafia Fraud attacks, the physical distancebetween the attacker and the verifier is typically small inorder for the attacker to be able to shorten the distance.

In a Distance Fraud attack, a dishonest prover P willtry to shorten the distance measured by the verifier V . Thistype of attack is executed by the dishonest prover P alone,without collusion with other (external) parties. An exampleof a Distance Fraud attack occurs if the protocol allows theprover to send his reply before receiving the challenge. Thisenables the prover to reply too early, thereby shortening thedistance measured by the verifier.

The third class of attacks is Terrorist Fraud attacks [9]. Inthis type of attack, a dishonest prover P collaborates withan external attacker A to convince the verifier V that heis closer than he really is. All countermeasures to TerroristFraud make the assumption that the dishonest prover P isunwilling to reveal his long-term (private or secret) key tothe attacker A that he collaborates with. Possible reasonsfor this unwillingness are impersonation, i. e., the externalattacker can later use the key to impersonate the dishonestprover, and traceability, i. e., the key may later be used toimplicate the dishonest prover in performing a Terrorist Fraud

attack. Furthermore, from the perspective of the verifier, it isimpossible to distinguish between the external attacker andthe prover if the attacker knows the long term key of theprover.

III. DISTANCE HIJACKING

In this section we define a fourth class that has untilnow been overlooked in the design of distance boundingprotocols, Distance Hijacking attacks. We relate this classof attacks to the three classical attack types on distancebounding protocols, and propose an exhaustive classificationof attacks on distance bounding protocols.

A. Distance Hijacking attacks

We say that a prover P is honest if and only if all of P ’sactions conform to the protocol specification.

Definition 1. A Distance Hijacking attack is an attack inwhich a dishonest prover P exploits one or more honest par-ties P1, . . . , Pn to provide a verifier V with false informationabout the distance between P and V .

A protocol is then said to be vulnerable to DistanceHijacking if it allows P to perform a successful DistanceHijacking attack. We observe that these attacks do not excludethe involvement of other attackers with whom the dishonestprover is colluding or the involvement of other honest verifiersthat might enable the execution of the attack.

In the context of distance bounding protocols, the infor-mation about the distance is the upper bound; hence attacksinvolve convincing V that P is closer than it actually is. Ina typical Distance Hijacking attack on a distance boundingprotocol, a dishonest prover P convinces a verifier V thatP has executed a distance measurement phase (e. g., a rapidbit exchange) with V , whereas this phase has been reallyexecuted by an honest prover P ′. This is done without thecooperation of the honest prover P ′. Often this type of attackcan be carried out by allowing the honest prover to completethe distance bounding protocol as he normally would, andthen by replacing all messages that contain signatures orMACs, with messages signed (or MAC’ed) by the attacker.

Example 1 (Distance hijacking attack on signature-basedBrands and Chaum). Figure 2 depicts a basic DistanceHijacking attack on the signature-based Brands and Chaumfrom Figure 1.

In the attack, V thinks he is communicating with P , whereP is dishonest. When an honest prover P ′ tries to prove hisdistance, P initially allows the protocol to proceed as normalbetween P ′ and V , waiting until the final signature is sentby P ′. Note that before this point, V has no cryptographicevidence that the messages it received were indeed sent byP ′. When P ′ sends the signature, P jams the message andre-signs the content c with his own signature key, and sendsthe result to V . V will successfully verify the commit as wellas the signature, and will falsely conclude that P has also

Dishonest prover

P

Honest prover

P ′

Verifier

V

mi ∈R {0, 1}

commit(m1| . . . |mk)

αi ∈R {0, 1}

αi

βi = αi ⊕mi

Rapid bit exchange

c← α1|β1| · · · |αk|βk

(open commit), signP ′(c)

(open commit), signP (c)

Verify commitc← α1|β1| · · · |αk|βk

verify signP(c)

msc Attack on basic signature-based Brands and Chaum

Figure 2. Distance Hijacking attack on basic signature-based Brands andChaum. signP and signP ′ denote the signatures with the signature keysof P and P ′, respectively.

sent the previous message. Thus, V assumes that P is withinthe distance computed from the distance bounding phase,even though in reality, this phase was performed by P ′.

We next show an example scenario in which DistanceHijacking attacks pose a threat.

Example 2 (Real-world scenario). Consider the scenariodepicted in Figure 3, in which several people work in a securefacility. In the facility is a mainframe containing sensitiveinformation. The mainframe can be accessed wirelessly byall authorized personnel, in order to facilitate easy accessby multiple people at the same time. As an added securitymechanism, in case an employee loses his smartcard with hisprivate key, the mainframe can only be accessed by peopleinside the building. This is verified every time an employeelogs in to the system, by running a distance bounding protocolbetween a station in the building (acting as the verifier) andthe employees terminal (acting as the prover).

Assume that an attacker has managed to get hold of anemployee smartcard but is unable to physically access thebuilding. He is instead located in a van in the parking lotwhere he has a powerful antenna capable of communicatingwith the wireless terminal inside the building. However inorder to log in to the system the attacker needs to prove thathe is inside the building by running a distance boundingprotocol.

If the distance bounding protocol in use is vulnerable todistance hijacking, the attacker can exploit the presence of

Figure 3. Real-world scenario for Distance Hijacking. P has a (stolen)smartcard. However, he cannot enter the secure facility and he does nothave any collaborators inside the facility. In a Distance Hijacking attack, Pexploits the presence of an honest P ′ to convince V that P is within thesecure facility.

the smartcard of another (non-collaborating and unaware)employee inside the building to execute a Distance Hijackingattack. The mainframe security system now believes that theattacker is in the building with a valid private key, and heis granted wireless access.

As straightforward as this type of attack may seem, a sur-prising number of distance bounding protocols are vulnerableto Distance Hijacking, as we will show in Section III-E. InSection VI we discuss more complex Distance Hijackingattacks, where several different distance bounding protocolsare used in the same environment.

B. Relation to historical attack types

We first relate Distance Hijacking to the three attacktypes that are traditionally considered for distance boundingprotocols.

As stated in the introduction, conceptually speaking,Distance Hijacking can be placed between Distance Fraudand Terrorist Fraud. One could thus consider extending thedefinition of either Distance Fraud or Terrorist Fraud toalso include Distance Hijacking attacks. However, giventhat previous analyses and countermeasures do not excludesuch attacks, the consequence would be that many protocolswould be incorrectly labeled as being resistant against the(new definitions of) Distance Fraud or Terrorist Fraud, orthat existing countermeasures are insufficient. We thereforechoose to introduce Distance Hijacking as a separate typeof attack.

We show why the existing three attack types do not coverDistance Hijacking. In Mafia Fraud attacks the prover ishonest. Distance Fraud attacks are defined as attacks by alone dishonest prover. These two types are therefore clearlydifferent from Distance Hijacking, which involves at least adishonest prover and another honest party.

To illustrate the difference between Distance Hijacking andthe attack type that is conceptually closest, Terrorist Fraud,we consider again the scenario from Example 2. Recall thatin Terrorist Fraud, the dishonest prover collaborates with

Figure 4. Classification of attacks on distance bounding protocols, in which a verifier computes an incorrect distance bound for a prover.

another (closer) attacker. In the scenario from the example,there are two main reasons why the absence of Terrorist Fraudattacks does not guarantee the absence of Distance Hijackingattacks. First, we observe that Terrorist Fraud is not possiblein this scenario, because the attacker does not have anotherattacker inside the building that is willing to cooperate withhim. Hence the designers of the system could consider usinga protocol such as signature-based Brands and Chaum, onwhich Distance Hijacking may still be possible. Second, thecommon countermeasure to Terrorist Fraud is to force theattacker to reveal his long term key to his accomplice, basedon the assumption that this will deter the attacker. However,in the scenario from Example 2 this assumption does nothold: the attacker has no problem with leaking the (stolen)long term key. Additionally, even if he does transmit thekey, it will be to the (unmodified) smartcard of an honestemployee. The employee’s smartcard will typically not detectthis key, and will even delete the received data after thesession ends. Hence guaranteeing the absence of TerroristFraud attacks, either by assumption or by countermeasure,does not guarantee the absence of Distance Hijacking.

C. Attack classification

The traditional attack types Mafia Fraud, Distance Fraud,and Terrorist Fraud, are defined independent of each other andusually in incompatible ways. This makes it hard to determinewhether all possible attacks on distance bounding protocolsare covered by these types, even if we include DistanceHijacking attacks. We propose to remedy this situation byderiving attack type definitions that cover all possible attacksby construction. Intuitively, we perform a sequence of casedistinctions based on three attributes of attacks on distancebounding protocols: whether the prover is honest, whetherthe prover is the only party involved in attacking the verifier,and if not, whether one of the other involved parties is honest.By considering these three attributes we arrive at definitionsfor four attack types.

We introduce some additional terminology. The goal of adistance bounding protocol is to compute a correct distancebound. More precisely, we say that the verifier V computesthe correct distance bound d on P , if P or his identifying

key1 is indeed within the (computed or expected) distance d.We make two assumptions on distance-bounding protocols.First, in the absence of attackers, the verifier computes thecorrect distance bound. Second, we assume that the protocolsguarantee weak authentication of P (i. e., aliveness [18]).

Using the above terminology and assumptions, we providean exhaustive classification of attacks on distance boundingprotocols attacks in which the verifier computes an incorrectdistance bound for the prover, represented in Figure 4.Assume that V does not compute the correct distance boundd for P . Thus, neither P nor his identifying key is withinthe distance d. Because of our first protocol assumption, thismust be caused by an attacker.

We distinguish two main cases. If P is honest, then P isnot the attacker, and therefore an external attacker is changingthe distance. We call this type of attack External DistanceFraud.

Definition 2. An External Distance Fraud attack is anattack in which an attacker provides a verifier V with falseinformation about the distance between an honest prover Pand V .

In the second case, if P is not honest, then we distinguishagain between two cases. First, if only P is involved in theattack, he must be the attacker, trying to change his owndistance. We call this type of attack Lone Distance Fraud.

Definition 3. A Lone Distance Fraud attack is an attackin which a lone prover P provides a verifier V with falseinformation about the distance between P and V .

If other parties are involved, we make a final distinction.If all of the other parties are dishonest or collaborating, theattack is called an Assisted Distance Fraud attack.

Definition 4. An Assisted Distance Fraud attack is an attackin which a prover P is assisted by one or more other parties,none of which are honest, to provide a verifier V with falseinformation about the distance between P and V .

Alternatively, if one of the other parties involved in theattack is honest, we call the attack a Distance Hijackingattack, as in Definition 1.

1In our context, P is identified by his key. If others know P ’s key, theycannot be distinguished from P .

In constructing the above classification, we have tried tostay close to the historical attack types. In fact, three of ourattack types are variants of the historical types. However, wehave tried to provide them with more descriptive and lessgeneric names. In particular, our definition of Lone DistanceFraud closely resembles the classical notion of DistanceFraud. Our definition of External Distance Fraud resemblesthat of Mafia Fraud, and our definition of Assisted DistanceFraud includes Terrorist Fraud attacks.

It is worth pointing out that although P refers to a specificidentity, or rather the identity of a party holding a specific key,this classification is also valid in the context of anonymousdistance bounding protocols [30]. In anonymous distancebounding, the only guarantee provided to the verifier is thatsomeone is within a specific distance, as opposed to P iswithin a specific distance. In order to fit anonymous distancebounding protocols into this model, we say that all proversin anonymous distance bounding share the same key (whichcould be public) and, in the decision points in Figure 4, “theprover” must be replaced by “the closest prover”.

D. Multi-prover environments

The main requirement for Distance Hijacking is that thereare other parties in the environment, which can be exploitedby a dishonest prover. We call environments in which multipleprovers may occur multi-prover environments. We give twoconcrete examples of such environments.

Multiple provers, single verifier: One such a scenariooccurs when a verifier accepts proofs from multiple provers,as depicted in Figure 5. For example, this may occur in RFIDdistance bounding where a reader may accept multiple tags. Inthis case, Distance Hijacking occurs when a dishonest proverP hijacks the distance from P ′ to V and instead convincesV that P is at this distance, thereby falsely “shortening” thedistance between P and V .

Note that in the above example, the verifiers acceptprotocol sessions from multiple provers. Below we showthat this is not required for the attacks.

Multiple provers, multiple verifiers: Consider an envi-ronment with multiple provers P, P ′, . . . and correspondingverifiers, VP , VP ′ , . . ., where verifier VP only accepts proofs-of-distance from prover P and verifier VP ′ only from proverP ′. Even in this scenario, a prover P can hijack a sessionfrom a prover P ′ to a verifier VP ′ to make VP falsely believethat P is at distance dist(P ′, VP ). This type of scenario isdepicted in Figure 6. P ′ assumes that he is proving hisdistance to VP ′ , but instead, the fast response of P ′ isaccepted by VP , who assumes that it was sent by P .

Note that for the attack to work, neither P and VPnor P and P ′ need to be physically close. Instead, thecommunication between P ′ and VP ′ can be enabled by theattacker who created a relay between them whereas P cancommunicate to P ′ using a high power transceiver and ahigh gain antenna. This second scenario may even occur

Figure 5. Scenario in whichV accepts protocol sessions frommultiple provers, here P and P ′,where Distance Hijacking may bea threat.

Figure 6. Scenario with mul-tiple prover/verifier pairs, whereVx only accepts sessions fromx. Even in this case, DistanceHijacking may be possible.

across domains: the only requirement is that the distancemeasurement (e. g., rapid bit exchange) phases used in bothdomains are to some extent compatible.

E. Analysis of Existing Distance Bounding Protocols

We have analyzed several protocols and found numerousnew attacks that fall into the class of Distance Hijackingattacks. We give an overview of the protocols analyzedin Table I. The vast majority of the attacks we find arenew. To the best of our knowledge, only two such attackswere previously reported in the literature. The attack on asimplified version of “Brands and Chaum (signature)” isdescribed in [26]. The attack on a member of the protocolfamily proposed by Meadows et al., in particular for theinstance with F (NV ,NP , P ) = 〈NV ,NP⊕P 〉, is describedin [4]. All other attacks in the table are new.

In our analysis we used the following system and attackermodel. We assume that the attacker controls the networkand may eavesdrop, intercept, inject, and block messages.We do not pose any restrictions on the number or locationsof devices that the attacker holds; the attacker can controlseveral dishonest provers as well as other wireless devices.Entities are identified by their keys; entities that hold thesame keys cannot be distinguished.

In this paper, we describe two attacks from the tablein detail. We already described the attack on the basicBrands and Chaum protocol with signatures in Example 1.We describe an attack on the Kuhn, Luecken, Tippenhauerprotocol in Example 4.

In general, it seems that protocols that closely follow theoriginal Brands and Chaum protocols do not offer protectionagainst Distance Hijacking. In contrast, protocols that derivefrom the Hancke and Kuhn protocol, which explicitly usesthe key shared between agents in the distance boundingphase, protect against Distance Hijacking in single-protocolenvironments. However, as we explain in Section VI, allprotocols, including the ones derived from the Hancke andKuhn protocol, are vulnerable to Distance Hijacking inspecific multi-protocol environments.

We note that for many of the attacks in the table, itis required that the verifier V is not “disturbed” by P ’s

No. ProtocolDiscoveredattack

1 Brands and Chaum (Fiat-Shamir) [5, p. 351] Yes2 Brands and Chaum (Schnorr) [5, p. 353] Yes3 Brands and Chaum (signature) [5, p. 350] Yes4 Bussard and Bagga [6] No5 CRCS [24] Yes

6 Hancke and Kuhn [13] No7 Hitomi [21] No8 KA2 [16] No9 Kuhn, Luecken, Tippenhauer [17] Yes10 MAD [29] Yes

11 Meadows et al. for F (. . .) = 〈NV ,NP ⊕ P 〉 [19] Yes12 Munilla and Peinado [20] No13 Noise resilient MAD [27] Yes14 Poulidor [28] No15 Reid et al. [25] No

16 Swiss-Knife [15] No17 Tree [3] No18 WSBC+DB [22, p. 50] Yes19 WSBC+DB Noent [22, p. 51] Yes

Table IDISCOVERED DISTANCE HIJACKING ATTACKS ON EXISTING PROTOCOLS

(SINGLE PROTOCOL ENVIRONMENT).

messages. As a concrete example, consider the attack inFigure 2. If V would receive and parse P ’s final signedmessage, V might abort the protocol, in which case theattack fails. There are several practical scenarios in whichthe attacks are directly possible. For example, assume thatthe signed message is sent through standard WiFi channels,and P assumes that he is responding to some other verifierV2. In this case, P sends the message addressed to V2, andV ’s hardware may already filter out the message before itarrives at the protocol level. Alternatively, the attacker canjam-and-eavesdrop the signals sent by P (except for P ’s fastresponse). Jamming seems to be possible on all protocols inthe table except for MAD, which explicitly requires jammingdetection, upon which the protocol aborts.

IV. PROTECTING AGAINST DISTANCE HIJACKING

We have seen that many protocols are vulnerable toDistance Hijacking, and we now show how to repair them.Without loss of generality, any distance bounding protocolcan be divided into three phases as depicted in Figure 7: thesetup phase, where nonces and commitments are exchanged;the distance measurement phase, where the physical distanceis measured, often using rapid bit exchange; and the finalizingphase that often includes a proof of identity. The only phasethat is required to be non-empty for a distance boundingprotocol is the distance measurement phase. The distancemeasurement phase follows the following schema: the verifiersends out a fresh challenge, to which the prover responds withsome value; this process may be split into several rounds. Thedistance measurement is derived from the measured responsetime, which means that the prover must reply immediately.As a result, it is not feasible to use cryptographic functions

Prover

P

Verifier

V

Setup phase

Time measurement

Challenge

Response

Distance measurement phase

Finalizing phase

msc Phases

Figure 7. Phases in distance bounding protocols: Setup, distancemeasurement, and finalizing. The setup and finalizing phases may be empty.

(such as encryption or signatures) in the computation of theresponse in the distance measurement phase.

In a typical Distance Hijacking attack, a dishonest proverexploits another prover’s response in the distance measure-ment phase. Thus, although the dishonest prover has fewrestrictions, because he does not have to follow the protocoland can construct his own messages as he chooses, he canonly exploit honest provers as far as the protocol allows himto. Therefore, in the fixes we propose, we ensure that thedistance measurement response of an honest prover cannotbe abused by others in their communication with the verifier.

Before we proceed to solutions, we provide more intuitionby showing why two seemingly straightforward fixes to thebasic Brands and Chaum protocol fail.

Example 3. Flawed fix: Xor identity. A first flawed fix isto include the prover’s identity in the response messagesby sending challenge ⊕ NP ⊕ P . The problem with thissolution is that the identity of an attacker P ′ might onlydiffer in a few bits from P . Then challenge ⊕ NP ⊕ Pagrees with challenge ⊕ NP ⊕ P ′ on all other bits andthe adversary only has to guess the remaining few bits inchallenge⊕NP ⊕P ′ and overshadow them in P ’s response.After learning challenge and NP , the dishonest prover cancheck if his guesses were right and send the final signature.If the Hamming distance between P and P ′ is k, then theattacker has to guess k bits and his success probability istherefore ( 12 )

k.

Example 4. Flawed fix: secure channels. A second fix is toperform the setup and finalizing phases over some securechannel, e. g., by using SSL/TLS, mutually authenticatedusing client and server certificates. A protocol along theselines is described in [17]. Because an attacker now cannoteavesdrop (or change) the contents of the communication,it might seem that any hijacking is thwarted. However, asdepicted in Figure 8, such protocols are still vulnerable toDistance Hijacking. In the attack, P claims to be a verifier

Dishonest prover

P

Honest prover

P ′

Verifier

V

Generate β

commit(β)

commit(β)

Generate α

α

α⊕ β

Distance measurement phase

signP ′(V, α, β)

signP(V, α, β)

msc Attack on Brands and Chaum variant with secure channels

Figure 8. Attack on Brands and Chaum variant where setup and finalizationuse a secure channel. We use dashed arrows to denote transmission over asecure channel. P ′ assumes that P is a verifier.

when communicating with P ′, and P claims to be a proverwhen communicating with V . Thus, P ′ assumes that heis proving his distance to P , and therefore transmits hiscommit over the secure channel to P . P simply forwardsthis commit to V . Because the distance measurement phaseis not protected by the secure channel, P ′ will respond toV ’s challenge. Afterwards, P ′ will finalize his part over thesecure channel with P . P re-signs this information and sendsit to V over the secure channel.

As the above examples show, it is not trivial to makeprotocols resilient against Distance Hijacking. The main ideaunderlying the solution is to make the prover’s messagesduring the distance measurement phase distinguishable fromthose of other provers, such that a verifier will not mistakethe response of one prover (say, P ′) for the response ofanother (say, P ). We discuss two possible solutions to ensurethis: explicit linking and implicit linking.

Solution family 1: Explicit linking: The first solution, ex-plicit linking, ensures that the response from different proversis distinguishable by explicitly including identity informationin the response, combined with integrity protection. Exampleinstances of explicit linking are the following, where weassume that NP is a nonce generated by the prover whichhe commits to in the setup phase.• challenge ⊕ h(P,NP), where h is a hash function.• challenge ⊕ signP (NP).• challenge ⊕MAC k(P,V )(P,NP), where k(P, V ) is a

symmetric shared key between P and V .Solution family 2: Implicit linking: The second solution

type, implicit linking, does not make the responses of differentprovers distinguishable on their own. Rather, it relies on thefact that honest provers do not reveal some secret, typicallytheir own nonce NP , before the distance measurement phase

has been completed. Thus, before this phase, only the proverwho generated NP knows the secret and can use it toconstruct messages. In protocols that commit to a (temporary)secret in the setup phase, the prover can include his identityin the commit, hence sending commit(P,NP) before thedistance measurement phase. Until the prover P releases thisnonce during or after his response, other (dishonest) proverscannot commit to NP with their own identity. Thus, theverifier can check that the claimed identity for the distancemeasurement phase corresponds to the commit he receivedduring the setup phase.

V. FORMAL ANALYSIS

Previous formal models capture Distance Hijacking toan insufficient extent. Specifically, they do not captureovershadowing parts of a message (see [23]), e. g., by sendingbits using a stronger signal. Several of our Distance Hijackingattacks involve such overshadowing. To capture these attacks,we extend the formal framework of Basin et al. [4] toallow the attacker to perform message manipulation on thewireless channel by overshadowing parts of a message, aswell as flipping some bits of a message. The resulting newframework allows to formally prove the absence all of thepreviously described Distance Hijacking attacks. A completeIsabelle/HOL formalization of all definitions and proofs inthis section is available in [1].

In Section V-A, we recall the basic model from [4] andwe present its extension in Section V-B.

A. Basic model

Agents and Environment: We assume that there arecountably infinite disjoint sets Honest and Dishonest ofhonest and dishonest agents. We define the set of all agents asAgent = Honest∪Dishonest. We use A, B, P , V for agents.We associate a location locA ∈ R3 to each agent. Basedon the location, we define the line-of-sight communicationdistance between two agents A and B as

cdistLoS(A,B) =|locA − locB |

c

where c denotes the speed of light. This distance constitutesa lower bound on the time required for a signal to travelfrom A to B derived from the locations of both agents.

Messages: We assume that there is a countably infiniteset Const of constants. We assume that there are countablyinfinite disjoint sets NonceA for each agent A and defineNonce =

⋃A∈Agent NonceA. We assume that there is a count-

ably infinite set Key of keys that is partitioned into keys forsymmetric encryption and asymmetric encryption/signatures.We assume that there is an inverse operator ·−1 on Key that isthe identity on symmetric keys. The set of syntactic messagesSMsg is defined by the grammar

M,M ′ ::= atom | 〈M,M ′〉 | h(M) | {M}k |M ⊕M ′ | 0

M ∈ IKA

M ∈ DMA(tr)(t,RecvA(M)) ∈ trM ∈ DMA(tr)

M ∈ DMA(tr) M ′ ∈ DMA(tr)M ⊕M ′ ∈ DMA(tr)

M ∈ DMA(tr) M ′ ∈ DMA(tr)〈M,M ′〉 ∈ DMA(tr)

M ∈ DMA(tr)h(M) ∈ DMA(tr)

M ∈ DMA(tr) k ∈ DMA(tr){M}k ∈ DMA(tr)

〈M1,M2〉 ∈ DMA(tr)Mi ∈ DMA(tr)

{M}k ∈ DMA(tr) k−1 ∈ DMA(tr)M ∈ DMA(tr)

Figure 9. Rules defining DMA(tr).

where atom ∈ Agent ∪ Const ∪ Key ∪ Nonce is an atomicmessage, and the remaining cases denote pairing, hashing,encryption with k ∈ Key, exclusive-or, and the all-zeromessage. We write signA(M) as a shorthand for {M}sk(A).

We define the set Msg of messages as SMsg/=E , where=E is the equational theory generated by the set of equations

E = {M ⊕ 0 =M,M ⊕M = 0,

(M ⊕M ′)⊕M ′′ =M ⊕ (M ′ ⊕M ′′),M ⊕M ′ =M ′ ⊕M}.

In the following, we abuse notation and write t to denotethe corresponding equivalence class {t′ | t′ =E t} ∈ Msg.

Events and Traces: The set of events is defined as

E ::= SendA(M)[M∗] | RecvA(M) | ClaimA(M).

For Send, A denotes the agent executing the send, M thesent message, and M∗ is a sequence of messages denotinglocal state information associated with the event. For Recv, Adenotes the agent executing the receive and M the receivedmessage. For Claim, A denotes the agent making the claimand M the claim itself. A trace tr is a sequence of timedevents (t, E) with t ∈ R.

Initial knowledge: To model initial key distributions,we define the functions pk : Agent→ Key, sk : Agent→ Key,and K : Agent× Agent→ Key that denote the public, secret,and shared keys of agents with the expected properties, e. g.,pk(A)−1 = sk(A). We define the initial knowledge of anagent A as

IKA = Agent ∪ Const ∪ NonceA ∪ {0}∪ {sk(A)} ∪ {pk(B) | B ∈ Agent}∪ {K(A,B) | B ∈ Agent}.

ε ∈ TRNIL

tr ∈ TR I ∈ Dishonest M ∈ DMI(tr)tr · (t, SendI(M)[]) ∈ TRP

INTR

tr ∈ TR (t′, SendA(M)[L]) ∈ trt ≥ t′ + cdistLoS(A,B)

tr · (t,RecvB(M)) ∈ TRP

BASICNET

Figure 10. Rules for network and attacker from the basic model.

tr ∈ TR

∀X ∈ components(M).

∃ t′ A L M ′ Y ∈ components(M ′).(t′, SendA(M ′)[L]) ∈ tr

∧X ⊕ Y ∈ LHW

∧ t ≥ t′ + cdistLoS(A,B)

tr · (t,RecvB(M)) ∈ TRP

EXTNET

Figure 11. The new network rule for the extended model.

Message deduction: Let A be an agent and let tr bea trace. Then the set DMA(tr) of deducible messages isthe least set closed under the rules in Figure 9. The rulesmodel message manipulations under the perfect cryptographyassumption, and are all considered modulo the equationaltheory E.

Network and Attacker: The set of possible traces TR forthe basic model is defined as the least set closed under theSTART-rule, the attacker rule INTR, and the basic networkrule BASICNET2 given in Figure 10 and the rules formalizingthe analyzed protocol. For an example of protocol rules, seeFigure 12. All rules have the implicit side condition thattimestamps are monotonous, i. e., the timestamp of a newlyadded event cannot be smaller than the maximal timestampin the trace. The INTR rule allows dishonest agents to sendarbitrary deducible messages. The BASICNET rule formalizesthat if there is a message M that has been sent by an agentA, then B can receive the message at time t if t ≥ t′ +cdistLoS(A,B).

Given a set of traces of a protocol for a model, we candefine when a protocol is secure.

Definition 5. A distance bounding protocol is secure if allclaims (V, P, dist) that occur in traces of the protocol arevalid, i. e., they agree with locV and locP . Here, we accountfor the fact that we allow dishonest nodes to share keymaterial and therefore identify all dishonest agents, i. e., aclaim (V, P, dist) for dishonest P is valid if there is some

2Note that this rule is called NET in [4].

dishonest P ′ such that dist is an upper bound on the distancebetween V and P ′.

B. Extended model

The network rule BASICNET from [4] does not accountfor message manipulation on the wireless channel. As aresult, several attacks from the previous sections (e. g., theattack in Example 3) cannot be reproduced in the basicmodel. We define our extended model by replacing thenetwork rule BASICNET by a new rule EXTNET, shownin Figure 11, that allows for a more fine-grained model ofmessage manipulation.

We start from the observation that the BASICNET ruledoes not account for the ability of an attacker to overshadowparts of a message, which can be used to replace componentsin pairs with known messages or to transform an (unknown)message m into an (unknown) message m′ if m and m′

differ only in a few bits. The second can be achieved by firstguessing the positions where m and m′ differ, then guessingthe bits of m′ on these positions, and finally overshadowingm on these positions with the guessed bits. We assume thatguessing many of the bits of m correctly can only be donewith negligible probability. Subsequently, the attacker cantransform m into m′ with non-negligible probability if andonly if the Hamming distance between m and m′ is small.

To account for these manipulations, we require twodefinitions. First, the components of a message M are definedas components(M) = components(M1) ∪ components(M2)if M = 〈M1,M2〉 and components(M) = M otherwise.Second, the set LHW of messages that may have a lowHamming weight is defined as

L,L′ ::= latom | L⊕ L′ | 0

where latom = Agent ∪ Const. This excludes nonces, keys,hashes, encryptions, and the exclusive-or of such messagessince the probability that these have a low Hamming weightcan be assumed to be negligible, unless such a messagecancels itself out. We do not include pairs of low Hammingweight messages since we already allow the attacker tomodify components of pairs individually.

Our new network rule EXTNET is shown in Figure 11.According to the rule, an agent B can receive a message Mif for all components X of M , there is a corresponding sendevent (with compatible timestamp) of a message M ′ suchthat M ′ has a component Y with a low Hamming distanceto X , i. e., the Hamming weight of X ⊕ Y is low.

Example 5. We assume that the attacker does not knowNV and NP . To overshadow NP with NI in the message〈NV ,NP〉 sent by an honest P , the attacker has to sendNI (early enough) such that both sends together result in areceive of 〈NV ,NI〉.

In Example 3, the attacker overshadows some bits totransform the (unknown) message NV ⊕NP ⊕ P into the

tr ∈ TR P ∈ HonestNP ∈ (NonceP \ subterms(tr))

tr · (t, SendP (h(NP))[P1,NP ]) ∈ TRPROVCOM

tr ∈ TR V ∈ Honest(t,RecvV (COM )) ∈ tr

NV ∈ (NonceV \ subterms(tr))tr · (t, SendV (NV )[V1,COM ,NV ]) ∈ TR

VERCHAL

tr ∈ TR P ∈ Honest (t,RecvP (NV )) ∈ tr(t, SendP (X)[P1,NP ]) ∈ tr

tr · (t, SendP (NV ⊕NP )[P2,NP ,NV ]) ∈ TRPROVRESP

tr ∈ TR P ∈ Honest(t, SendP (X)[P2,NP ,NV ]) ∈ tr

tr · (t, SendP (signP (NV ,NP , P ))[]) ∈ TRPROVAUTH

tr ∈ TR V ∈ Honest(tchal , SendV (NV )[V1, h(NP),NV ]) ∈ tr

(tresp ,RecvV (NV ⊕NP)) ∈ tr(tauth ,RecvV (signP (NV ,NP , P ))) ∈ tr

tr · (t,ClaimV (V, P, (tresp − tchal) ∗ c/2)) ∈ TRVERRESP

Figure 12. Formalization of the Brands-Chaum Protocol.

(unknown) message NV ⊕ NP ⊕ P ′. In our model, theattacker does not have to perform any action since (NV ⊕NP ⊕ P ′) ⊕ (NV ⊕ NP ⊕ P ) = P ⊕ P ′ ∈ LHW. Thiscaptures the intuition that allowing the attacker to flip somebits of unknown messages is equivalent to allowing for somebit-errors introduced by the wireless channel.

The set of possible traces TR for our extended model isdefined as the least set closed under the START-rule, theattacker rule INTR, the extended network rule EXTNET, andthe rules formalizing the analyzed protocol.

Protocol Formalization: We formalize the originalsignature-based version of the Brands-Chaum by the rulesin Figure 12. Pi and Vi are constants used in the localstate of the verifier and prover in step i. The rules ensurethat the previous steps have been executed, the requiredmessages have been received, and nonces are freshly chosen(not subterm of the trace tr). The final rule VERRESP usesthe times when the challenge was sent and the time when thereply was received to compute an upper bound on the distancebetween P and V . We refer the reader to [4] to further detailson modeling protocols in this kind of framework.

Case studies: We have analyzed the Brands-Chaumprotocol and its various fixes in our extended framework. Forexample, we have proven that if we modify Brands-Chaumto include explicit linking, the Distance Hijacking attack isno longer possible. Note that for proving the correctness of

the version with implicit linking, we need the assumptionthat verifiers cannot receive the bits/message that theysent themselves, e. g., because different channels are used.Without this assumption, Brands-Chaum is vulnerable toDistance Fraud attacks (by reflection or using low Hammingweight overshadowing). As another example, our extendedframework also reveals that modifying the response toNV ⊕NP⊕P is not secure since the attack from Example 3is captured. Note that in the basic framework from [4], whichdid not account for message manipulation on the wirelesschannel, this attack was not captured and a security proofwas possible. This clearly shows the effect of the adversary’sadditional powers in our extended model.

For a complete description of our case studies and theirformalization we refer the reader to [1].

VI. MULTI-PROTOCOL ENVIRONMENTS

So far, we discussed Distance Hijacking attacks in single-protocol environments, where both dishonest and honestprover run the same distance bounding protocol. However, itis possible that verifier-prover pairs execute different rangingand distance bounding protocols, for example when theybelong to different domains. We call such environmentsmulti-protocol environments.

Distance Hijacking in Multi-protocol Environments: Inwhat follows we show that there are plausible multi-protocolenvironments in which protocols that are resilient to DistanceHijacking in single-protocol environments become vulnerableagain to Distance Hijacking.

We define a multi-protocol environment MPE as a setof triplets, where a triplet (A,B,R) denotes that agent Amay execute the protocol role R (e. g., the prover role ofthe Brands and Chaum protocol) when communicating withB, and where at least two different protocols are containedin the set. We say that a distance bounding protocol DB isvulnerable to a Distance Hijacking Attack in a multi-protocolenvironment MPE if a dishonest prover P can perform asuccessful Distance Hijacking attack against a verifier Vrunning DB in the verifier role in that environment (andhence (V, P,DB(verifier)) ∈ MPE ).

It is easy to see that, given any distance bounding protocol,a multi-protocol environment can be constructed in which thisprotocol will be vulnerable to Distance Hijacking attacks. Forexample, all distance bounding protocols will be vulnerableto Distance Hijacking if run in the same environment witha protocol that uses a similar distance measurement phase,but that gives a dishonest prover full control over the waythe response bits are computed by the honest prover. Thisis not such an unlikely scenario, since it is plausible that inthe same environment in which a verifier and a dishonestprover run e. g., Hancke and Kuhn, an honest prover runsan insecure ranging protocol that supports the same typeof distance measurement phase as the Hancke and Kuhnprotocol. This insecure ranging protocol could easily allow

Prover

P

Verifier

V

NP0, NP1 ∈R {0, 1}ℓ

V, {NP0, NP1, V }kvp

NV ∈R {0, 1}ℓ

N iV

if N iV = 0,Ri = N i

P0

if N iV = 1,Ri = N i

P1

Ri

Rapid bit exchange: for 0 ≤ i < ℓ

Verify that received Ri’s

correspond to NP0 and NP1

msc Distance bounding protocol

Figure 13. A Distance Bounding Protocol that enables Distance Hijackingon Hancke-Kuhn protocol in multi-protocol environments.

a dishonest prover to set the bits that the honest proveruses in the distance measurement phase (e. g., for debuggingpurposes). It might also be that this insecure ranging protocolis simply enabled as a feature for non-critical applicationsand therefore coexists with the Hancke and Kuhn protocolon the devices (and thus shares the same hardware / distancemeasurement implementation with the Hancke and Kuhnprotocol).

This means that all multi-prover distance bounding proto-col deployments cannot be guaranteed to be secure unlessadditional measures are in place that limit the risk fromother protocols running in the environment. As we have seenabove, some protocols give almost complete control of honestprovers to the dishonest prover.

We show that there are even multi-protocol environmentswhere honest provers and the verifier run secure distancebounding protocols, and where a Distance Hijacking attackis still feasible. We show this on an example of theHancke-Kuhn distance bounding protocol. We construct amulti-protocol environment in which the verifier runs theHancke-Kuhn protocol, and the honest provers supports aminor variation of the Hancke-Kuhn protocol (secure againstDistance Hijacking in a single-protocol environment). Weshow that in this environment, a dishonest prover can executea successful Distance Hijacking attack. Our variation of theHancke-Kuhn protocol is shown in Figure 13. It differs fromthe Hancke and Kuhn protocol in that the prover does not

compute the values of registers NP0 and NP1 but that theseare computed by the verifier and sent (confidentially) to theprover. This protocol modification would make sense if onewould, e. g., assume that the prover does not have a goodrandom number generator (e. g., an RFID tag).

An attack in this multi-protocol environment then works asfollows. A dishonest prover P initiates the original Hanckeand Kuhn protocol with the verifier V , and derives sharedregister values with V (for details see Hancke and Kuhnprotocol [13]). P then acts as a verifier and initiates themodified Hancke and Kuhn protocol from Figure 13 with thehonest prover P ′. P then provides the register values to P ′

as specified in the modified protocol. V and P ′ then executea rapid bit exchange and V believes that this exchange wasexecuted by P .

Observe that the attack does not require the two protocolsto share the same long-term keys: V verifies the use of thekey as prescribed by the Hancke and Kuhn protocol, whichwas provided by P , and remains unknown to P ′. However,the attack strictly requires V and P ′ to use similar hardwarefor the fast response phase.

Similarly, a modified version of the Brands and Chaumprotocol can be constructed that, if run next to the Hancke andKuhn protocol, would also enable a Distance Hijacking attackagainst the Hancke and Kuhn protocol. This phenomenonis similar to the Chosen Protocol attack in cryptographicprotocol analysis. We relate the two concepts in Section VIII.

Protecting against Distance Hijacking in Multi-ProtocolEnvironments: Previously, we proposed countermeasures thatprevent Distance Hijacking in single-protocol environments.We now discuss some approaches that can mitigate suchattacks in multi-protocol environments.

For multi-protocol environments the obvious solution is totry to ensure that all protocols in an environment use different(incompatible) hardware for their distance measurementphase. This is analoguous to the concepts of tagging ordisjoint encryption for classical cryptographic protocols. Thus,attacks in multi-protocol environments can be prevented bybetter regulation in distance bounding protocol deploymentand construction. Minor application-specific modifications tothe distance measurement phase (e. g., including application-specific dummy bits) would already prevent a numberof attacks. Similarly, manufacturer-specific or deploymentspecific hardware modifications would also protect againstmulti-protocol attacks; this can, however, be expensive.

There are a number of scenarios in which such deploy-ment and regulatory protection measures cannot be used.Application-specific modifications of the distance measure-ment phase are particularly difficult to implement; given thetight timing constraints in the distance measurement phase,this phase will be processed in hardware. It is also likelythat only a few implementations of the distance measurementphase will emerge in the future, limiting available application-specific modifications of this phase. This finally means that

most distance bounding protocols will likely use the sameimplementation of the distance measurement phase.

Accounting for these scenarios, we propose an alternativesolution that makes use of “prover honeypots”. Recall that toexecute a Distance Hijacking attack, a dishonest prover eitherneeds to be able to successfully claim to have executed adistance measurement phase that was executed by an honestprover, or needs to make an honest prover execute a distancemeasurement phase using specific bits. The prevention ofthe false distance measurement claim naturally extends fromsingle- to multi-protocol environments — this type of attackcan be prevented by using protocols that are resilient toDistance Hijacking in single-protocol environments. However,as we have shown, protocols that are resilient to DistanceHijacking in single-protocol environments cannot preventattacks in a multi-protocol environment where an honestprover is made to execute a distance measurement phaseusing the bits provided by a dishonest prover. We aim todetect such attacks by the use of prover honeypots.

Our solution works as follows. The verifier first sets up anumber of virtual or real honeypot provers which are eitherphysical or virtual devices that are placed in the vicinity ofthe verifier. These honeypot provers are created either by theverifier or by the devices that the verifier trusts and controls.To other provers, honeypot provers claim either their trueor false locations/identities, and they support a broad set ofranging and distance bounding protocols. The idea behindthis setting is that when a dishonest prover mounts a DistanceHijacking attack, it chooses one of the honeypot provers toabuse in his attack. Besides setting up honeypot provers, theverifier also limits its operation to specific distance boundingprotocols: it executes only distance bounding protocols thatforce a dishonest prover to reveal (most of the bits of) itssecret key (that it shares with the verifier) to the honestprover if he wants to execute a Distance Hijacking attack.This is commonly the case for protocols that are resilientagainst Terrorist Fraud. Thus, if a dishonest prover executesa successful (with a high probability) Distance Hijackingattack and uses one of the honeypots to launch the attack,the (majority of the) bits of the key that it shares with theverifier will be revealed to the honeypot prover. For the casein which the prover wants to be certain about the success ofDistance Hijacking, all of the bits of his key will be revealedto the honeypot. In order to check if a Distance Hijackingattack was executed, the verifier, after the execution of adistance bounding protocol with a given prover, simply needsto ask his honeypot provers to send him the bits that theyused in any recent distance measurement phase. If those bitsallow the reconstruction of the (majority of the bits of the)key that the verifier shares with the prover [15], the verifierconcludes that the prover attempted to execute a DistanceHijacking attack.

Figure 14. Location Verificationand Location Hijacking: P hijacksthe location of P ′, for example byhijacking the distance bounding pro-tocol instances of P ′ with respect tothe verifiers.

Figure 15. Location Hijacking toempty location: When asked to provehis location to the verifiers, P hijacksP1’s distance for V1, P2’s distancefor V2, and P3’s distance for V3. Theverifiers conclude that P is at thelocation indicated by the arrow.

VII. LOCATION HIJACKING

In this section we generalize Distance Hijacking toLocation Hijacking. We consider the problem of locationverification, or position verification, in which a set of verifiersestablishes the location of a prover, even though this provermay act dishonestly, i. e., the prover can pretend to be atanother location than he really is. The objective of a locationverification protocol is to ensure that the location of theprover is reliably determined.

Protocols for location verification often build on distancebounding protocols. A prover repeatedly uses a distancebounding protocol to prove his proximity to a set of verifiers.Based on the combined information, the verifiers are able toverify the location of the prover.

This process is depicted in Figure 14. The circles representthe measured distances by the verifiers V1, V2, V3, and theyconclude that P ′ must be located in the intersection. If adishonest prover P can hijack distance bounding sessions ofa party P ′, he can pretend to be at the location where P ′

resides, regardless of his actual location. This constitutes aLocation Hijacking attack: a dishonest prover can hijack thelocation of P ′.

Definition 6. Location Hijacking attack. A Location Hi-jacking attack is an attack in which a dishonest prover Pexploits one or more honest parties P1, . . . , Pn to provide aset of verifiers V1, . . . , Vk with false information about thelocation of P (either absolute or relative to the location ofthe verifiers).

The threat of hijacking is magnified in the context oflocation verification, because multiple distance boundingresults are combined. For example, consider the setup inFigure 15, in which three honest provers P1, P2, and P3 arewithin range of the verifiers. As before, a dishonest prover canperform Distance Hijacking attacks on the distance boundingphases, thereby hijacking the location of P1, P2, or P3 as hechooses. However, he can also combine Distance Hijackingattacks with respect to multiple honest provers: this allowshim to make his location appear to be at any intersection

of the distances of a set of honest provers. For example, inFigure 15, he can convince the verifiers that he is locatedat the position indicated by the arrow, by combining thedistance bounding phases of the honest provers, even thoughnobody is present at this location.

Case Study of Location Hijacking: To emphasize thatLocation Hijacking is indeed a relevant problem, even onrecent protocols, we give a brief case study of a recentprotocol by Chiang et al. [7] that is vulnerable to LocationHijacking. In this protocol a prover sends out a locationclaim, after which he receives simultaneous challenges froma number of verifiers. The prover aggregates the challengesand broadcasts his response to all verifiers. This many-to-one challenge response then constitutes one round of theunderlying distance bounding protocol, which in this caseis Brands and Chaum’s original suggestion [5]. The authorspresent a proof that their scheme is optimal in the sense thatit achieves the “maximal security” any location verificationschemes based solely on time-of-flight can provide.

Despite the proof, this scheme is vulnerable to LocationHijacking (Figure 14). The proof in [7] establishes that aprover must be at the claimed location (within some accuracy)in order to correctly reply to the challenges. The proofhowever, does not address the authentication of the node at theclaimed location but instead leaves that up to the underlyingdistance bounding protocol. Since the underlying distancebounding protocol is vulnerable to Distance Hijacking, thelocation verification protocol inherits this vulnerability. Inthis case it is possible that another distance bounding protocolcould be used instead of Brands and Chaum, in order toachieve a secure scheme, but this example shows that evenrecent location verification schemes with proofs of optimalsecurity, can be vulnerable to Location Hijacking.

VIII. RELATED WORK

Distance bounding for RFID tags: Avoine et al. presentin [2] a framework for analyzing RFID distance boundingprotocols. They give definitions for the three main attacktypes, and also define Impersonation Fraud, in which “alonely prover purports to be another one” [2, p. 5], i. e., aviolation of weak authentication. They consider these fourtypes of attack with respect to black-box and white-boxprovers, yielding a total of eight security notions. None oftheir models covers Distance Hijacking attacks.

Durholz et al. propose in [11] the first computationalformal framework for proving properties of RFID distancebounding protocols that are based on shared symmetric keys.Their framework considers an attacker that interacts onlywith a single prover (the tag) and single verifier (the reader).Consequently, proving that an RFID protocol is secure intheir framework does not guarantee the absence of DistanceHijacking attacks.

Formal models for distance bounding: Meadows et al.developed a formal methodology to prove properties of

distance bounding protocols [19]. Because the methodologyis not particularly suited for dealing with dishonest provers,they did not consider scenarios that would allow them todetect Distance Hijacking attacks.

The first two formal approaches for distance boundingprotocols that have considered multi-prover scenarios anddishonest provers are Malladi et al. [26] and Basin et al.[4]. Malladi et al. propose a tool-supported framework foranalyzing distance bounding protocols, and model a variantof the first signature-based protocol by Brands and Chaum.They analyze this protocol in several scenarios and find anattack that falls into our class. In their “farther adversary”scenario, the attacker is farther from the verifier than thereported distance. This suggests that the “farther adversary”scenario covers both Distance Fraud and Distance Hijacking.However, this observation is not consistent with Malladiet al.’s statement that including the identity in the signaturemakes the protocol secure in the “farther adversary” scenario.From our analysis it is clear that the resulting protocol willstill be vulnerable to Distance Hijacking.

Basin et al. proposed in [4] the basic framework that wehave used here as a starting point for our extended model.Basin et al. analyze a family of distance bounding protocolsproposed by Meadows et al. in [19] and find an attack thatfalls into our class of Distance Hijacking attacks, whichthey refer to as an “impersonation attack”. They prove thata concatenation-based version of the protocol is secure intheir framework. This protocol is not secure in our extendedframework, as the protocol is still vulnerable to a DistanceHijacking attack that uses overshadowing.

Chosen Protocol attack: The multi-protocol DistanceHijacking attack described in Section VI resembles theChosen Protocol (or Multi-Protocol) attack in cryptographicprotocol analysis, which was introduced by Kelsey, Schneier,and Wagner [14]. They describe how, given any securecryptographic protocol, a second protocol can be constructed(“chosen”) that is also secure, but when both are executedin parallel, an attacker can use the second protocol to attackthe first. Chosen Protocol attacks are an instance of Multi-Protocol attacks [8]. In a traditional (Dolev-Yao style) setting,Multi-Protocol attacks require that both protocols use thesame key infrastructure, in which case many protocols arevulnerable [8]. Ensuring that the protocols use different keysprevents the problem [12], which is often guaranteed inpractice. The practical threat of multi-protocol attacks in theDolev-Yao setting is therefore limited.

In contrast, our multi-protocol Distance Hijacking attacksdo not require that keys are shared among protocols. Rather,the distance measurement phase must be regarded as asecurity primitive, and care must be taken when securityprimitives are shared among protocols. If not, unexpectedinteractions can occur, as witnessed by our attacks. In practice,multi-protocol Distance Hijacking poses a more significantthreat than Chosen Protocol attacks, because it can be

expected that only a few different hardware componentsfor distance measurement will be manufactured, which maybe used by a large number of different protocols.

IX. CONCLUSIONS

In many practical scenarios, including scenarios in whichTerrorist Fraud attacks are not a concern, Distance Hijackingattacks can pose a serious threat. Surprisingly, until now, thistype of attack was not considered in the analysis of proposeddistance bounding protocols.

In fact, our analysis shows that many distance boundingprotocols cannot be safely used in scenarios with multipleprovers. Fortunately, it seems that adapting the protocols to beresilient against these attacks is possible in single-protocol en-vironments without imposing a significant overhead. Similarobservations can be made for location verification protocolswith respect to Location Hijacking attacks.

We introduced an extended framework to reason aboutdistance bounding protocols in a symbolic way, which atthe same time incorporates bit-level message manipulationsby the attacker. The results of this hybrid approach havethus far been promising. The framework enables us to detectmore attacks than previous frameworks, including DistanceHijacking attacks, and also allows us to prove the absenceof the attacks we found.

We proposed an exhaustive classification of attacks ondistance bounding protocols. In this context, we also proposednew names and definitions for the three classical attack types.Our new attack names are less generic and more descriptivethan the previous names. We hope that the exhaustiveclassification has a positive effect on the systematic analysisof threats against distance bounding protocols.

It is clear that secure functioning in a context with multipleprovers is a desirable feature, giving an edge to thoseprotocols that are resilient against Distance Hijacking attacks.It seems therefore prudent to analyze new proposals fordistance bounding protocols for their vulnerability to DistanceHijacking.

REFERENCES

[1] Anonymous. Isabelle/HOL sources for the framework, models,and proofs, November 2011. available https://www.wuala.com/distanceHijacking/material/?key=SKb9B4YNzXiM.

[2] G. Avoine, M. A. Bingol, S. Kardas, C. Lauradoux, andB. Martin. A Framework for Analyzing RFID DistanceBounding Protocols. Journal of Computer Security – SpecialIssue on RFID System Security, 2010.

[3] G. Avoine and A. Tchamkerten. An efficient distance boundingRFID authentication protocol: Balancing false-acceptancerate and memory requirement. In Proceedings of the 12thInternational Conference on Information Security, ISC ’09,pages 250–261, Berlin, Heidelberg, 2009. Springer-Verlag.

[4] D. Basin, S. Capkun, P. Schaller, and B. Schmidt. Let’sget physical: Models and methods for real-world securityprotocols. In Proceedings of the 22nd International Conferenceon Theorem Proving in Higher Order Logics, TPHOLs ’09,pages 1–22, Berlin, Heidelberg, 2009. Springer-Verlag.

[5] S. Brands and D. Chaum. Distance-bounding protocols. InT. Helleseth, editor, Advances in Cryptology - EUROCRYPT’93, volume 765 of Lecture Notes in Computer Science, pages344–359. Springer, 1994.

[6] L. Bussard and W. Bagga. Distance-bounding proof ofknowledge to avoid real-time attacks. In R. Sasaki, S. Qing,E. Okamoto, and H. Yoshiura, editors, Security and Privacyin the Age of Ubiquitous Computing, volume 181 of IFIPAdvances in Information and Communication Technology,pages 223–238. Springer Boston, 2005.

[7] J. T. Chiang, J. J. Haas, and Y.-C. Hu. Secure and preciselocation verification using distance bounding and simultaneousmultilateration. In Proceedings of the second ACM conferenceon Wireless network security, WiSec ’09, pages 181–192, NewYork, NY, USA, 2009. ACM.

[8] C. Cremers. Feasibility of multi-protocol attacks. In Proc. ofThe First International Conference on Availability, Reliabilityand Security (ARES), pages 287–294, Vienna, Austria, April2006. IEEE Computer Society.

[9] Y. Desmedt. Major security problems with the ‘unforgeable’(Feige)-Fiat-Shamir proofs of identity and how to overcomethem. In Proceedings of the 6th worldwide congress oncomputer and communications security and protection (Se-curiCom), pages 147–159, March 1988.

[10] S. Drimer and S. J. Murdoch. Keep your enemies close:Distance bounding against smartcard relay attacks. In USENIXSecurity 2007: Proceedings of the 19th USENIX SecuritySymposium, 2007.

[11] U. Duerholz, M. Fischlin, M. Kasper, and C. Onete. A formalapproach to distance-bounding RFID protocols. In InformationSecurity Conference (ISC) 2011, Lecture Notes in ComputerScience, 2011. To appear.

[12] J. Guttman and F. Thayer. Protocol independence throughdisjoint encryption. In Proc. 13th IEEE Computer SecurityFoundations Workshop (CSFW), pages 24–34. IEEE ComputerSociety, 2000.

[13] G. Hancke and M. Kuhn. An RFID distance bounding protocol.In Proc. of IEEE/CreatNet SecureComm, pages 67–73, 2005.

[14] J. Kelsey, B. Schneier, and D. Wagner. Protocol interactionsand the chosen protocol attack. In B. Christianson, B. Crispo,T. Lomas, and M. Roe, editors, Proc. 5th InternationalWorkshop on Security Protocols, volume 1361, pages 91–104.Springer, 1997.

[15] C. Kim, G. Avoine, F. Koeune, F.-X. Standaert, and O. Pereira.The Swiss-Knife RFID distance bounding protocol. In P. Leeand J. Cheon, editors, Information Security and CryptologyICISC 2008, volume 5461 of Lecture Notes in ComputerScience, pages 98–115. Springer Berlin / Heidelberg, 2009.

[16] C. H. Kim and G. Avoine. RFID distance bounding protocolwith mixed challenges to prevent relay attacks. In Proceedingsof the 8th International Conference on Cryptology and NetworkSecurity, CANS ’09, pages 119–133, Berlin, Heidelberg, 2009.Springer-Verlag.

[17] M. Kuhn, H. Luecken, and N. O. Tippenhauer. UWB impulseradio based distance bounding. In Proceedings of the Workshopon Positioning, Navigation and Communication (WPNC),2010.

[18] G. Lowe. A hierarchy of authentication specifications. InProc. 10th IEEE Computer Security Foundations Workshop(CSFW), pages 31–44. IEEE, 1997.

[19] C. Meadows, R. Poovendran, D. Pavlovic, L. Chang, andP. Syverson. Distance bounding protocols: Authenticationlogic analysis and collusion attacks. In R. Poovendran,S. Roy, and C. Wang, editors, Secure Localization and TimeSynchronization for Wireless Sensor and Ad Hoc Networks,volume 30 of Advances in Information Security, pages 279–298. Springer US, 2007.

[20] J. Munilla and A. Peinado. Distance bounding protocolsfor RFID enhanced by using void-challenges and analysis innoisy channels. Wirel. Commun. Mob. Comput., 8:1227–1232,November 2008.

[21] P. Peris-Lopez, J. C. H. Castro, J. M. Estevez-Tapiador, andJ. C. A. van der Lubbe. Shedding some light on RFID distancebounding protocols and terrorist attacks. CoRR, abs/0906.4618,2009.

[22] P. Peris-Lopez, J. Hernandez-Castro, J. Tapiador, E. Palomar,and J. van der Lubbe. Cryptographic puzzles and distance-bounding protocols: Practical tools for RFID security. In RFID,2010 IEEE International Conference on, pages 45 –52, Apr.2010.

[23] C. Popper, N. O. Tippenhauer, B. Danev, and S. Capkun.Investigation of signal and message manipulations on thewireless channel. In Computer Security - ESORICS 2011 -16th European Symposium on Research in Computer Security.Proceedings, volume 6879 of Lecture Notes in ComputerScience, pages 40–59. Springer, 2011.

[24] K. B. Rasmussen and S. Capkun. Realization of RF distancebounding. In USENIX Security 2010: Proceedings of the 19thUSENIX Security Symposium. USENIX, 2010.

[25] J. Reid, J. M. G. Nieto, T. Tang, and B. Senadji. Detectingrelay attacks with timing-based protocols. In Proceedingsof the 2nd ACM symposium on Information, computer andcommunications security, ASIACCS ’07, pages 204–213, NewYork, NY, USA, 2007. ACM.

[26] B. B. S. Malladi and K. Kothapalli. Automatic analysis ofdistance bounding protocols. In Foundations of ComputerSecurity. Affiliated to LICS09, August 2009. Informalproceedings.

[27] D. Singelee and B. Preneel. Distance bounding in noisyenvironments. In Proceedings of the 4th European conferenceon Security and privacy in ad-hoc and sensor networks,ESAS’07, pages 101–115, Berlin, Heidelberg, 2007. Springer-Verlag.

[28] R. Trujillo-Rasua, B. Martin, and G. Avoine. The Poulidordistance-bounding protocol. In Proceedings of the 6thinternational conference on Radio frequency identification:security and privacy issues, RFIDSec’10, pages 239–257,Berlin, Heidelberg, 2010. Springer-Verlag.

[29] S. Capkun, L. Buttyan, and J.-P. Hubaux. SECTOR: securetracking of node encounters in multi-hop wireless networks.In Proceedings of the 1st ACM workshop on Security of adhoc and sensor networks, SASN ’03, pages 21–32, New York,NY, USA, 2003. ACM.

[30] S. Capkun and M. Cagalj. Integrity regions: authenticationthrough presence in wireless networks. In ACM workshopon Wireless security, pages 1–10, New York, NY, USA, 2006.ACM.