A Formal Approach to Distance-Bounding RFID Protocols
Distance-Bounding identification protocols aim at impeding man-in-the-middle attacks by measuring response times. There are three kinds of attacks such protocols could address: mafia attacks where the adversary relays communication between honest prover and honest verifier in different sessions; Terrorist attacks where the adversary gets limited active support from the prover to impersonate. Distance attacks where a malicious prover claims to be closer to the verifier than it actually is. Many protocols in the literature address one or two such threats, but no rigorous cryptographic security models-nor clean security proofs-exist so far. For resource-constrained RFID tags, distance-bounding is more difficult to achieve.