Abstract
Distance-bounding protocols aim to prevent an adversary from pretending that two parties are physically closer than they really are. We show that proposed distance-bounding protocols of Hu, Perrig and Johnson (2003), Sastry, Shankar and Wagner (2003), and Čapkun and Hubaux (2005, 2006) are vulnerable to a guessing attack where the malicious prover preemptively transmits guessed values for a number of response bits. We also show that communication channels not optimized for minimal latency imperil the security of distance-bounding protocols. The attacker can exploit this to appear closer himself or to perform a relaying attack against other nodes. We describe attack strategies to achieve this, including optimizing the communication protocol stack, taking early decisions as to the value of received bits and modifying the waveform of transmitted bits. We consider applying distance-bounding protocols to constrained devices and evaluate existing proposals for distance bounding in ad hoc networks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Brands, S., Chaum, D.: Distance-bounding protocols (extended abstract). In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)
Karl, H., Willig, A.: Protocols and Architectures for Wireless Sensor Networks. Wiley, Chichester (2005)
Karp, B., Kung, H.T.: GPSR: greedy perimeter stateless routing for wireless networks. In: MOBICOM, pp. 243–254 (2000)
Hu, Y.C., Perrig, A., Johnson, D.B.: Packet leashes: A defense against wormhole attacks in wireless networks. In: INFOCOM (2003)
Hu, Y.C., Perrig, A., Johnson, D.B.: Rushing attacks and defense in wireless ad hoc network routing protocols. In: [22], pp. 30–40 (2003)
Karlof, C., Wagner, D.: Secure routing in wireless sensor networks: attacks and countermeasures. Ad Hoc Networks 1(2-3), 293–315 (2003)
Čapkun, S., Buttyán, L., Hubaux, J.P.: SECTOR: secure tracking of node encounters in multi-hop wireless networks. In: Setia, S., Swarup, V. (eds.) SASN, pp. 21–32. ACM, New York (2003)
Werb, J., Lanzl, C.: Designing a positioning system for finding things and people indoors. IEEE Spectrum 35(9), 71–78 (1998)
Bahl, P., Padmanabhan, V.: RADAR: An in-building RF-based user location and tracking system. In: Nineteenth Annual Joint Conference of the IEEE Computer and Communication Society, pp. 775–784. IEEE, Los Alamitos (2000)
Liu, D., Ning, P., Du, W.: Attack-resistant location estimation in sensor networks. In: IPSN, pp. 99–106. IEEE, Los Alamitos (2005)
Liu, D., Ning, P., Du, W.: Detecting malicious beacon nodes for secure location discovery in wireless sensor networks. In: ICDCS, pp. 609–619. IEEE Computer Society, Los Alamitos (2005)
Čapkun, S., Hubaux, J.P.: Secure positioning of wireless devices with application to sensor networks. In: INFOCOM (2005)
Čapkun, S., Hubaux, J.P.: Secure positioning in wireless networks. IEEE Journal on Selected Areas in Communications: Special Issue on Security in Wireless Ad Hoc Networks 24(2), 221–232 (2006)
Čapkun, S., Cagalj, M., Srivastava, M.: Securing localization with hidden and mobile base stations. Internet-draft, NESL, UCLA (2005)
Krumm, J., Horvitz, E.: LOCADIO: Inferring motion and location from Wi-Fi signal strengths. In: First Annual Internationl Conference on Mobile and Ubiquitous Systems: Networking and Services, pp. 4–13. IEEE, Los Alamitos (2004)
Sastry, N., Shankar, U., Wagner, D.: Secure verification of location claims. In: [22], pp. 1–10 (2003)
Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: IEEE SecureComm 2005, Athens, Greece, pp. 67–73. IEEE Computer Society, Los Alamitos (2005)
Zetik, R., Sachs, J., Thome, R.: UWB localization – active and passive approach. In: 21st IEEE Instrumentation and Measurement Technology Conference, pp. 1005–1009. IEEE, Los Alamitos (2004)
Fontana, R.J., Richley, E., Barney, J.: Commercialization of an ultra wideband precision asset location system. In: Conference on Ultra Wideband Systems and Technologies, pp. 369–373. IEEE, Los Alamitos (2003)
Ghavami, M., Micheal, L.B., Kohno, R.: Ultra Wideband Signals and Systems in Communication Engineering. Wiley, Chichester (2004)
Ubisense: White papers and datasheets (2003–2006), http://www.ubisense.net
Maughan, W.D., Perrig, A. (eds.): Proceedings of the 2003 ACM Workshop on Wireless Security, San Diego, CA, USA, September 19 (2003), In: Maughan, W.D., Perrig, A. (eds.): Workshop on Wireless Security, ACM (2003)
Crossbow Technology: MICA2 mote (2006), http://www.xbow.com/Products/Product_pdf_files/Wireless_pdf/MICA2_Datasheet.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Clulow, J., Hancke, G.P., Kuhn, M.G., Moore, T. (2006). So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks. In: Buttyán, L., Gligor, V.D., Westhoff, D. (eds) Security and Privacy in Ad-Hoc and Sensor Networks. ESAS 2006. Lecture Notes in Computer Science, vol 4357. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11964254_9
Download citation
DOI: https://doi.org/10.1007/11964254_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-69172-3
Online ISBN: 978-3-540-69173-0
eBook Packages: Computer ScienceComputer Science (R0)