JAVA 2013 IEEE NETWORKING PROJECT Distance bounding a practical security solution for real time location systems
Distance Bounding A Practical Security Solution for Real-
Time Location Systems
The need for implementing adequate security services in industrial applications is increasing. Verifying the
physical proximity or location of a device has become an important security service in ad-hoc wireless
environments. Distance-bounding is a prominent secure neighbor detection method that cryptographically
determines an upper bound for the physical distance between two communicating parties based on the round-
trip time of cryptographic challenge-response pairs.
This paper gives a brief overview of distance-bounding protocols and discusses the possibility of implementing
such protocols within industrial RFID and real-time location applications, which requires an emphasis on
aspects such as reliability and real-time communication. The practical resource requirements and performance
tradeoffs involved are illustrated using a sample of distance-bounding proposals, and some remaining research
challenges with regards to practical implementation are discussed.
This assumption is based on the fact that these devices are within communication range and that communication
range is location limited, which implicitly proves physical proximity. In a hostile environment, this assumption
no longer holds as a fraudulent device can manipulate the communication range and pretend to be a neighbor.
As a result, a device might interact with a fraudulent device pretending to be its neighbor, placing it in a
privileged position from where it could adversely affect the intended services. The assumption is therefore made
IEEE PROJECTS & SOFTWARE DEVELOPMENTS
IEEE FINAL YEAR PROJECTS|IEEE ENGINEERING PROJECTS|IEEE STUDENTS PROJECTS|IEEE
BULK PROJECTS|BE/BTECH/ME/MTECH/MS/MCA PROJECTS|CSE/IT/ECE/EEE PROJECTS
CELL: +91 98495 39085, +91 99662 35788, +91 98495 57908, +91 97014 40401
Visit: www.finalyearprojects.org Mail to:firstname.lastname@example.org
that, if a reader manages to communicate with a tag, then the location of the tags in close physical proximity to
the location of the reader. Suppose a fraudulent party removed a valuable asset and replaced it with an
inexpensive radio transceiver that simply relays the commands from an RFID reader to the real tag embedded in
the asset and then forward the real tag’s response back to the reader. In this case, the reader will still consider
the asset to be in close proximity, as there is still an entity that appears exactly the same as the real tag from a
This scenario, discusses further has been practically demonstrated against real-world RFID systems.
The secure verification of a devices’s location relative to another device, so-called secure neighbor
detection, is therefore crucial to the secure and reliable operation of industrial real-time location
The RFID environment, it can be used to cryptographically prove the proximity of a RFID token to a
reader, while in RTLSs its ability to verify the physical proximity of an “item” makes it a key building
block in secure localization methods.
The propagation speed of sound is much slower than that of radio waves. As a result, an attacker can intercept
the U.S. communication and forward it over a faster radio or optical communication medium to an accomplice
closer to the verifier or prover, thereby reducing the time measurement and decreasing the distance estimate. RF
channels are therefore proposed as the channel of choice for implementing distance- bounding systems. The
basic idea is to execute a challenge-response authentication protocol under a very tight time-out constraint,
which was a concept first proposed The implementation of distance-bounding protocols can differ in a number
of ways. As a result, characteristics like attack resistance, resource requirements and execution time varies for
each protocol. The setup and verification stages can be transmitted via robust communication channels.
However, taking into account the channel constraints, it is likely that bit errors will occur during the exchange
stage. Without sufficient error-handling the protocol will fail, and it will either require that the protocol executes
again or cause the disruption of subsequent services. These scenarios are not acceptable in systems delivering
critical services, often with associated real-time constraints.
The precipitation protocols, with no verification stage, without any modification, other protocol designs
can also implement the threshold method, as long as the challenge bits received by the prover and the
response bits sent by the prover are transmitted over an error-corrected channel during the verification
The main factors influencing execution time is the transmission time, i.e., the time required to transmit
data, and the processing time.
The Protocol proposals often do not consider all three main attacks to have equal priority. The majority
of the protocols do not address terrorist fraud, although this is to be expected since this attack is
impossible to prevent.
SECURE NEIGHBOR DETECTION:
These nodes must also have synchronized clocks to ensure that a transmission was made to multiple reference
nodes at the same time from the same location. Time synchronization to the accuracy required for distance
estimation is a challenge in wireless networks. To determine the distance to another node would also require the
node to be covered by at least two reference nodes. This limits the topology and the connection structures to a
network “cloud,” where all nodes are covered by multiple reference nodes, which does not allow for the point-
to-point connection between a RFID reader and tag.
The verifier requires a reliable and secure estimate of the distance to the prover; distance-bounding protocols
should be integrated into the underlying communication channel. The security of the protocol therefore not only
depends on the cryptographic mechanisms but also on the physical attributes of the communication channel that
are used to measure proximity. This section starts by explaining the need for distance bounding. Distance-
estimation methods are discussed next, followed by protocol design aspects. This section serves only to
introduce the basic principles of distance bounding. For a more formal analysis framework and extended
overview of these protocols, the reader could refer.
A node’s physical proximity to another node is crucial to the secure and reliable operation of industrial RFID
and RTLS applications. Here, we discuss the attacks addressed by distance bounding and demonstrates the
threats posed by these attacks by means of providing practical examples of security issues that can arise in
RFID and RTLS applications. It is also shown that basic security services such as authentication and
confidentiality do not sufficiently address these threats.
These proxies simply relay all communication between and , thereby creating an extended the communication
link between them. If the verifier operates on the plain assumption that prover is in close proximity if it can
successfully be reached for communication, and then that attacker succeeds in convincing the verifier that the
prover is in close proximity. Conventional security services cannot prevent this attack as the proxies do not need
to decrypt or encrypt communication, they forward on data as is, nor do the proxies need to authentication
themselves to the prover and verifier, as they are effectively a transparent communication link.
TIMED AUTHENTICATION PROTOCOLS:
The simplest form of ToF-based distance bounding, with the verifier timing normal, authenticated data
exchanges. The basic idea is to execute a challenge-response authentication protocol under a very tight time-out
constraint, which was a concept first, proposed.
The Industrial applications are required to be reliable, and any related protocols need to be suitably robust to
operate in harsh environments. It should be noted that all of the protocols evaluated in this section require the
transmission of a single data symbol during the timed exchange stage. The reason behind this choice is that
conventional communication channels introduce latency at the physical demodulation and decoding, and packet
framing bits, layers.
The reliability of industrial applications is crucial and the need for adequate security measures is increasing.
Verifying the physical proximity or location of a device is becoming an important security requirement in
industrial applications relying RTLS and RFID technology. Distance-bounding provides cryptographic
assurance as to the upper bound for the physical distance between two communicating parties, without requiring
additional device characterization or information from third parties. As a result, this method is adaptable to
provide SND services in a variety of communication architectures, including point-to-point device
communication in proximity identification systems, such as RFID-enabled supply chains or a RTLS with
multiple reference nodes. The evaluation of a sample set of distance-bounding protocol proposals, using
industry-standardized cryptographic algorithms, showed that the practical requirements with regard to hardware
cost, energy efficiency, and execution time are reasonable for industrial implementation. By choosing an
appropriate protocol and adjusting the number of exchanged challenge- responses these requirements can be
optimized to suit all but the most restricted devices and applications. The attack success probability of the
sample proposals are relatively low and resistance to communication errors are already built in. The underlying
channel implementation also affects the accuracy and security of the distance estimate of the protocol and
affects the cost of practical implementation. Distance-bounding protocols have already been implemented in
commercial RFID products and with off-the-shelf UWB equipment, achieving a level of computational security
against practically demonstrated attacks. Nevertheless, as attacks improve and if distance- bounding is to
become theoretically secure in real-world applications then existing work on suitable channels would need to be
continued, by investigating cost effective means of implementing new channels and/or approaches that mitigate
security issues in conventional channels.
 P. Papadimitratos, M. Poturalski, P. Schaller, P. Lafourcade, D. Basin, S. Capkun, and J. P. Hubaux, “Secure
neighborhood discovery: A fundamental element for mobile ad hoc networking,” IEEE Commun. Mag., vol. 46,
no. 10, pp. 132–139, Oct. 2008.
 S. S. Saad and Z. S. Nakadv, “A standalone RFID indoor positioning system using passive tags,” IEEE
Trans. Ind. Electron., vol. 58, no. 5, pp. 1961–1970, Jul. 2010.
 G. M. Gaukler, “Item-level RFID in a retail supply chain with stock-out-based substitution,” IEEE Trans.
Ind. Inf., vol. 7, no. 2, pp. 362–370, May. 2011.
 S. Han, H.-S. Lim, and J.-M. Lee, “An efficient localization scheme for a differential-driving mobile robot
based on RFID system,” IEEE Trans. Ind. Electron., vol. 54, no. 6, pp. 3362–3369, Nov. 2007.
 M. Henseler,M. Rossberg, and G. Schaefer, “Credential management for automatic identification solutions
in supply chain management,” IEEE Trans. Ind. Inf., vol. 4, no. 4, pp. 303–314, Nov. 2008.
 A. Soylemezoglu, M. J. Zawodniok, and S. Jagannathan, “RFID-Based smart freezer,” IEEE Trans. Ind.
Electron., vol. 56, no. 7, pp. 2347–2356, 2009.
 S. Park and S. Hashimoto, “Autonomousmobile robot navigation using passive RFID in indoor
environment,” IEEE Trans. Ind. Electron., vol. 56, no. 7, pp. 2366–2373, 2009.
 G. P. Hancke, K. E. Mayes, and K. Markantonakis, “Confidence in smart token proximity: Relay attacks
revisited,” Comput. Security, vol. 28, pp. 615–627, 2009.
 D. Lui, M.-C. Lee, and D. Wu, “A node-to-node location verification method,” IEEE Trans. Ind. Electron.,
vol. 57, no. 5, pp. 1526–1537, May 2010.