Skip to Main Content
A distance bounding protocol enables one entity to determine an upper bound on the physical distance to the other entity as well as to authenticate the other entity. It has been actively researched during the recent years as distance-based attacks like Mafia fraud attacks become a threat in wireless environment, especially in RFID systems. Almost all distance bounding protocols deal with unilateral authentication as they consider authentication of a passive RFID tag to a reader. Recently, a distance bounding protocol providing mutual authentication has been proposed by Yum et al. asserting that it provides a lower false acceptance rate under Mafia fraud attack. However, we show in two ways that their security margins have been overestimated. First, we show that their analysis is not correct. Second, we introduce a new attack that achieves a higher false acceptance rate. Furthermore, we introduce a method that can modify existing distance bounding protocols with unilateral authentication to ones providing mutual authentication.