Security Analysis of two Distance-Bounding Protocols

Abstract

In this paper, we analyze the security of two recently proposed distance bounding protocols called the Hitomi and the NUS protocols. Our results show that the claimed security of both protocols has been overestimated. Namely, we show that the Hitomi protocol is susceptible to a full secret key disclosure attack which not only results in violating the privacy of the protocol but also can be exploited for further attacks such as impersonation, ma?a fraud and terrorist fraud attacks. Our results also demonstrates that the probability of success in a distance fraud attack against the NUS protocol can be increased up to (3/4)n and even slightly more, if the adversary is furnished with some computational capabilities.