Contactless smart cards are more and more used in access control and payment systems. However, most of such cards are Vulnerable to relay attacks. also known as mafia fraud attacks. This attack requires simpler technical resources than tampering or cryptanalysis. In this the adversary deceives, the verifier into thinking that a genuine prover is close by relaying the messages between both genuine parties. The main countermeasure against this attack is the use of so-called distance bounding protocols. In the radio frequency identification (RFID) framework, Hancke and Kuhn proposed the first distance bounding protocol, which resorts to an expensive and complex ultra wide band (UWB) radio link. Reid et al. remove this extra radio link and propose a low-cost protocol, but some aspects still need to be further investigated. In this paper, we propose an enhanced low-cost protocol which takes advantage of the special characteristics of the inductive communication in RFID, and the use of 'void-challenges' to protect against relay attacks. The processing delay of this protocol is zero and it can be directly implemented on RFID devices, Without resorting to any extra resources. We present experimental results to support our arguments. Copyright (C) 2009 John Wiley & Sons, Ltd.
