Proximity Verification for Contactless Access Control and Authentication Systems

Abstract

Today, contactless smart cards are used to provide physical access control and authentication in a wide variety of applications. Prior research have demonstrated the vulnerability of contactless smart cards to relay attacks. For example, an attacker can relay the communication between the card reader and the smart card to steal a car or pay for goods in a supermarket. To solve this problem, smart cards need to be enhanced with secure proximity verification, i.e., distance bounding, which enables the card reader and the card to verify their mutual distance. However, existing technologies do not support the deployment of distance bounding in such systems: NFC cannot provide sufficient distance resolution, and hardware complexity of the proposed (e.g., UWB-based) distance bounding radios prevents their use in contactless smart cards. In this work, we propose a novel distance bounding system specifically designed for short-range contactless access control and authentication applications. Our system combines frequency modulated continuous wave (FMCW) and backscatter communication. The use of backscatter communication enables low-complexity, power-efficient design of the prover which is critical for contactless smart cards. In addition, our distance bounding system enables the implementation of a majority of distance bounding protocols developed in prior art. We analyze our system against various attack scenarios and show that it offers strong security guarantees. Additionally, we evaluate our system's communication and distance measurement characteristics using a prototype implementation.