Comparing Distance Bounding Protocols: a Critical Mission Supported by Decision Theory
This provides a critical tool for researchers and engineers in security to fairly evaluate protocols against relay attacks in contactless systems, though it is incremental as it builds on existing decision-making concepts.
The paper tackles the problem of comparing numerous distance bounding protocols with varied properties by introducing a methodology based on decision theory for multi-criteria comparison, identifying the most appropriate protocols for specific contexts and those that should be discarded.
Distance bounding protocols are security countermeasures designed to thwart relay attacks. Such attacks consist in relaying messages exchanged between two parties, making them believe they communicate directly with each other. Although distance bounding protocols have existed since the early nineties, this research topic resurrected with the deployment of contactless systems, against which relay attacks are particularly impactful. Given the impressive number of distance bounding protocols that are designed every year, it becomes urgent to provide researchers and engineers with a methodology to fairly compare the protocols in spite of their various properties. This paper introduces such a methodology based on concepts from the decision making field. The methodology allows for a multi-criteria comparison of distance bounding protocols, thereby identifying the most appropriate protocols once the context is provided. As a side effect, this paper clearly identifies the protocols that should no longer be considered, regardless of the considered scenario.