The invention relates to a method for operating a communication system. The communication system comprises a transponder having at least one antenna. The transponder can be designed in particular in the form of a portable, card-shaped data carrier. Further, the communication system comprises a reading device having at least one antenna, wherein the reading device is configured to exchange data with the transponder. An exchange of data between the transponder and the reading device is possible within a predetermined range. To secure the communication against a relay attack, a measurement and evaluation is effected of the time of a command transmitted from the reading device to the transponder and the receipt of a corresponding response of the transponder by the reading device.
To prevent a relay attack, a measurement of the signal travel time can be performed. The total travel time here is composed of the travel time of a signal (way out of a command and way in of a response) together with the time for receiving and processing the command and emitting the response. The total travel time then must not exceed a certain maximum value.
It is further known to verify, by means of the so-called “distance-bounding” protocol, an upper limit of the physical distance between a verifying unit (verifier V) and a proving unit (prover P). The method is based on the evaluation of the delay time between the emission of a challenge and the receipt of a response corresponding thereto. The delay time makes it possible for the verifying unit to compute an upper limit of the communication distance. The method is based on the circumstance that electromagnetic waves spread almost at light speed, but are never faster.
In a variant of this protocol, the verifying unit, for example a reading device, and the proving unit, for example a transponder, can share a common secret for a challenge-response authentication. Here, the transponder does not send the response to the reading device. Instead, the reading device asks for one or several parts of the response in random fashion, to which the transponder must respond within a time span. This procedure can be repeated in order to increase security. This variant is in principle a cryptographic protocol, wherein results must be presented within special time limits. This makes it harder for an attacker to perform a so-called relay attack, since the attacker cannot deliver the results of the challenge within the predetermined time. Time limits are necessarily exceeded here.
In contactless portable data carriers according to the standard ISO/IEC 14443, there is no possibility to perform the above-described “distance-bounding” protocol, so that a communication system of a portable data carrier and reading device cannot perform a recognition whether both communication partners are actually disposed within the provided communication range of approximately 10 cm, or whether, due to a relay attack, a communication of the data carrier takes place with a remote, contactless reading device, which is not desired by the owner of the data carrier. A realization of the distance-bounding protocol would result in an extension of ISO/IEC 14443, in order to be able to implement the very exact timing provisions for the response behavior of the data carrier.