The so-called “relay attack problem” occurs when transponders (in particular smart cards and RFID tags) are used. Transponders are usually read by a reader which is very close to the transponder (near field communication). With the relay attack this local binding is released for criminal acts.
In an example, person A is in a bar and has parked his car in front of the bar. The car is equipped with a key less entry feature (that is to say car access by means of a transponder, in particular a smart card). Person B reads the data from the transponder, which A has in his pocket, and sends the data via a mobile phone to person C who stands next to the car. In this way C can open the car without giving A a chance to be aware of the theft.
When a transponder is read by a reader the measurement of the response time can be measured to detect such a relay attack, as the transmission via e.g. GSM takes longer than the near field communication. If the response time is out of a predetermined time window, access can be denied. Because of faster and faster transmission means, one will try to make this time window as small as possible.
However, there is the time needed for encryption/decryption during authentication. Because the algorithms for authentication become more complex, there is a physical limit for the time window.
Hancke, G. P., Kuhn, M. G., “An RFID Distance Bounding Protocol”, First International Conference on Security and Privacy for Emerging Areas in Communications Networks 2005, SecureComm 2005, pp. 67-73, discloses that radio-frequency identification tokens, such as contactless smartcards, are vulnerable to relay attacks if they are used for proximity authentication. Attackers can circumvent the limited range of the radio channel using transponders that forward exchanged signals over larger distances. Cryptographic distance-bounding protocols that measure accurately the round-trip delay of the radio signal provide a possible countermeasure. They infer an upper bound for the distance between the reader and the token from the fact that no information can propagate faster than at the speed of light. A distance-bounding protocol based on ultra-wideband pulse communication is disclosed. Aimed at being implementable using only simple, asynchronous, low-power hardware in the token, it is particularly well suited for use in passive low-cost tokens, noisy environments and high-speed applications.