TY - GEN
T1 - Artificial Ambient Environments for Proximity Critical Applications
AU - Gurulian, Iakovos
AU - Markantonakis, Konstantinos
AU - Akram, Raja
AU - Mayes, Keith
PY - 2017/8/29
Y1 - 2017/8/29
N2 - In the field of smartphones a number of proposals suggest that sensing the ambient environment can act as an effective anti-relay mechanism. However, existing literature is not compliant with industry standards (e.g. EMV and ITSO) that require transactions to complete within a certain time-frame (e.g. 500ms in the case of EMV contactless payments). In previous work the generation of an artificial ambient environment (AAE), and especially the use of infrared light as an AAE actuator was shown to have high success rate in relay attacks detection. In this paper we investigate the application of infrared as a relay attack detection technique in various scenarios, namely, contactless transactions (mobile payments, transportation ticketing, and physical access control), and continuous Two-Factor Authentication. Operating requirements and architectures are proposed for each scenario, while taking into account industry imposed performance requirements, where applicable. Protocols for integrating the solution into the aforementioned scenarios are being proposed, and formally verified. The impact on the performance is assessed through practical implementation. Proposed protocols are verified using Scyther, a formal mechanical verification tool. Finally, additional scenarios, in which this technique can be applied to prevent relay or other types of attacks, are discussed.
AB - In the field of smartphones a number of proposals suggest that sensing the ambient environment can act as an effective anti-relay mechanism. However, existing literature is not compliant with industry standards (e.g. EMV and ITSO) that require transactions to complete within a certain time-frame (e.g. 500ms in the case of EMV contactless payments). In previous work the generation of an artificial ambient environment (AAE), and especially the use of infrared light as an AAE actuator was shown to have high success rate in relay attacks detection. In this paper we investigate the application of infrared as a relay attack detection technique in various scenarios, namely, contactless transactions (mobile payments, transportation ticketing, and physical access control), and continuous Two-Factor Authentication. Operating requirements and architectures are proposed for each scenario, while taking into account industry imposed performance requirements, where applicable. Protocols for integrating the solution into the aforementioned scenarios are being proposed, and formally verified. The impact on the performance is assessed through practical implementation. Proposed protocols are verified using Scyther, a formal mechanical verification tool. Finally, additional scenarios, in which this technique can be applied to prevent relay or other types of attacks, are discussed.
KW - Mobile Payments
KW - Relay Attacks
KW - Artificial Ambient Environment
KW - Contactless
KW - Infrared
KW - Experimental Analysis
U2 - 10.1145/3098954.3098964
DO - 10.1145/3098954.3098964
M3 - Conference contribution
SP - 1
EP - 10
BT - ARES '17
PB - ACM
ER -