Abstract
Relay attacks pose a significant threat against communicating devices that are required to operate within a short-distance from each other and a restricted time frame. In the field of smart cards, distance bounding protocols have been proposed as an effective countermeasure, whereas, in the field of smartphones, many proposals suggest the use of (natural) ambient sensing as an effective alternative. However, empirical evaluation of the proposals carried out in existing literature has reported negative results in using natural ambient sensing in distance- and time-restricted scenarios, like EMV contactless payments that require the proximity to be less than 3cm and the transaction duration to be under 500ms. In this paper, we propose a novel approach for Proximity and Relay Attack Detection (PRAD), using bidirectional sensing and comparing button presses and releases behaviour (duration of press and gap between presses and releases), performed by a genuine user during the transaction. We implemented a test-bed environment to collect training and analysis data from a set of users, for both the genuine and attacker-involved transactions. Analysis of the collection-data indicates a high effectiveness of the proposed solution, as it was successful in distinguishing between proximity and relay-attack transactions, using thresholds set after analysis of genuine training transaction data. Furthermore, perfect classification of genuine and relay-attack transactions was achieved by using well-known machine learning classifiers.
Original language | English |
---|---|
Pages | 142-159 |
Number of pages | 18 |
DOIs | |
Publication status | E-pub ahead of print - 26 Jan 2018 |
Event | 17th Smart Card Research and Advanced Application Conference - Lugano, Switzerland Duration: 13 Nov 2017 → 15 Nov 2017 |
Conference
Conference | 17th Smart Card Research and Advanced Application Conference |
---|---|
Abbreviated title | CARDIS 2017 |
Country/Territory | Switzerland |
City | Lugano |
Period | 13/11/17 → 15/11/17 |
Keywords
- Mobile Payments
- Relay Attacks
- Contactless
- Experimental Analysis