May The Force Be With You: Force-Based Relay Attack Detection

Iakovos Gurulian, Gerhard Hancke, Konstantinos Markantonakis, Raja Naeem Akram

Research output: Contribution to conferencePaperpeer-review

195 Downloads (Pure)


Relay attacks pose a significant threat against communicating devices that are required to operate within a short-distance from each other and a restricted time frame. In the field of smart cards, distance bounding protocols have been proposed as an effective countermeasure, whereas, in the field of smartphones, many proposals suggest the use of (natural) ambient sensing as an effective alternative. However, empirical evaluation of the proposals carried out in existing literature has reported negative results in using natural ambient sensing in distance- and time-restricted scenarios, like EMV contactless payments that require the proximity to be less than 3cm and the transaction duration to be under 500ms. In this paper, we propose a novel approach for Proximity and Relay Attack Detection (PRAD), using bidirectional sensing and comparing button presses and releases behaviour (duration of press and gap between presses and releases), performed by a genuine user during the transaction. We implemented a test-bed environment to collect training and analysis data from a set of users, for both the genuine and attacker-involved transactions. Analysis of the collection-data indicates a high effectiveness of the proposed solution, as it was successful in distinguishing between proximity and relay-attack transactions, using thresholds set after analysis of genuine training transaction data. Furthermore, perfect classification of genuine and relay-attack transactions was achieved by using well-known machine learning classifiers.
Original languageEnglish
Number of pages18
Publication statusE-pub ahead of print - 26 Jan 2018
Event17th Smart Card Research and Advanced Application Conference - Lugano, Switzerland
Duration: 13 Nov 201715 Nov 2017


Conference17th Smart Card Research and Advanced Application Conference
Abbreviated titleCARDIS 2017


  • Mobile Payments
  • Relay Attacks
  • Contactless
  • Experimental Analysis

Cite this