Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones

Lishoy Francis; Gerhard Hancke; Keith Mayes; Konstantinos Markantonakis

Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones

Lishoy Francis, Gerhard Hancke, Keith Mayes, Konstantinos Markantonakis

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Contactless technology is widely used in security sensitive applications, including identification, payment and access-control systems. Near Field Communication (NFC) is a short-range contactless technology allowing mobile devices to act primarily as either a reader or a token. Relay attacks exploit the assumption that a contactless token within communication range is in close proximity, by placing a proxy-token in range of a contactless reader and relaying communication over a greater distance to a proxy-reader communicating with the authentic token. It has been theorised that NFC-enabled mobile phones could be used as a generic relay attack platform without any additional hardware, but this has not been successfully demonstrated in practice. We present the first generic practical implementation of a contactless relay attack by using only NFC-enabled mobile phones, requiring only suitable mobile software applications. This implementation reduces the complexity of relay attacks and therefore has potential security implications for current contactless systems.

Original language	English
Title of host publication	The 2012 Workshop on RFID and IoT Security (RFIDsec 2012 Asia)
Editors	Nai-Wei Lo, Yingjiu Li
Publisher	IOS Press
Pages	21 - 32
Number of pages	12
Volume	8
Publication status	Published - Nov 2012
Event	The 2012 Workshop on RFID and IoT Security (RFIDsec 2012 Asia) - Taipei, Taiwan, Province of China Duration: 8 Nov 2012 → 9 Nov 2012

Publication series

Name	Cryptology and Information Security Series
Publisher	IOS Press
Volume	8

Workshop

Workshop	The 2012 Workshop on RFID and IoT Security (RFIDsec 2012 Asia)
Country/Territory	Taiwan, Province of China
City	Taipei
Period	8/11/12 → 9/11/12

Cite this

@inproceedings{158a0a34227a4807952de3a07fa7052a,

title = "Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones",

abstract = "Contactless technology is widely used in security sensitive applications, including identification, payment and access-control systems. Near Field Communication (NFC) is a short-range contactless technology allowing mobile devices to act primarily as either a reader or a token. Relay attacks exploit the assumption that a contactless token within communication range is in close proximity, by placing a proxy-token in range of a contactless reader and relaying communication over a greater distance to a proxy-reader communicating with the authentic token. It has been theorised that NFC-enabled mobile phones could be used as a generic relay attack platform without any additional hardware, but this has not been successfully demonstrated in practice. We present the first generic practical implementation of a contactless relay attack by using only NFC-enabled mobile phones, requiring only suitable mobile software applications. This implementation reduces the complexity of relay attacks and therefore has potential security implications for current contactless systems.",

author = "Lishoy Francis and Gerhard Hancke and Keith Mayes and Konstantinos Markantonakis",

year = "2012",

month = nov,

language = "English",

volume = "8",

series = "Cryptology and Information Security Series",

publisher = "IOS Press",

pages = "21 -- 32",

editor = "Nai-Wei Lo and Yingjiu Li",

booktitle = "The 2012 Workshop on RFID and IoT Security (RFIDsec 2012 Asia)",

note = "The 2012 Workshop on RFID and IoT Security (RFIDsec 2012 Asia) ; Conference date: 08-11-2012 Through 09-11-2012",

}

Francis, L, Hancke, G, Mayes, K & Markantonakis, K 2012, Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones. in N-W Lo & Y Li (eds), The 2012 Workshop on RFID and IoT Security (RFIDsec 2012 Asia). vol. 8, Cryptology and Information Security Series, vol. 8, IOS Press, pp. 21 - 32, The 2012 Workshop on RFID and IoT Security (RFIDsec 2012 Asia), Taipei, Taiwan, Province of China, 8/11/12.

Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones. / Francis, Lishoy; Hancke, Gerhard; Mayes, Keith et al.
The 2012 Workshop on RFID and IoT Security (RFIDsec 2012 Asia). ed. / Nai-Wei Lo; Yingjiu Li. Vol. 8 IOS Press, 2012. p. 21 - 32 (Cryptology and Information Security Series; Vol. 8).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones

AU - Francis, Lishoy

AU - Hancke, Gerhard

AU - Mayes, Keith

AU - Markantonakis, Konstantinos

PY - 2012/11

Y1 - 2012/11

N2 - Contactless technology is widely used in security sensitive applications, including identification, payment and access-control systems. Near Field Communication (NFC) is a short-range contactless technology allowing mobile devices to act primarily as either a reader or a token. Relay attacks exploit the assumption that a contactless token within communication range is in close proximity, by placing a proxy-token in range of a contactless reader and relaying communication over a greater distance to a proxy-reader communicating with the authentic token. It has been theorised that NFC-enabled mobile phones could be used as a generic relay attack platform without any additional hardware, but this has not been successfully demonstrated in practice. We present the first generic practical implementation of a contactless relay attack by using only NFC-enabled mobile phones, requiring only suitable mobile software applications. This implementation reduces the complexity of relay attacks and therefore has potential security implications for current contactless systems.

AB - Contactless technology is widely used in security sensitive applications, including identification, payment and access-control systems. Near Field Communication (NFC) is a short-range contactless technology allowing mobile devices to act primarily as either a reader or a token. Relay attacks exploit the assumption that a contactless token within communication range is in close proximity, by placing a proxy-token in range of a contactless reader and relaying communication over a greater distance to a proxy-reader communicating with the authentic token. It has been theorised that NFC-enabled mobile phones could be used as a generic relay attack platform without any additional hardware, but this has not been successfully demonstrated in practice. We present the first generic practical implementation of a contactless relay attack by using only NFC-enabled mobile phones, requiring only suitable mobile software applications. This implementation reduces the complexity of relay attacks and therefore has potential security implications for current contactless systems.

M3 - Conference contribution

VL - 8

T3 - Cryptology and Information Security Series

SP - 21

EP - 32

BT - The 2012 Workshop on RFID and IoT Security (RFIDsec 2012 Asia)

A2 - Lo, Nai-Wei

A2 - Li, Yingjiu

PB - IOS Press

T2 - The 2012 Workshop on RFID and IoT Security (RFIDsec 2012 Asia)

Y2 - 8 November 2012 through 9 November 2012

ER -