Preventing relay attacks in mobile transactions using infrared light

Iakovos Gurulian, Raja Akram, Konstantinos Markantonakis, Keith Mayes

Research output: Chapter in Book/Report/Conference proceedingConference contribution

775 Downloads (Pure)


Near Field Technology (NFC) enables a smartphone to emulate a smart card, enabling it to provide services, like banking and transport ticketing. Similar to smart cards, NFC-based transactions are susceptible to relay attacks. Distance bounding protocols have been proposed for smart cards to counter relay attacks. However, this may not be effective in the field of mobile transactions, due to their requirement of high time-delay sensitivity and specialised hardware. A number of proposals are being put forward that show that sensing the natural ambient environment is an effective anti-relay mechanism. Existing literature neither involves a threat actor in their analysis nor they are in compliance with EMV's transaction requirement of 500ms. In this paper, we look at the anti-relay mechanism from a different point of view. Instead of measuring the natural ambience, we generate and measure a unique artificial ambient environment (AAE) using peripherals of the devices involved in a transaction. To evaluate our proposal and its effectiveness, we selected infrared from the proposed set of off-the-shelf actuator/sensor pairs available on modern smartphones. We designed and deployed six distinct test-beds, each based on a unique method of relay attack, in order to evaluate the effectiveness of our proposal in the context of infrared. From our experimentations, we can empirically state that infrared showed high success rate in relay attack detection - higher than any existing work in academic literature.
Original languageEnglish
Title of host publicationSAC '17 Proceedings of the 32nd Annual ACM Symposium on Applied Computing
Number of pages8
ISBN (Electronic)978-1-4503-4486-9
Publication statusPublished - 3 Apr 2017
EventThe 32nd ACM Symposium on Applied Computing - Marrakesh, Morocco, Marrakesh, Morocco
Duration: 3 Apr 20176 Apr 2017


ConferenceThe 32nd ACM Symposium on Applied Computing
Abbreviated titleACM SAC
Internet address


  • Mobile Payments
  • Relay Attacks
  • Artificial Ambient Environment
  • Contactless
  • Infrared
  • Experimental Analysis

Cite this