Abstract
Near Field Technology (NFC) enables a smartphone to emulate a smart card, enabling it to provide services, like banking and transport ticketing. Similar to smart cards, NFC-based transactions are susceptible to relay attacks. Distance bounding protocols have been proposed for smart cards to counter relay attacks. However, this may not be effective in the field of mobile transactions, due to their requirement of high time-delay sensitivity and specialised hardware. A number of proposals are being put forward that show that sensing the natural ambient environment is an effective anti-relay mechanism. Existing literature neither involves a threat actor in their analysis nor they are in compliance with EMV's transaction requirement of 500ms. In this paper, we look at the anti-relay mechanism from a different point of view. Instead of measuring the natural ambience, we generate and measure a unique artificial ambient environment (AAE) using peripherals of the devices involved in a transaction. To evaluate our proposal and its effectiveness, we selected infrared from the proposed set of off-the-shelf actuator/sensor pairs available on modern smartphones. We designed and deployed six distinct test-beds, each based on a unique method of relay attack, in order to evaluate the effectiveness of our proposal in the context of infrared. From our experimentations, we can empirically state that infrared showed high success rate in relay attack detection - higher than any existing work in academic literature.
Original language | English |
---|---|
Title of host publication | SAC '17 Proceedings of the 32nd Annual ACM Symposium on Applied Computing |
Publisher | ACM |
Pages | 1724-1731 |
Number of pages | 8 |
ISBN (Electronic) | 978-1-4503-4486-9 |
DOIs | |
Publication status | Published - 3 Apr 2017 |
Event | The 32nd ACM Symposium on Applied Computing - Marrakesh, Morocco, Marrakesh, Morocco Duration: 3 Apr 2017 → 6 Apr 2017 http://www.sigapp.org/sac/sac2017/ |
Conference
Conference | The 32nd ACM Symposium on Applied Computing |
---|---|
Abbreviated title | ACM SAC |
Country/Territory | Morocco |
City | Marrakesh |
Period | 3/04/17 → 6/04/17 |
Internet address |
Keywords
- Mobile Payments
- Relay Attacks
- Artificial Ambient Environment
- Contactless
- Infrared
- Experimental Analysis