Proximity Assurances Based on Natural and Artificial Ambient Environments

Iakovos Gurulian; Konstantinos Markantonakis; Carlton Shepherd; Eibe Frank; Raja Akram

doi:10.1007/978-3-319-69284-5

Proximity Assurances Based on Natural and Artificial Ambient Environments

Iakovos Gurulian, Konstantinos Markantonakis, Carlton Shepherd, Eibe Frank, Raja Akram

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

96 Downloads (Pure)

Abstract

Relay attacks are passive man-in-the-middle attacks that aim to extend the physical distance of devices involved in a transaction beyond their operating environment. In the field of smart cards, distance bounding protocols have been proposed in order to counter relay attacks. For smartphones, meanwhile, the natural ambient environment surrounding the devices has been proposed as a potential Proximity and Relay-Attack Detection (PRAD) mechanism. These proposals, however, are not compliant with industry-imposed constraints that stipulate maximum transaction completion times, e.g. 500 milliseconds for EMV contactless transactions. We evaluated the effectiveness of 17 ambient sensors that are widely-available in modern smartphones as a PRAD method for time-restricted contactless transactions. In our work, both similarity- and machine learning-based analyses demonstrated limited effectiveness of natural ambient sensing as a PRAD mechanism under the operating requirements for proximity and transaction duration specified by EMV and ITSO. To address this, we propose the generation of an Artificial Ambient Environment (AAE) as a robust alternative for an effective PRAD. The use of infrared light as a potential PRAD mechanism is evaluated, and our results indicate a high success rate while remaining compliant with industry requirements.

Original language	English
Title of host publication	10th International Conference, SecITC 2017, Bucharest, Romania, June 8–9, 2017, Revised Selected Papers
Publisher	Springer
Pages	83-103
Number of pages	21
ISBN (Electronic)	978-3-319-69284-5
ISBN (Print)	978-3-319-69283-8
DOIs	https://doi.org/10.1007/978-3-319-69284-5
Publication status	Published - 2017
Event	10th International Conference on Security for Information Technology and Communications - Bucharest University of Economic Studies, Bucharest, Romania Duration: 8 Jul 2016 → …

Publication series

Name	Security and Cryptology
Volume	10543

Conference

Conference	10th International Conference on Security for Information Technology and Communications
Abbreviated title	SECITC 2017
Country/Territory	Romania
City	Bucharest
Period	8/07/16 → …

Keywords

Mobile Payments
Relay Attacks
Ambient Environment Sensing
Contactless
Experimental Analysis

Access to Document

10.1007/978-3-319-69284-5

Accepted ManuscriptAccepted author manuscript, 427 KB

Cite this

@inproceedings{55f88517e9144dc8a306fcad6dc07180,

title = "Proximity Assurances Based on Natural and Artificial Ambient Environments",

abstract = "Relay attacks are passive man-in-the-middle attacks that aim to extend the physical distance of devices involved in a transaction beyond their operating environment. In the field of smart cards, distance bounding protocols have been proposed in order to counter relay attacks. For smartphones, meanwhile, the natural ambient environment surrounding the devices has been proposed as a potential Proximity and Relay-Attack Detection (PRAD) mechanism. These proposals, however, are not compliant with industry-imposed constraints that stipulate maximum transaction completion times, e.g. 500 milliseconds for EMV contactless transactions. We evaluated the effectiveness of 17 ambient sensors that are widely-available in modern smartphones as a PRAD method for time-restricted contactless transactions. In our work, both similarity- and machine learning-based analyses demonstrated limited effectiveness of natural ambient sensing as a PRAD mechanism under the operating requirements for proximity and transaction duration specified by EMV and ITSO. To address this, we propose the generation of an Artificial Ambient Environment (AAE) as a robust alternative for an effective PRAD. The use of infrared light as a potential PRAD mechanism is evaluated, and our results indicate a high success rate while remaining compliant with industry requirements.",

keywords = "Mobile Payments, Relay Attacks, Ambient Environment Sensing, Contactless, Experimental Analysis",

author = "Iakovos Gurulian and Konstantinos Markantonakis and Carlton Shepherd and Eibe Frank and Raja Akram",

year = "2017",

doi = "10.1007/978-3-319-69284-5",

language = "English",

isbn = "978-3-319-69283-8",

series = "Security and Cryptology",

publisher = "Springer",

pages = "83--103",

booktitle = "10th International Conference, SecITC 2017, Bucharest, Romania, June 8–9, 2017, Revised Selected Papers",

note = "10th International Conference on Security for Information Technology and Communications, SECITC 2017 ; Conference date: 08-07-2016",

}

Gurulian, I, Markantonakis, K, Shepherd, C, Frank, E & Akram, R 2017, Proximity Assurances Based on Natural and Artificial Ambient Environments. in 10th International Conference, SecITC 2017, Bucharest, Romania, June 8–9, 2017, Revised Selected Papers. Security and Cryptology, vol. 10543, Springer, pp. 83-103, 10th International Conference on Security for Information Technology and Communications, Bucharest, Romania, 8/07/16. https://doi.org/10.1007/978-3-319-69284-5

Proximity Assurances Based on Natural and Artificial Ambient Environments. / Gurulian, Iakovos; Markantonakis, Konstantinos; Shepherd, Carlton et al.
10th International Conference, SecITC 2017, Bucharest, Romania, June 8–9, 2017, Revised Selected Papers. Springer, 2017. p. 83-103 (Security and Cryptology; Vol. 10543).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Proximity Assurances Based on Natural and Artificial Ambient Environments

AU - Gurulian, Iakovos

AU - Markantonakis, Konstantinos

AU - Shepherd, Carlton

AU - Frank, Eibe

AU - Akram, Raja

PY - 2017

Y1 - 2017

N2 - Relay attacks are passive man-in-the-middle attacks that aim to extend the physical distance of devices involved in a transaction beyond their operating environment. In the field of smart cards, distance bounding protocols have been proposed in order to counter relay attacks. For smartphones, meanwhile, the natural ambient environment surrounding the devices has been proposed as a potential Proximity and Relay-Attack Detection (PRAD) mechanism. These proposals, however, are not compliant with industry-imposed constraints that stipulate maximum transaction completion times, e.g. 500 milliseconds for EMV contactless transactions. We evaluated the effectiveness of 17 ambient sensors that are widely-available in modern smartphones as a PRAD method for time-restricted contactless transactions. In our work, both similarity- and machine learning-based analyses demonstrated limited effectiveness of natural ambient sensing as a PRAD mechanism under the operating requirements for proximity and transaction duration specified by EMV and ITSO. To address this, we propose the generation of an Artificial Ambient Environment (AAE) as a robust alternative for an effective PRAD. The use of infrared light as a potential PRAD mechanism is evaluated, and our results indicate a high success rate while remaining compliant with industry requirements.

AB - Relay attacks are passive man-in-the-middle attacks that aim to extend the physical distance of devices involved in a transaction beyond their operating environment. In the field of smart cards, distance bounding protocols have been proposed in order to counter relay attacks. For smartphones, meanwhile, the natural ambient environment surrounding the devices has been proposed as a potential Proximity and Relay-Attack Detection (PRAD) mechanism. These proposals, however, are not compliant with industry-imposed constraints that stipulate maximum transaction completion times, e.g. 500 milliseconds for EMV contactless transactions. We evaluated the effectiveness of 17 ambient sensors that are widely-available in modern smartphones as a PRAD method for time-restricted contactless transactions. In our work, both similarity- and machine learning-based analyses demonstrated limited effectiveness of natural ambient sensing as a PRAD mechanism under the operating requirements for proximity and transaction duration specified by EMV and ITSO. To address this, we propose the generation of an Artificial Ambient Environment (AAE) as a robust alternative for an effective PRAD. The use of infrared light as a potential PRAD mechanism is evaluated, and our results indicate a high success rate while remaining compliant with industry requirements.

KW - Mobile Payments

KW - Relay Attacks

KW - Ambient Environment Sensing

KW - Contactless

KW - Experimental Analysis

U2 - 10.1007/978-3-319-69284-5

DO - 10.1007/978-3-319-69284-5

M3 - Conference contribution

SN - 978-3-319-69283-8

T3 - Security and Cryptology

SP - 83

EP - 103

BT - 10th International Conference, SecITC 2017, Bucharest, Romania, June 8–9, 2017, Revised Selected Papers

PB - Springer

T2 - 10th International Conference on Security for Information Technology and Communications

Y2 - 8 July 2016

ER -