Artificial Ambient Environments for Proximity Critical Applications. / Gurulian, Iakovos; Markantonakis, Konstantinos; Akram, Raja; Mayes, Keith.

ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security. ACM, 2017. p. 1-10 5.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Published

Standard

Artificial Ambient Environments for Proximity Critical Applications. / Gurulian, Iakovos; Markantonakis, Konstantinos; Akram, Raja; Mayes, Keith.

ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security. ACM, 2017. p. 1-10 5.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Gurulian, I, Markantonakis, K, Akram, R & Mayes, K 2017, Artificial Ambient Environments for Proximity Critical Applications. in ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security., 5, ACM, pp. 1-10. https://doi.org/10.1145/3098954.3098964

APA

Gurulian, I., Markantonakis, K., Akram, R., & Mayes, K. (2017). Artificial Ambient Environments for Proximity Critical Applications. In ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security (pp. 1-10). [5] ACM. https://doi.org/10.1145/3098954.3098964

Vancouver

Gurulian I, Markantonakis K, Akram R, Mayes K. Artificial Ambient Environments for Proximity Critical Applications. In ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security. ACM. 2017. p. 1-10. 5 https://doi.org/10.1145/3098954.3098964

Author

Gurulian, Iakovos ; Markantonakis, Konstantinos ; Akram, Raja ; Mayes, Keith. / Artificial Ambient Environments for Proximity Critical Applications. ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security. ACM, 2017. pp. 1-10

BibTeX

@inproceedings{6ab5ee05719c4fc4b730423d83a4f305,
title = "Artificial Ambient Environments for Proximity Critical Applications",
abstract = "In the field of smartphones a number of proposals suggest that sensing the ambient environment can act as an effective anti-relay mechanism. However, existing literature is not compliant with industry standards (e.g. EMV and ITSO) that require transactions to complete within a certain time-frame (e.g. 500ms in the case of EMV contactless payments). In previous work the generation of an artificial ambient environment (AAE), and especially the use of infrared light as an AAE actuator was shown to have high success rate in relay attacks detection. In this paper we investigate the application of infrared as a relay attack detection technique in various scenarios, namely, contactless transactions (mobile payments, transportation ticketing, and physical access control), and continuous Two-Factor Authentication. Operating requirements and architectures are proposed for each scenario, while taking into account industry imposed performance requirements, where applicable. Protocols for integrating the solution into the aforementioned scenarios are being proposed, and formally verified. The impact on the performance is assessed through practical implementation. Proposed protocols are verified using Scyther, a formal mechanical verification tool. Finally, additional scenarios, in which this technique can be applied to prevent relay or other types of attacks, are discussed.",
keywords = "Mobile Payments, Relay Attacks, Artificial Ambient Environment, Contactless, Infrared, Experimental Analysis",
author = "Iakovos Gurulian and Konstantinos Markantonakis and Raja Akram and Keith Mayes",
year = "2017",
month = aug,
day = "29",
doi = "10.1145/3098954.3098964",
language = "English",
pages = "1--10",
booktitle = "ARES '17",
publisher = "ACM",

}

RIS

TY - GEN

T1 - Artificial Ambient Environments for Proximity Critical Applications

AU - Gurulian, Iakovos

AU - Markantonakis, Konstantinos

AU - Akram, Raja

AU - Mayes, Keith

PY - 2017/8/29

Y1 - 2017/8/29

N2 - In the field of smartphones a number of proposals suggest that sensing the ambient environment can act as an effective anti-relay mechanism. However, existing literature is not compliant with industry standards (e.g. EMV and ITSO) that require transactions to complete within a certain time-frame (e.g. 500ms in the case of EMV contactless payments). In previous work the generation of an artificial ambient environment (AAE), and especially the use of infrared light as an AAE actuator was shown to have high success rate in relay attacks detection. In this paper we investigate the application of infrared as a relay attack detection technique in various scenarios, namely, contactless transactions (mobile payments, transportation ticketing, and physical access control), and continuous Two-Factor Authentication. Operating requirements and architectures are proposed for each scenario, while taking into account industry imposed performance requirements, where applicable. Protocols for integrating the solution into the aforementioned scenarios are being proposed, and formally verified. The impact on the performance is assessed through practical implementation. Proposed protocols are verified using Scyther, a formal mechanical verification tool. Finally, additional scenarios, in which this technique can be applied to prevent relay or other types of attacks, are discussed.

AB - In the field of smartphones a number of proposals suggest that sensing the ambient environment can act as an effective anti-relay mechanism. However, existing literature is not compliant with industry standards (e.g. EMV and ITSO) that require transactions to complete within a certain time-frame (e.g. 500ms in the case of EMV contactless payments). In previous work the generation of an artificial ambient environment (AAE), and especially the use of infrared light as an AAE actuator was shown to have high success rate in relay attacks detection. In this paper we investigate the application of infrared as a relay attack detection technique in various scenarios, namely, contactless transactions (mobile payments, transportation ticketing, and physical access control), and continuous Two-Factor Authentication. Operating requirements and architectures are proposed for each scenario, while taking into account industry imposed performance requirements, where applicable. Protocols for integrating the solution into the aforementioned scenarios are being proposed, and formally verified. The impact on the performance is assessed through practical implementation. Proposed protocols are verified using Scyther, a formal mechanical verification tool. Finally, additional scenarios, in which this technique can be applied to prevent relay or other types of attacks, are discussed.

KW - Mobile Payments

KW - Relay Attacks

KW - Artificial Ambient Environment

KW - Contactless

KW - Infrared

KW - Experimental Analysis

U2 - 10.1145/3098954.3098964

DO - 10.1145/3098954.3098964

M3 - Conference contribution

SP - 1

EP - 10

BT - ARES '17

PB - ACM

ER -