Preventing Relay Attacks in Mobile Transactions Using Infrared Light. / Gurulian, Iakovos; Akram, Raja; Markantonakis, Konstantinos; Mayes, Keith.

SAC '17: Proceedings of the 32nd Annual ACM Symposium on Applied Computing. ACM, 2016.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Forthcoming

Documents

  • main

    Accepted author manuscript, 434 KB, PDF-document

Abstract

Near Field Technology (NFC) enables a smartphone to emulate a smart card, enabling it to provide services, like banking and transport ticketing. Similar to smart cards, NFC-based transactions are susceptible to relay attacks. Distance bounding protocols have been proposed for smart cards to counter relay attacks. However, this may not be effective in the field of mobile transactions, due to their requirement of high time-delay sensitivity and specialised hardware. A number of proposals are being put forward that show that sensing the natural ambient environment is an effective anti-relay mechanism. Existing literature neither involves a threat actor in their analysis nor they are in compliance with EMV's transaction requirement of 500ms. In this paper, we look at the anti-relay mechanism from a different point of view. Instead of measuring the natural ambience, we generate and measure a unique artificial ambient environment (AAE) using peripherals of the devices involved in a transaction. To evaluate our proposal and its effectiveness, we selected infrared from the proposed set of off-the-shelf actuator/sensor pairs available on modern smartphones. We designed and deployed six distinct test-beds, each based on a unique method of relay attack, in order to evaluate the effectiveness of our proposal in the context of infrared. From our experimentations, we can empirically state that infrared showed high success rate in relay attack detection -- higher than any existing work in academic literature.
Original languageEnglish
Title of host publicationSAC '17: Proceedings of the 32nd Annual ACM Symposium on Applied Computing
PublisherACM
StateAccepted/In press - 19 Nov 2016
EventThe 32nd ACM Symposium on Applied Computing - Marrakesh, Morocco

Conference

ConferenceThe 32nd ACM Symposium on Applied Computing
Abbreviated titleACM SAC
CountryMorocco
CityMarrakesh
Period3/04/176/04/17
Internet address
This open access research output is licenced under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.

ID: 27447842