Weixi Gu,Zheng Yang,Longfei Shangguan,Xiaoyu Ji,Yiyang Zhao

DOI: https://doi.org/10.1109/trustcom.2014.34

2014-01-01

Abstract:Near field authentication is of great importance for a range of applications, and has attracted many research efforts in the past decades. Several approaches have been developed and demonstrated their feasibility. The state-of-art works, however, still have much room to improve their automation and usability. First, user assistance is required in most existing approaches, which will be easily observed and imitated by attackers. Second, the authentications of several works heavily depend on special hardware, e.g., Server or high resolution screen, which greatly restricts their application scenarios. In this paper, we present a near field authentication system Tooth that needs little human assistance and is compatible with most smart phones. ToAuth is based on the key insight that the acceleration traces are similar for a pair of smart phones when they are contacting physically and vibrating. The random vibration patterns are sufficiently uncertain to provide high entropy to generate a pair of cryptographic keys yet are inimitable for a third party who does not get in touch with the vibration source. ToAuth leverages the keys to make authentication for smart phones. We implement ToAuth on Android platform and evaluate its performance under various scenarios. Extensive experiments demonstrate ToAuth could achieve around 90% success rate in stable environment, and prevent attacks depended on vibration noise.

Yafei Ji,Luning Xia,Jingqiang Lin,Qiongxiao Wang,Lingguang Lei,Li Song

DOI: https://doi.org/10.1007/978-3-030-14234-6_18

2018-01-01

Abstract:Near field communication (NFC) is an emerging and promising technology envisioned to support a large gamut of applications such as payment and ticketing applications. Unfortunately, there emerges a variety of vulnerabilities that could leave an unwitting user vulnerable to attacks along with the increase of NFC applications. One such potential devastating attack is relay attack, in which adversaries establish a transparently transferring channel between two distant NFC-enabled devices, thus break the assumption that NFC can only work within a rather near distance. In this paper, we propose Chord, an effective method for detecting relay attack. Via measuring the strength of received signal, i.e, the Received Signal Strength Indication (RSSI) during a time span, the two devices are expected to get the same “trace” of RSSI’s variation because of physical proximity. Therefore, the relay attack can be revealed if the peers get a different “trace” from each other, which implies that they do not communicate directly via NFC link. The results of our implementation show that our proposal works as intended, and exhibits an improvement of security with reasonable performance impact.

Wolfgang Issovits,Michael Hutter

DOI: https://doi.org/10.1109/rfid-ta.2011.6068658

2011-09-01

Abstract:RFID and NFC are widely spread contactless communication systems and are commonly used in security-critical applications such as payment and keyless-entry systems. Relay attacks pose a serious threat in this context that are not addressed by most of the RFID applications in use today. The attacks circumvent application-layer security and they cannot be prevented by the usual cryptographic primitives. In this paper, we will present a practical implementation of a relay attack based on systems using the widely used ISO/IEC 14443 standard. We use an off-the-shelf mobile phone and a self-developed RFID-tag emulator that can forward RFID communication over a Bluetooth channel. We will show that the attack succeeded and discuss various methods how to exploit certain mechanisms of the ISO protocol to increase the chance for a successful attack. We will also give recommendations to protect against relay attacks in practice while still complying to the ISO standard which is not considered by most of the proposed countermeasures given in literature.

Iakovos Gurulian,Carlton Shepherd,Konstantinos Markantonakis,Raja Naeem Akram,Keith Mayes

DOI: https://doi.org/10.48550/arXiv.1605.00425

2016-05-02

Cryptography and Security

Abstract:Over the past decade, smartphones have become the point of convergence for many applications and services. There is a growing trend in which traditional smart-card based services like banking, transport and access control are being provisioned through smartphones. Smartphones with Near Field Communication (NFC) capability can emulate a contactless smart card; popular examples of such services include Google Pay and Apple Pay. Similar to contactless smart cards, NFC-based smartphone transactions are susceptible to relay attacks. For contactless smart cards, distance-bounding protocols are proposed to counter such attacks; for NFC-based smartphone transactions, ambient sensors have been proposed as potential countermeasures. In this study, we have empirically evaluated the suitability of ambient sensors as a proximity detection mechanism for contactless transactions. To provide a comprehensive analysis, we also collected relay attack data to ascertain whether ambient sensors are able to thwart such attacks effectively. We initially evaluated 17 sensors before selecting 7 sensors for in-depth analysis based on their effectiveness as potential proximity detection mechanisms within the constraints of a contactless transaction scenario. Each sensor was used to record 1000 legitimate and relay (illegitimate) contactless transactions at four different physical locations. The analysis of these transactions provides an empirical foundation on which to determine whether ambient sensors provide a strong proximity detection mechanism for security-sensitive applications like banking, transport and high-security access control.

Dennis Giese,Kevin Liu,Michael Sun,Tahin Syed,Linda Zhang

DOI: https://doi.org/10.48550/arXiv.1904.10623

2019-04-24

Abstract:Near-Field Communication (NFC) is a modern technology for short range communication with a variety of applications ranging from physical access control to contactless payments. These applications are often heralded as being more secure, as they require close physical proximity and do not involve Wi-Fi or mobile networks. However, these systems are still vulnerable to security attacks at the time of transaction, as they require little to no additional authentication from the user's end. In this paper, we propose a method to attack mobile-based NFC payment methods and make payments at locations far away from where the attack occurs. We evaluate our methods on our personal Apple and Google Pay accounts and demonstrate two successful attacks on these NFC payment systems.

Cryptography and Security

Fan Dang,Pengfei Zhou,Zhenhua Li,Yunhao Liu

DOI: https://doi.org/10.1109/infcomw.2017.8116391

2017-01-01

Abstract:Automated fare collection (AFC) systems have been widely applied to practical transportation due to their convenience. Although there are many potential threats of NFC such as eavesdropping, data modification, and relay attacks, NFC based AFC systems are considered secure, due to the limited 10cm communication distance. Nevertheless, the proliferation of NFC-equipped mobile phones make such system venerable. We introduce and implement an attack on AFC cards that permits an attacker to top up his smart card and get a refund. We also propose possible countermeasures to defend against these attacks.

Konstantinos Markantonakis,Julia A. Meister,Iakovos Gurulian,Carlton Shepherd,Raja Naeem Akram,Sarah Hani Abu Ghazalah,Mumraiz Kasi,Damien Sauveron,Gerhard Hancke

DOI: https://doi.org/10.1109/access.2024.3479729

IF: 3.9

2024-10-25

IEEE Access

Abstract:Near-Field Communication (NFC) has enabled mobile devices to emulate contactless smart cards, which has also rendered them susceptible to relay attacks. Numerous countermeasures have been proposed that use ambient sensors as an anti-relay mechanism. However, there are concerns regarding their efficacy in time-critical scenarios, such as transport ticketing and contactless payments. This paper empirically and comprehensively evaluates whether ambient sensors are an effective anti-relay mechanism for such NFC-based contactless transactions. To this end, we examine 17 sensors available via the Android platform. Each sensor, where feasible, was used to record measurements in 1,000 contactless transactions with 252 users across four physical locations. We then conduct an extensive four-part evaluation using similarity metrics, traditional machine learning models, and deep learning methods used in existing work and beyond. We conclude that mobile ambient sensors are currently unsuitable for detecting relay attacks on NFC contactless transactions under realistic timing constraints, contrary to the suggestions and proposals made in existing work.

computer science, information systems,telecommunications,engineering, electrical & electronic

Steffen Klee,Alexandros Roussos,Max Maass,Matthias Hollick

DOI: https://doi.org/10.48550/arXiv.2008.03913

2020-08-10

Abstract:Near-Field Communication (NFC) is being used in a variety of security-critical applications, from access control to payment systems. However, NFC protocol analysis typically requires expensive or conspicuous dedicated hardware, or is severely limited on smartphones. In 2015, the NFCGate proof of concept aimed at solving this issue by providing capabilities for NFC analysis employing off-the-shelf Android smartphones. In this paper, we present an extended and improved NFC toolkit based on the functionally limited original open-source codebase. With in-flight traffic analysis and modification, relay, and replay features this toolkit turns an off-the-shelf smartphone into a powerful NFC research tool. To support the development of countermeasures against relay attacks, we investigate the latency incurred by NFCGate in different configurations. Our newly implemented features and improvements enable the case study of an award-winning, enterprise-level NFC lock from a well-known European lock vendor, which would otherwise require dedicated hardware. The analysis of the lock reveals several security issues, which were disclosed to the vendor.

Cryptography and Security

Yuyi Sun,Swarun Kumar,Shibo He,Jiming Chen,Zhiguo Shi

DOI: https://doi.org/10.48550/arXiv.2001.08143

2020-01-21

Abstract:Imagine when you line up in a store, the person in front of you can make you pay her bill by using a passive wearable device that forces a scan of your credit card without your awareness. An important assumption of today's Near-field Communication (NFC) enabled cards is the limited communication range between the commercial reader and the NFC cards -- a distance below 5~cm. Previous approaches to attacking this assumption effectively use mobile phones and active relays to enlarge the communication range, in order to attack the NFC cards. However, these approaches require a power supply at the adversary side, and can be easily localized when mobile phones or active relays transmit NFC signals. We propose ReCoil, a system that uses wearable passive relays to attack NFC cards by expanding the communication range to 49.6 centimeters, a ten-fold improvement over its intended commercial distance. ReCoil is a magnetically coupled resonant wireless power transfer system, which optimizes the energy transfer by searching the optimal geometry parameters. Specifically, we first narrow down the feasible area reasonably and design the ReCoil-Ant Colony Algorithm such that the relays absorb the maximum energy from the reader. In order to reroute the signal to pass over the surface of human body, we then design a half waist band by carefully analyzing the impact of the distance and orientation between two coils on the mutual inductance. Then, three more coils are added to the system to keep enlarging the communication range. Finally, extensive experiment results validate our analysis, showing that our passive relays composed of common copper wires and tunable capacitors expand the range of NFC attacks to 49.6 centimeters.

Cryptography and Security,Signal Processing

Jing Li,Yabo Dong,Shengkai Fang,Haowen Zhang,Duanqing Xu

DOI: https://doi.org/10.3390/s20164446

IF: 3.9

2020-01-01

Sensors

Abstract:In modern cars, the Passive Keyless Entry and Start system (PKES) has been extensively installed. The PKES enables drivers to unlock and start their cars without user interaction. However, it is vulnerable to relay attacks. In this paper, we propose a secure smartphone-type PKES system model based on user context detection. The proposed system uses the barometer and accelerometer embedded in smartphones to detect user context, including human activity and door closing event. These two types of events detection can be used by the PKES to determine the car owner's position when the car receives an unlocking or a start command. We evaluated the performance of the proposed method using a dataset collected from user activity and 1526 door closing events. The results reveal that the proposed method can accurately and effectively detect user activities and door closing events. Therefore, smartphone-type PKES can prevent relay attacks. Furthermore, we tested the detection of door closing event under multiple environmental settings to demonstrate the robustness of the proposed method.

Paul Staat,Kai Jansen,Christian Zenger,Harald Elders-Boll,Christof Paar

DOI: https://doi.org/10.48550/arXiv.2202.06554

2022-04-04

Abstract:Today, we use smartphones as multi-purpose devices that communicate with their environment to implement context-aware services, including asset tracking, indoor localization, contact tracing, or access control. As a de-facto standard, Bluetooth is available in virtually every smartphone to provide short-range wireless communication. Importantly, many Bluetooth-driven applications such as Phone as a Key (PaaK) for vehicles and buildings require proximity of legitimate devices, which must be protected against unauthorized access. In earlier access control systems, attackers were able to violate proximity-verification through relay station attacks. However, the vulnerability of Bluetooth against such attacks was yet unclear as existing relay attack strategies are not applicable or can be defeated through wireless distance measurement. In this paper, we design and implement an analog physical-layer relay attack based on low-cost off-the-shelf radio hardware to simultaneously increase the wireless communication range and manipulate distance measurements. Using our setup, we successfully demonstrate relay attacks against Bluetooth-based access control of a car and a smart lock. Further, we show that our attack can arbitrarily manipulate Multi-Carrier Phase-based Ranging (MCPR) while relaying signals over 90 m.

Cryptography and Security

Chiachih Wu,Yajin Zhou,Kunal Patel,Zhenkai Liang,Xuxian Jiang

DOI: https://doi.org/10.14722/ndss.2014.23164

2014-01-01

Abstract:Recent years have experienced explosive growth of smartphone sales. Inevitably, the rise in the popularity of smartphones also makes them an attractive target for attacks. In light of these threats, current mobile platform providers have developed various server-side vetting processes to block malicious applications (“apps”). While helpful, they are still far from ideal in achieving their goals. To make matters worse, the presence of alternative (less-regulated) mobile marketplaces also opens up new attack vectors, which necessitate client-side solutions (e.g., mobile anti-virus software) to run on mobile devices. However, existing client-side solutions still exhibit limitations in their capability or deployability. In this paper, we present AirBag, a lightweight OS-level virtualization approach to enhance the popular Android platform and boost our defense capability against mobile malware infection. Assuming a trusted smartphone OS kernel and the fact that untrusted apps will be eventually installed onto users’ phones, AirBag is designed to isolate and prevent them from infecting our normal systems (e.g., corrupting the phone firmware) or stealthily leaking private information. More specifically, by dynamically creating an isolated runtime environment with its own dedicated namespace and virtualized system resources, AirBag not only allows for transparent execution of untrusted apps, but also effectively mediates their access to various system resources or phone functionalities (e.g., SMSs or phone calls). We have implemented a proof-of-concept prototype on three representative mobile devices, i.e., Google Nexus One, Nexus 7, and Samsung Galaxy S III. The evaluation results with a number of untrusted apps, including real-world mobile malware, demonstrate its practicality and effectiveness.

Manmeet Mahinderjit Singh,Ku Aina Afiqah Ku Adzman,Rohail Hassan

DOI: https://doi.org/10.14419/ijet.v7i4.31.23385

2018-12-09

Abstract:Nowadays; the adoption of Internet of things (IoT) technologies and applications in everyday is rising. IoT technology such as Near Field Communication (NFC) is vastly adopted due to its short range frequencies, making it a good candidate for token based security access control applications such as door systems and attendance systems. However, due to the miniature size of NFC tags; its clear text contents and unprotected communication channel between tag-reader-database; NFC technology is prone to security attacks such as the man in the middle; denial of services (DOS) and etc. These attacks lead to leakage of user critical data which could impact any organization adopting NFC applications and technologies. In this paper; NFC vulnerability, causing both security and privacy attacks studies in depth. By focusing on attacks such as DOS and data corruptions; existing risk assessment models are evaluated using Analytical Hierarchy Process (AHP) approach. Best practice in mitigating these attacks is presented as well. A case study on an existing NFC access control application is then used to demonstrate the effectiveness of best practice solutions proposed.  Â

Fan Dang,Pengfei Zhou,Zhenhua Li,Ennan Zhai,Aziz Mohaisen,Qingfu Wen,Mo Li

DOI: https://doi.org/10.1109/INFOCOM.2017.8057219

2017-01-01

Abstract:Automated Fare Collection (AFC) systems have been globally deployed for decades, particularly in public transportation. Although the transaction messages of AFC systems are mostly transferred in plaintext, which is obviously insecure, system operators do not need to pay much attention to this issue, since the AFC network is well isolated from public network (e.g., the Internet). Nevertheless, in recent years, the advent of Near Field Communication (NFC)-equipped smartphones has bridged the gap between the AFC network and the Internet through Host-based Card Emulation (HCE). Motivated by this fact, we design and practice a novel paradigm of attack on modern distance-based pricing AFC systems, enabling users to pay much less than actually required. Our constructed attack has two important properties: 1) it is invisible to AFC system operators because the attack never causes any inconsistency in the backend database of the operators; and 2) it can be scalable to large number of users (e.g., 10,000) by maintaining a moderate-sized AFC card pool (e.g., containing 150 cards). Based upon this constructed attack, we developed an HCE app, named LessPay. Our real-world experiments on LessPay demonstrate not only the feasibility of our attack (with 97.6% success rate), but also its low-overhead in terms of bandwidth and computation.

Kui Ren,Qian Wang,Di Ma,Xiaohua Jia

DOI: https://doi.org/10.1109/mwc.2014.7000983

IF: 12.777

2014-01-01

IEEE Wireless Communications

Abstract:As an emerging advanced short-range communication technology, near field communication (NFC) is undergoing a fast rate of expansion with many promising benefits including low power, small size, and peer-to-peer communication, without incurring complex network configuration overhead. However, current NFC technologies suffer from one practical limitation: almost all NFC-enabled applications require built-in NFC chipsets, and as a result such low levels of penetration of NFC hardware has stymied its applications on most mobile devices in the market, for example, smartphone and tablet platforms. In addition, from the security perspective the confidentiality of the transmitted data has not been satisfactorily addressed by current NFC technologies, which do not incorporate any security at the physical or MAC layers by assuming that the extremely short range of communication itself has offered a degree of protection physically.Therefore, great interest has been aroused in the practicality and security enhancement of NFC technologies. In this article we discuss alternative NFC technologies, with an emphasis on barcode-based NFC and acoustics-based NFC, which are compatible with legacy devices and existing infrastructure and can provide a high level of security guarantee. Following a brief overview of barcode-based and acoustics-based short-range communications respectively, for each technology we present the major technical hurdles to be overcome and the state-of-the-art, and finally offer a vision of the future research issues on these two promising technologies.

Chalee Thammarat

DOI: https://doi.org/10.3390/sym12101649

2020-10-09

Symmetry

Abstract:The standard protocol of near field communication (NFC) has concentrated primarily on the speed of communication while ignoring security properties. Message between an NFC-enabled smartphone and a point of sale are exchanged over the air (OTA), which is a message considered an authentication request for payment, billing, ticketing, loyalty services, identification or access control. An attacker who has an antenna can intercept or manipulate the exchanged messages to take advantage of these. In order to solve this problem, many researchers have suggested authentication methods for NFC communications. However, these remain inadequate transaction security and fairness. In this paper, we will propose a technique that ensures mutual authentication, security properties, and strong fairness. Mutual authentication is a security property that prevents replay attacks and man-in-the-middle attacks. Both fair exchange and transaction security are also significant issues in electronic transactions with regards to creating trust among the parties participating in the transaction. The suggested protocol deploys a secure offline session key generation technique to increase transaction security and, importantly, make our protocol lightweight while maintaining the fairness property. Our analysis suggests that our protocol is more effective than others regarding transaction security, fairness, and lightweight protocol. The proposed protocol checks robustness and soundness using Burrows, Abadi and Needham (BAN) logic, the Scyther tool, and automated validation of internet security protocols and applications (AVISPA) that provide formal proofs for security protocols. Furthermore, our protocol can resolve disputes in case one party misbehaves.

Seung-Su Yang,Young-Hwan Jang,Min-Hyung Park,Seok-Cheon Park,Hyung-Joon Kim

DOI: https://doi.org/10.1007/s11277-021-08139-2

IF: 2.017

2021-02-09

Wireless Personal Communications

Abstract:NFC (Near Field Communication) is widely used in day-to-day applications such as in credit cards and smartphones. thus, RFID (Radio Frequency Identification) is being replaced by NFC in many applications. However, the access control system operates on RFID. The existing RFID-based access control systems provide only passive communication, and the authentication process is fragile and vulnerable to malicious hacking because the user information is stored by the reader. Therefore, in this study, we designed and implemented an access control system that uses the NFC-based active authentication technique. To evaluate the system implemented in this study, we performed comparison analysis with the existing NFC security authentication protocols based on whether they provided mutual authentication and whether they could respond to major security threats. The evaluation results showed that the proposed protocol normally supported mutual authentication functions between NFC devices, and ensured secure wireless communications by tackling major security threats that might occur in NFC security authentication protocols.

telecommunications

Shaik Shakeel Ahamad

DOI: https://doi.org/10.1109/access.2021.3139065

IF: 3.9

2022-01-01

IEEE Access

Abstract:The unprecedented growth of mobile applications promoted the usage of these mobile applications for payments. The current research works in mobile payments and commerce are prone to reverse-engineering attacks and lacked transport layer protection, so these research works do not ensure security. Therefore, such attacks on Mobile Payment Applications (MPA) will be successful, which leads to severe financial loss. To address these issues, we propose a secure framework incorporating a defense-in-depth approach for Near Field Communication (NFC) based mobile payment frameworks. Our defense-in-depth approach has three levels, i.e., Defense at hardware, mobile application, and communication level. We have proposed a NFC based Secure Protocol for Mobile Transaction (NSPMT) protocol and successfully verified a mobile payment protocol with BAN (Burrows, Abadi, and Needham) logic and Scyther tool, and our proposed protocol overcome multi-protocol attack, RAM (Random Access Memory) scrapping attack, DOS (Denial Of Service), DDOS (Distributed Denial Of Service), and Phlashing attacks. Our proposed mobile Payment system overcomes the known mobile application vulnerabilities, including Heartbleed and ROBOT (Return Of Bleichenbacher’s Oracle Threat). Our proposed protocol ensures all the security properties and the energy and communication cost and computational cost are far less than the existing works in the literature. Finally, we have successfully implemented our protocol using kotlin language in Android Studio, with two Mobile Payment Applications (MPA) and POS Payment Application (PPA), Elliptic Curve Digital Signature Algorithm (ECDSA) is used and Advanced Encryption Standard (AES) with GCM (Galois/Counter Mode) mode is used for encryption and decryption of Customer Payment Data at MPA and PPA.

computer science, information systems,telecommunications,engineering, electrical & electronic

Radi Abubaker

2019-05-23

Abstract:A relay attack is a potentially devastating form of a man-in-the-middle attack, that can circumvent any challenge-response authentication protcol. A relay attack also has no known cryptographic solution. This thesis proposes the usage of reciprocal channel state information in a wireless system to detect the presence of a relay attack. Through the usage of an open source channel state information tool, a challenge-response authentication Channel Based Relay Attack Detection Protocol is designed and implemented using IEEE 802.11n (WiFi) in detail. The proposed protocol adapts ideas from solutions to other problems, to create a novel solution to the relay attack problem. Preliminary results are done to show the practicality of using channel state information for randomness extraction. As well, two novel attacks are proposed that could be used to defeat the protocol and other similar protocols. To handle these attacks, two modifications are given that only work with the Channel Based Relay Attack Detection Protocol.

Computer Science

H. M. Sun,S. M. Chen,K. H. Wang

2011-01-01

Abstract:There are increasing concerns on the security of RFID usages. Recently, Lu et al. presented ACTION, a privacy preservative authentication protocol for RFID. It is claimed that it achieves high level of security even if a large number of tags is compromised. However, we found that this protocol is vulnerable to two severe attacks : Desynchronizing attacks and Tracking attacks. In this pape r, we present how these two attacks work even if the protocol parameters are moderated.