May the Force Be with You: Force-Based Relay Attack Detection

Iakovos Gurulian; Gerhard Hancke; Konstantinos Markantonakis; Raja Naeem Akram

doi:10.1007/978-3-319-75208-2_9

May the Force Be with You: Force-Based Relay Attack Detection

Iakovos Gurulian, Gerhard Hancke, Konstantinos Markantonakis, Raja Naeem Akram

Research output: Chapter in Book/Report/Conference proceeding › Published conference contribution

2 Citations (Scopus)

Abstract

Relay attacks pose a significant threat against communicating devices that are required to operate within a short-distance from each other and a restricted time frame. In the field of smart cards, distance bounding protocols have been proposed as an effective countermeasure, whereas, in the field of smartphones, many proposals suggest the use of (natural) ambient sensing as an effective alternative. However, empirical evaluation of the proposals carried out in existing literature has reported negative results in using natural ambient sensing in distance- and time-restricted scenarios, like EMV contactless payments that require the proximity to be less than 3cm and the transaction duration to be under 500ms. In this paper, we propose a novel approach for Proximity and Relay Attack Detection (PRAD), using bidirectional sensing and comparing button presses and releases behaviour (duration of press and gap between presses and releases), performed by a genuine user during the transaction. We implemented a test-bed environment to collect training and analysis data from a set of users, for both the genuine and attacker-involved transactions. Analysis of the collection-data indicates a high effectiveness of the proposed solution, as it was successful in distinguishing between proximity and relay-attack transactions, using thresholds set after analysis of genuine training transaction data. Furthermore, perfect classification of genuine and relay-attack transactions was achieved by using well-known machine learning classifiers.

Original language	English
Title of host publication	International Conference on Smart Card Research and Advanced Applications
Editors	T Eisenbarth, Y Teglia
Publisher	Springer
Pages	142-159
Number of pages	18
ISBN (Electronic)	978-3-319-75208-2
ISBN (Print)	978-3-319-75207-5
DOIs	https://doi.org/10.1007/978-3-319-75208-2_9
Publication status	Published - 26 Jan 2018
Event	17th Smart Card Research and Advanced Application Conference - Duration: 12 Nov 2018 → 12 Nov 2018 Conference number: 17

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	10728
ISSN (Print)	0302-9743

Conference

Conference	17th Smart Card Research and Advanced Application Conference
Abbreviated title	CARDIS
Period	12/11/18 → 12/11/18

Keywords

Mobile Payments
Relay Attacks
Contactless
Experimental Analysis

Access to Document

10.1007/978-3-319-75208-2_9Licence: Unspecified

Cite this

May the Force Be with You: Force-Based Relay Attack Detection . / Gurulian, Iakovos; Hancke, Gerhard; Markantonakis, Konstantinos et al.
International Conference on Smart Card Research and Advanced Applications. ed. / T Eisenbarth; Y Teglia. Springer , 2018. p. 142-159 (Lecture Notes in Computer Science ; Vol. 10728).

Research output: Chapter in Book/Report/Conference proceeding › Published conference contribution

Gurulian, I, Hancke, G, Markantonakis, K & Akram, RN 2018, May the Force Be with You: Force-Based Relay Attack Detection . in T Eisenbarth & Y Teglia (eds), International Conference on Smart Card Research and Advanced Applications. Lecture Notes in Computer Science , vol. 10728, Springer , pp. 142-159, 17th Smart Card Research and Advanced Application Conference, 12/11/18. https://doi.org/10.1007/978-3-319-75208-2_9

@inproceedings{ebe046b850e94c619eeae7c41b5d6be2,

title = "May the Force Be with You: Force-Based Relay Attack Detection ",

abstract = "Relay attacks pose a significant threat against communicating devices that are required to operate within a short-distance from each other and a restricted time frame. In the field of smart cards, distance bounding protocols have been proposed as an effective countermeasure, whereas, in the field of smartphones, many proposals suggest the use of (natural) ambient sensing as an effective alternative. However, empirical evaluation of the proposals carried out in existing literature has reported negative results in using natural ambient sensing in distance- and time-restricted scenarios, like EMV contactless payments that require the proximity to be less than 3cm and the transaction duration to be under 500ms. In this paper, we propose a novel approach for Proximity and Relay Attack Detection (PRAD), using bidirectional sensing and comparing button presses and releases behaviour (duration of press and gap between presses and releases), performed by a genuine user during the transaction. We implemented a test-bed environment to collect training and analysis data from a set of users, for both the genuine and attacker-involved transactions. Analysis of the collection-data indicates a high effectiveness of the proposed solution, as it was successful in distinguishing between proximity and relay-attack transactions, using thresholds set after analysis of genuine training transaction data. Furthermore, perfect classification of genuine and relay-attack transactions was achieved by using well-known machine learning classifiers.",

keywords = "Mobile Payments, Relay Attacks, Contactless, Experimental Analysis",

author = "Iakovos Gurulian and Gerhard Hancke and Konstantinos Markantonakis and Akram, {Raja Naeem}",

year = "2018",

month = jan,

day = "26",

doi = "10.1007/978-3-319-75208-2_9",

language = "English",

isbn = "978-3-319-75207-5",

series = "Lecture Notes in Computer Science ",

publisher = "Springer ",

pages = "142--159",

editor = "T Eisenbarth and Y Teglia",

booktitle = "International Conference on Smart Card Research and Advanced Applications",

note = "17th Smart Card Research and Advanced Application Conference, CARDIS ; Conference date: 12-11-2018 Through 12-11-2018",

}

TY - GEN

T1 - May the Force Be with You

T2 - 17th Smart Card Research and Advanced Application Conference

AU - Gurulian, Iakovos

AU - Hancke, Gerhard

AU - Markantonakis, Konstantinos

AU - Akram, Raja Naeem

N1 - Conference code: 17

PY - 2018/1/26

Y1 - 2018/1/26

N2 - Relay attacks pose a significant threat against communicating devices that are required to operate within a short-distance from each other and a restricted time frame. In the field of smart cards, distance bounding protocols have been proposed as an effective countermeasure, whereas, in the field of smartphones, many proposals suggest the use of (natural) ambient sensing as an effective alternative. However, empirical evaluation of the proposals carried out in existing literature has reported negative results in using natural ambient sensing in distance- and time-restricted scenarios, like EMV contactless payments that require the proximity to be less than 3cm and the transaction duration to be under 500ms. In this paper, we propose a novel approach for Proximity and Relay Attack Detection (PRAD), using bidirectional sensing and comparing button presses and releases behaviour (duration of press and gap between presses and releases), performed by a genuine user during the transaction. We implemented a test-bed environment to collect training and analysis data from a set of users, for both the genuine and attacker-involved transactions. Analysis of the collection-data indicates a high effectiveness of the proposed solution, as it was successful in distinguishing between proximity and relay-attack transactions, using thresholds set after analysis of genuine training transaction data. Furthermore, perfect classification of genuine and relay-attack transactions was achieved by using well-known machine learning classifiers.

AB - Relay attacks pose a significant threat against communicating devices that are required to operate within a short-distance from each other and a restricted time frame. In the field of smart cards, distance bounding protocols have been proposed as an effective countermeasure, whereas, in the field of smartphones, many proposals suggest the use of (natural) ambient sensing as an effective alternative. However, empirical evaluation of the proposals carried out in existing literature has reported negative results in using natural ambient sensing in distance- and time-restricted scenarios, like EMV contactless payments that require the proximity to be less than 3cm and the transaction duration to be under 500ms. In this paper, we propose a novel approach for Proximity and Relay Attack Detection (PRAD), using bidirectional sensing and comparing button presses and releases behaviour (duration of press and gap between presses and releases), performed by a genuine user during the transaction. We implemented a test-bed environment to collect training and analysis data from a set of users, for both the genuine and attacker-involved transactions. Analysis of the collection-data indicates a high effectiveness of the proposed solution, as it was successful in distinguishing between proximity and relay-attack transactions, using thresholds set after analysis of genuine training transaction data. Furthermore, perfect classification of genuine and relay-attack transactions was achieved by using well-known machine learning classifiers.

KW - Mobile Payments

KW - Relay Attacks

KW - Contactless

KW - Experimental Analysis

U2 - 10.1007/978-3-319-75208-2_9

DO - 10.1007/978-3-319-75208-2_9

M3 - Published conference contribution

SN - 978-3-319-75207-5

T3 - Lecture Notes in Computer Science

SP - 142

EP - 159

BT - International Conference on Smart Card Research and Advanced Applications

A2 - Eisenbarth, T

A2 - Teglia, Y

PB - Springer

Y2 - 12 November 2018 through 12 November 2018

ER -

May the Force Be with You: Force-Based Relay Attack Detection

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this