Abstract
Relay attacks pose a significant threat against communicating devices that are required to operate within a short-distance from each other and a restricted time frame. In the field of smart cards, distance bounding protocols have been proposed as an effective countermeasure, whereas, in the field of smartphones, many proposals suggest the use of (natural) ambient sensing as an effective alternative. However, empirical evaluation of the proposals carried out in existing literature has reported negative results in using natural ambient sensing in distance- and time-restricted scenarios, like EMV contactless payments that require the proximity to be less than 3cm and the transaction duration to be under 500ms. In this paper, we propose a novel approach for Proximity and Relay Attack Detection (PRAD), using bidirectional sensing and comparing button presses and releases behaviour (duration of press and gap between presses and releases), performed by a genuine user during the transaction. We implemented a test-bed environment to collect training and analysis data from a set of users, for both the genuine and attacker-involved transactions. Analysis of the collection-data indicates a high effectiveness of the proposed solution, as it was successful in distinguishing between proximity and relay-attack transactions, using thresholds set after analysis of genuine training transaction data. Furthermore, perfect classification of genuine and relay-attack transactions was achieved by using well-known machine learning classifiers.
Original language | English |
---|---|
Title of host publication | International Conference on Smart Card Research and Advanced Applications |
Editors | T Eisenbarth, Y Teglia |
Publisher | Springer |
Pages | 142-159 |
Number of pages | 18 |
ISBN (Electronic) | 978-3-319-75208-2 |
ISBN (Print) | 978-3-319-75207-5 |
DOIs | |
Publication status | Published - 26 Jan 2018 |
Event | 17th Smart Card Research and Advanced Application Conference - Duration: 12 Nov 2018 → 12 Nov 2018 Conference number: 17 |
Publication series
Name | Lecture Notes in Computer Science |
---|---|
Publisher | Springer |
Volume | 10728 |
ISSN (Print) | 0302-9743 |
Conference
Conference | 17th Smart Card Research and Advanced Application Conference |
---|---|
Abbreviated title | CARDIS |
Period | 12/11/18 → 12/11/18 |
Keywords
- Mobile Payments
- Relay Attacks
- Contactless
- Experimental Analysis