On the Effectiveness of Ambient Sensing for Detecting NFC Relay Attacks

Iakovos Gurulian; Carlton Shepherd; Eibe Frank; Konstantinos Markantonakis; Raja Akram; Keith Mayes

doi:10.1109/Trustcom/BigDataSE/ICESS.2017.218

On the Effectiveness of Ambient Sensing for Detecting NFC Relay Attacks

Iakovos Gurulian, Carlton Shepherd, Eibe Frank, Konstantinos Markantonakis, Raja Akram, Keith Mayes

Computing Science

Research output: Chapter in Book/Report/Conference proceeding › Published conference contribution

5 Citations (Scopus)

Abstract

Smartphones with Near-Field Communication (NFC) may emulate contactless smart cards, which has resulted in the deployment of various access control, transportation and payment services, such as Google Pay and Apple Pay. Like contactless cards, however, NFC-based smartphone transactions are susceptible to relay attacks, and ambient sensing has been suggested as a potential countermeasure. In this study, we empirically evaluate the suitability of ambient sensors as a proximity detection mechanism for smartphone-based transactions under EMV constraints. We underpin our study using sensing data collected from 17 sensors from an emulated relay attack test-bed to assess whether they can thwart such attacks effectively. Each sensor, where feasible, was used to record 350-400 legitimate and relay (illegitimate) contactless transactions at two different physical locations. Our analysis provides an empirical foundation upon which to determine the efficacy of ambient sensing for providing a strong anti-relay mechanism in security-sensitive applications. We demonstrate that no single, evaluated mobile ambient sensor is suitable for such critical applications under realistic deployment constraints.

Original language	English
Title of host publication	16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
Pages	41-49
Number of pages	9
ISBN (Electronic)	978-1-5090-4906-6
ISBN (Print)	978-1-5090-4907-3
DOIs	https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.218
Publication status	Published - 2017
Event	16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications - Sydney, Australia Duration: 1 Aug 2017 → 1 Aug 2017 Conference number: 16

Conference

Conference	16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications
Abbreviated title	TrustCom 2017
Country/Territory	Australia
City	Sydney
Period	1/08/17 → 1/08/17

Bibliographical note

ACKNOWLEDGEMENT
Carlton Shepherd is supported by the EPSRC and the British government as part of the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London (EP/K035584/1). The authors would also like to thank anonymous reviewers for their valuable comments.

2017 IEEE Trustcom/BigDataSE/ICESS
1-4 Aug. 2017

Keywords

Relay Attacks
ambient sensing
Mobile Security
contactless transactions
near-field communication

Access to Document

10.1109/Trustcom/BigDataSE/ICESS.2017.218

Cite this

Gurulian, I., Shepherd, C., Frank, E., Markantonakis, K., Akram, R., & Mayes, K. (2017). On the Effectiveness of Ambient Sensing for Detecting NFC Relay Attacks. In 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (pp. 41-49). Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.218

On the Effectiveness of Ambient Sensing for Detecting NFC Relay Attacks. / Gurulian, Iakovos; Shepherd, Carlton; Frank, Eibe et al.
16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications. Institute of Electrical and Electronics Engineers (IEEE), 2017. p. 41-49.

Research output: Chapter in Book/Report/Conference proceeding › Published conference contribution

Gurulian, I, Shepherd, C, Frank, E, Markantonakis, K, Akram, R & Mayes, K 2017, On the Effectiveness of Ambient Sensing for Detecting NFC Relay Attacks. in 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications. Institute of Electrical and Electronics Engineers (IEEE), pp. 41-49, 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Sydney, Australia, 1/08/17. https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.218

@inproceedings{f191a59491c94126b4d95981d052f432,

title = "On the Effectiveness of Ambient Sensing for Detecting NFC Relay Attacks",

abstract = "Smartphones with Near-Field Communication (NFC) may emulate contactless smart cards, which has resulted in the deployment of various access control, transportation and payment services, such as Google Pay and Apple Pay. Like contactless cards, however, NFC-based smartphone transactions are susceptible to relay attacks, and ambient sensing has been suggested as a potential countermeasure. In this study, we empirically evaluate the suitability of ambient sensors as a proximity detection mechanism for smartphone-based transactions under EMV constraints. We underpin our study using sensing data collected from 17 sensors from an emulated relay attack test-bed to assess whether they can thwart such attacks effectively. Each sensor, where feasible, was used to record 350-400 legitimate and relay (illegitimate) contactless transactions at two different physical locations. Our analysis provides an empirical foundation upon which to determine the efficacy of ambient sensing for providing a strong anti-relay mechanism in security-sensitive applications. We demonstrate that no single, evaluated mobile ambient sensor is suitable for such critical applications under realistic deployment constraints.",

keywords = "Relay Attacks, ambient sensing, Mobile Security, contactless transactions, near-field communication",

author = "Iakovos Gurulian and Carlton Shepherd and Eibe Frank and Konstantinos Markantonakis and Raja Akram and Keith Mayes",

note = "ACKNOWLEDGEMENT Carlton Shepherd is supported by the EPSRC and the British government as part of the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London (EP/K035584/1). The authors would also like to thank anonymous reviewers for their valuable comments. 2017 IEEE Trustcom/BigDataSE/ICESS 1-4 Aug. 2017; 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2017 ; Conference date: 01-08-2017 Through 01-08-2017",

year = "2017",

doi = "10.1109/Trustcom/BigDataSE/ICESS.2017.218",

language = "English",

isbn = "978-1-5090-4907-3",

pages = "41--49",

booktitle = "16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

}

TY - GEN

T1 - On the Effectiveness of Ambient Sensing for Detecting NFC Relay Attacks

AU - Gurulian, Iakovos

AU - Shepherd, Carlton

AU - Frank, Eibe

AU - Markantonakis, Konstantinos

AU - Akram, Raja

AU - Mayes, Keith

N1 - Conference code: 16

PY - 2017

Y1 - 2017

N2 - Smartphones with Near-Field Communication (NFC) may emulate contactless smart cards, which has resulted in the deployment of various access control, transportation and payment services, such as Google Pay and Apple Pay. Like contactless cards, however, NFC-based smartphone transactions are susceptible to relay attacks, and ambient sensing has been suggested as a potential countermeasure. In this study, we empirically evaluate the suitability of ambient sensors as a proximity detection mechanism for smartphone-based transactions under EMV constraints. We underpin our study using sensing data collected from 17 sensors from an emulated relay attack test-bed to assess whether they can thwart such attacks effectively. Each sensor, where feasible, was used to record 350-400 legitimate and relay (illegitimate) contactless transactions at two different physical locations. Our analysis provides an empirical foundation upon which to determine the efficacy of ambient sensing for providing a strong anti-relay mechanism in security-sensitive applications. We demonstrate that no single, evaluated mobile ambient sensor is suitable for such critical applications under realistic deployment constraints.

AB - Smartphones with Near-Field Communication (NFC) may emulate contactless smart cards, which has resulted in the deployment of various access control, transportation and payment services, such as Google Pay and Apple Pay. Like contactless cards, however, NFC-based smartphone transactions are susceptible to relay attacks, and ambient sensing has been suggested as a potential countermeasure. In this study, we empirically evaluate the suitability of ambient sensors as a proximity detection mechanism for smartphone-based transactions under EMV constraints. We underpin our study using sensing data collected from 17 sensors from an emulated relay attack test-bed to assess whether they can thwart such attacks effectively. Each sensor, where feasible, was used to record 350-400 legitimate and relay (illegitimate) contactless transactions at two different physical locations. Our analysis provides an empirical foundation upon which to determine the efficacy of ambient sensing for providing a strong anti-relay mechanism in security-sensitive applications. We demonstrate that no single, evaluated mobile ambient sensor is suitable for such critical applications under realistic deployment constraints.

KW - Relay Attacks

KW - ambient sensing

KW - Mobile Security

KW - contactless transactions

KW - near-field communication

U2 - 10.1109/Trustcom/BigDataSE/ICESS.2017.218

DO - 10.1109/Trustcom/BigDataSE/ICESS.2017.218

M3 - Published conference contribution

SN - 978-1-5090-4907-3

SP - 41

EP - 49

BT - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

PB - Institute of Electrical and Electronics Engineers (IEEE)

T2 - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

Y2 - 1 August 2017 through 1 August 2017

ER -

On the Effectiveness of Ambient Sensing for Detecting NFC Relay Attacks

Abstract

Conference

Bibliographical note

Keywords

Access to Document

Fingerprint

Cite this