Preventing relay attacks in mobile transactions using infrared light

Iakovos Gurulian, Raja Akram, Konstantinos Markantonakis, Keith Mayes

Research output: Chapter in Book/Report/Conference proceedingPublished conference contribution

12 Citations (Scopus)

Abstract

Near Field Technology (NFC) enables a smartphone to emulate a smart card, enabling it to provide services, like banking and transport ticketing. Similar to smart cards, NFC-based transactions are susceptible to relay attacks. Distance bounding protocols have been proposed for smart cards to counter relay attacks. However, this may not be effective in the field of mobile transactions, due to their requirement of high time-delay sensitivity and specialised hardware. A number of proposals are being put forward that show that sensing the natural ambient environment is an effective anti-relay mechanism. Existing literature neither involves a threat actor in their analysis nor they are in compliance with EMV's transaction requirement of 500ms. In this paper, we look at the anti-relay mechanism from a different point of view. Instead of measuring the natural ambience, we generate and measure a unique artificial ambient environment (AAE) using peripherals of the devices involved in a transaction. To evaluate our proposal and its effectiveness, we selected infrared from the proposed set of off-the-shelf actuator/sensor pairs available on modern smartphones. We designed and deployed six distinct test-beds, each based on a unique method of relay attack, in order to evaluate the effectiveness of our proposal in the context of infrared. From our experimentations, we can empirically state that infrared showed high success rate in relay attack detection - higher than any existing work in academic literature.
Original languageEnglish
Title of host publicationSAC'17 Proceedings of the symposium on Applied Computing
PublisherACM
Pages1724-1731
Number of pages8
ISBN (Print)978-1-4503-4486-9
DOIs
Publication statusPublished - 3 Apr 2017
EventThe 32nd ACM Symposium on Applied Computing - Marrakech, Marrakech, Morocco
Duration: 3 Apr 20177 Apr 2017

Conference

ConferenceThe 32nd ACM Symposium on Applied Computing
Country/TerritoryMorocco
CityMarrakech
Period3/04/177/04/17

Keywords

  • Mobile Payments
  • Relay Attacks
  • Artificial Ambient Environment
  • Contactless
  • Infrared
  • Experimental Analysis

Fingerprint

Dive into the research topics of 'Preventing relay attacks in mobile transactions using infrared light'. Together they form a unique fingerprint.

Cite this