TY - GEN
T1 - Proximity Assurances Based on Natural and Artificial Ambient Environments
AU - Gurulian, Iakovos
AU - Markantonakis, Konstantinos
AU - Shepherd, Carlton
AU - Frank, Eibe
AU - Akram, Raja
N1 - © Springer International Publishing AG 2017
PY - 2017/6/8
Y1 - 2017/6/8
N2 - Relay attacks are passive man-in-the-middle attacks that aim to extend the physical distance of devices involved in a transaction beyond their operating environment. In the field of smart cards, distance bounding protocols have been proposed in order to counter relay attacks. For smartphones, meanwhile, the natural ambient environment surrounding the devices has been proposed as a potential Proximity and Relay-Attack Detection (PRAD) mechanism. These proposals, however, are not compliant with industry-imposed constraints that stipulate maximum transaction completion times, e.g. 500 milliseconds for EMV contactless transactions. We evaluated the effectiveness of 17 ambient sensors that are widely-available in modern smartphones as a PRAD method for time-restricted contactless transactions. In our work, both similarity- and machine learning-based analyses demonstrated limited effectiveness of natural ambient sensing as a PRAD mechanism under the operating requirements for proximity and transaction duration specified by EMV and ITSO. To address this, we propose the generation of an Artificial Ambient Environment (AAE) as a robust alternative for an effective PRAD. The use of infrared light as a potential PRAD mechanism is evaluated, and our results indicate a high success rate while remaining compliant with industry requirements.
AB - Relay attacks are passive man-in-the-middle attacks that aim to extend the physical distance of devices involved in a transaction beyond their operating environment. In the field of smart cards, distance bounding protocols have been proposed in order to counter relay attacks. For smartphones, meanwhile, the natural ambient environment surrounding the devices has been proposed as a potential Proximity and Relay-Attack Detection (PRAD) mechanism. These proposals, however, are not compliant with industry-imposed constraints that stipulate maximum transaction completion times, e.g. 500 milliseconds for EMV contactless transactions. We evaluated the effectiveness of 17 ambient sensors that are widely-available in modern smartphones as a PRAD method for time-restricted contactless transactions. In our work, both similarity- and machine learning-based analyses demonstrated limited effectiveness of natural ambient sensing as a PRAD mechanism under the operating requirements for proximity and transaction duration specified by EMV and ITSO. To address this, we propose the generation of an Artificial Ambient Environment (AAE) as a robust alternative for an effective PRAD. The use of infrared light as a potential PRAD mechanism is evaluated, and our results indicate a high success rate while remaining compliant with industry requirements.
KW - Mobile Payments
KW - Relay Attacks
KW - Ambient Environment Sensing
KW - Contactless
KW - Experimental Analysis
U2 - 10.1007/978-3-319-69284-5
DO - 10.1007/978-3-319-69284-5
M3 - Published conference contribution
T3 - Lecture Notes in Computer Science
SP - 83
EP - 103
BT - Innovative Security Solutions for Information Technology and Communications
A2 - Farshim, P
A2 - Simion, E
T2 - 10th International Conference on Security for Information Technology and Communications
Y2 - 30 June 2017 through 30 June 2017
ER -