Abstract
Relay attacks are passive man-in-the-middle attacks that aim to extend the physical distance of devices involved in a transaction beyond their operating environment. In the field of smart cards, distance bounding protocols have been proposed in order to counter relay attacks. For smartphones, meanwhile, the natural ambient environment surrounding the devices has been proposed as a potential Proximity and Relay-Attack Detection (PRAD) mechanism. These proposals, however, are not compliant with industry-imposed constraints that stipulate maximum transaction completion times, e.g. 500 ms for EMV contactless transactions. We evaluated the effectiveness of 17 ambient sensors that are widely-available in modern smartphones as a PRAD method for time-restricted contactless transactions. In our work, both similarity- and machine learning-based analyses demonstrated limited effectiveness of natural ambient sensing as a PRAD mechanism under the operating requirements for proximity and transaction duration specified by EMV and ITSO. To address this, we propose the generation of an Artificial Ambient Environment (AAE) as a robust alternative for an effective PRAD. The use of infrared light as a potential PRAD mechanism is evaluated, and our results indicate a high success rate while remaining compliant with industry requirements.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Also known as the F1 score or F-measure.
- 2.
- 3.
dwdiff tool: http://os.ghalkes.nl/dwdiff.html.
References
Transit and Contactless Open Payments: An Emerging Approach for Fare Collection. White paper, Smart Card Alliance Transportation Council, November 2011
How to Optimize the Consumer Contactless Experience? The Perfect Tap. Technical report, MasterCard (2014)
EMV Contactless Specifications for Payment Systems: Book D - EMV Contactless Communication Protocol Specification. Spec V2.6, EMVCo, LLC, March 2016
Transactions Acceptance Device Guide (TADG). Specification Version 3.1, VISA, November 2016
Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Towards secure distance bounding. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 55–67. Springer, Heidelberg (2014). doi:10.1007/978-3-662-43933-3_4
Coskun, V., Ozdenizci, B., Ok, K.: A survey on Near Field Communication (NFC) technology. Wireless Pers. Commun. 71(3), 2259–2294 (2013). http://dx.doi.org/10.1007/s11277-012-0935-5
Cremers, C., Rasmussen, K., Schmidt, B., Capkun, S.: Distance hijacking attacks on distance bounding protocols. In: 2012 IEEE Symposium on Security and Privacy, pp. 113–127, May 2012
Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Practical NFC peer-to-peer relay attack using mobile phones. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 35–49. Springer, Heidelberg (2010). doi:10.1007/978-3-642-16822-2_4
Francis, L., Hancke, G.P., Mayes, K., Markantonakis, K.: Practical relay attack on contactless transactions by using NFC mobile phones. In: IACR Cryptology Archive 2011, p. 618 (2011)
Galal, M.M., Fayed, H.A., Aziz, A.A.E., Aly, M.H.: Smartphones for payments and withdrawals utilizing embedded LED flashlight for high speed data transmission. In: 2013 Fifth International Conference on Computational Intelligence, Communication Systems and Networks, pp. 63–66, June 2013
Galal, M.M., Aziz, A.A.A.E., Fayed, H.A., Aly, M.H.: Smartphone payment via flashlight: utilizing the built-in flashlight of smartphones as replacement for magnetic cards. Optik - Int. J. Light Electron Optics 127(5), 2453–2460 (2016)
Gurulian, I., Akram, R.N., Markantonakis, K., Mayes, K.: Preventing relay attacks in mobile transactions using infrared light. In: Proceedings of the Symposium on Applied Computing, SAC 2017, pp. 1724–1731. ACM, New York (2017)
Gurulian, I., Markantonakis, K., Akram, R.N., Mayes, K.: Artificial ambient environments for proximity critical applications. In: 2017 12th International Conference on Availability, Reliability and Security, ARES 2017. ACM, New York (2017)
Gurulian, I., Shepherd, C., Frank, E., Markantonakis, K., Akram, R., Mayes, K.: On the effectiveness of ambient sensing for NFC-based proximity detection by applying relay attack data. In: The 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2017. IEEE, August 2017
Haken, G., Markantonakis, K., Gurulian, I., Shepherd, C., Akram, R.N.: Evaluation of Apple iDevice sensors as a potential relay attack countermeasure for Apple Pay. In: Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security, CPSS 2017, pp. 21–32. ACM, New York (2017)
Halevi, T., Ma, D., Saxena, N., Xiang, T.: Secure proximity detection for NFC devices based on ambient sensor data. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 379–396. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33167-1_22
Hancke, G.P., Kuhn, M.G.: Attacks on time-of-flight distance bounding channels. In: Proceedings of the First ACM Conference on Wireless Network Security, WiSec 2008, pp. 194–202. ACM, New York (2008). http://doi.acm.org/10.1145/1352533.1352566
Hancke, G., Mayes, K., Markantonakis, K.: Confidence in smart token proximity: relay attacks revisited. Comput. Secur. 28(7), 615–627 (2009). http://www.sciencedirect.com/science/article/pii/S0167404809000595
Hesselmann, T., Henze, N., Boll, S.: FlashLight: optical communication between mobile phones and interactive tabletops. In: ACM International Conference on Interactive Tabletops and Surfaces, ITS 2010, pp. 135–138. ACM, New York (2010), http://doi.acm.org/10.1145/1936652.1936679
Jin, R., Shi, L., Zeng, K., Pande, A., Mohapatra, P.: MagPairing: pairing smartphones in close proximity using magnetometers. IEEE Trans. Inf. Forensics Secur. 11(6), 1306–1320 (2016)
Karapanos, N., Marforio, C., Soriente, C., Capkun, S.: Sound-Proof: usable two-factor authentication based on ambient sound. In: 24th USENIX Security Symposium. USENIX Association, Washington, D.C., August 2015
Li, L., Xue, G., Zhao, X.: The power of whispering: near field assertions via acoustic communications. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2015, pp. 627–632. ACM, New York (2015). http://doi.acm.org/10.1145/2714576.2714586
Ma, D., Saxena, N., Xiang, T., Zhu, Y.: Location-aware and safer cards: enhancing RFID security and privacy via location sensing. IEEE TDSC 10(2), 57–69 (2013)
Maltoni, D., Maio, D., Jain, A., Prabhakar, S.: Handbook of Fingerprint Recognition. Springer Science & Business Media, London (2009). doi:10.1007/978-1-84882-254-2
Mehrnezhad, M., Hao, F., Shahandashti, S.F.: Tap-Tap and Pay (TTP): preventing man-in-the-middle attacks in NFC payment using mobile sensors. In: 2nd International Conference on Research in Security Standardisation, October 2014
Polla, M.L., Martinelli, F., Sgandurra, D.: A survey on security for mobile devices. IEEE Commun. Surv. Tutorials 15(1), 446–471 (2013)
Rasmussen, K.B., Capkun, S.: Realization of RF distance bounding. In: USENIX Security Symposium, pp. 389–402 (2010)
Saxena, N., Uddin, M.B., Voris, J., Asokan, N.: Vibrate-to-unlock: mobile phone assisted user authentication to multiple personal RFID tags. In: 2011 IEEE International Conference on Pervasive Computing and Communications (PerCom), pp. 181–188, March 2011
Shen, Z., Zheng, X., Xie, H.: Near field service initiation via vibration channel. In: 2016 12th International Conference on Mobile Ad-Hoc and Sensor Networks (MSN), pp. 450–453, December 2016
Shepherd, C., Akram, R.N., Markantonakis, K.: Towards trusted execution of multi-modal continuous authentication schemes. In: Proceedings of the 32nd Symposium on Applied Computing, pp. 1444–1451. ACM (2017)
Shepherd, C., Gurulian, I., Frank, E., Markantonakis, K., Akram, R., Mayes, K., Panaousis, E.: The applicability of ambient sensors as proximity evidence for NFC transactions. In: Mobile Security Technologies, IEEE Security and Privacy Workshops, MoST 2017. IEEE, May 2017
Shrestha, B., Saxena, N., Truong, H.T.T., Asokan, N.: Drone to the rescue: relay-resilient authentication using ambient multi-sensing. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 349–364. Springer, Heidelberg (2014). doi:10.1007/978-3-662-45472-5_23
Shrestha, B., Shirvanian, M., Shrestha, P., Saxena, N.: The sounds of the phones: dangers of zero-effort second factor login based on ambient audio. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016 pp. 908–919. ACM, New York (2016)
Truong, H.T.T., Gao, X., Shrestha, B., Saxena, N., Asokan, N., Nurmi, P.: Comparing and fusing different sensor modalities for relay attack resistance in zero-interaction authentication. In: 2014 IEEE International Conference on Pervasive Computing and Communications, pp. 163–171. IEEE (2014)
Umar, A., Mayes, K., Markantonakis, K.: Performance variation in host-based card emulation compared to a hardware security element. In: 2015 First Conference on Mobile and Secure Services, pp. 1–6. IEEE (2015)
Urien, P., Piramuthu, S.: Elliptic curve-based RFID/NFC authentication with temperature sensor input for relay attacks. Decision Support Syst. 59, 28–36 (2014)
Varshavsky, A., Scannell, A., LaMarca, A., de Lara, E.: Amigo: proximity-based authentication of mobile devices. In: Krumm, J., Abowd, G.D., Seneviratne, A., Strang, T. (eds.) UbiComp 2007. LNCS, vol. 4717, pp. 253–270. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74853-3_15
Verdult, R., Kooman, F.: Practical attacks on NFC enabled cell phones. In: 2011 3rd International Workshop on Near Field Communication (NFC), pp. 77–82, February 2011
Yi, S., Qin, Z., Carter, N., Li, Q.: WearLock: unlocking your phone via acoustics using smartwatch. In: 2017 IEEE 37th IEEE International Conference on Distributed Computing Systems, ICDCS 2017 (2017)
Acknowledgement
Carlton Shepherd is supported by the EPSRC and the British government as part of the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London (EP/K035584/1). The authors would also like to thank anonymous reviewers for their valuable comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Gurulian, I., Markantonakis, K., Shepherd, C., Frank, E., Akram, R.N. (2017). Proximity Assurances Based on Natural and Artificial Ambient Environments. In: Farshim, P., Simion, E. (eds) Innovative Security Solutions for Information Technology and Communications. SecITC 2017. Lecture Notes in Computer Science(), vol 10543. Springer, Cham. https://doi.org/10.1007/978-3-319-69284-5_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-69284-5_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69283-8
Online ISBN: 978-3-319-69284-5
eBook Packages: Computer ScienceComputer Science (R0)