An ISO/IEC 7816-4 Application Layer Approach to Mitigate Relay Attacks on Near Field Communication
Near Field Communication (NFC) has become prevalent in access control and contactless payment systems, however, there is evidence in the literature to suggest that the technology possesses numerous vulnerabilities. Contactless bank cards are becoming commonplace in society; while there are many bene...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2020-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/9229124/ |
_version_ | 1819173539949838336 |
---|---|
author | Christina Thorpe John Tobin Liam Murphy |
author_facet | Christina Thorpe John Tobin Liam Murphy |
author_sort | Christina Thorpe |
collection | DOAJ |
description | Near Field Communication (NFC) has become prevalent in access control and contactless payment systems, however, there is evidence in the literature to suggest that the technology possesses numerous vulnerabilities. Contactless bank cards are becoming commonplace in society; while there are many benefits from the use of contactless payments, there are also security issues present that could be exploited by a malicious third party. The inherently short operating distance of NFC (typically about 4 cm) is often relied upon as a means of ensuring intentional interaction on the user's part and limiting attack vectors. However, NFC is particularly sensitive to relay attacks, which entirely negate the security usefulness of the short-range aspect of technology. The aim of this article is to demonstrate how standard hardware can be used to exploit the technology to carry out a relay attack. Considering the risk that relay attacks pose, a countermeasure is proposed to mitigate this threat. Our countermeasure yields a 100% detection rate in experiments undertaken - in which over 10,000 contactless transactions were carried out on a range of different contactless cards and devices. In these experiments, there was a false positive rate of 0.38% - 0.86%. As little as 1 in every 250 transactions were falsely classified as being the subject of a relay attack and so the user experience was not significantly impacted. With our countermeasure implemented, transaction time was lengthened by only 0.22 seconds. |
first_indexed | 2024-12-22T20:24:42Z |
format | Article |
id | doaj.art-a8b48ab4ee5d480aad39f767a4d009a1 |
institution | Directory Open Access Journal |
issn | 2169-3536 |
language | English |
last_indexed | 2024-12-22T20:24:42Z |
publishDate | 2020-01-01 |
publisher | IEEE |
record_format | Article |
series | IEEE Access |
spelling | doaj.art-a8b48ab4ee5d480aad39f767a4d009a12022-12-21T18:13:45ZengIEEEIEEE Access2169-35362020-01-01819010819011710.1109/ACCESS.2020.30319799229124An ISO/IEC 7816-4 Application Layer Approach to Mitigate Relay Attacks on Near Field CommunicationChristina Thorpe0https://orcid.org/0000-0002-2359-883XJohn Tobin1Liam Murphy2https://orcid.org/0000-0001-9777-005XSchool of Informatics and Engineering, Technological University Dublin, Blanchardstown Campus, Dublin 15, IrelandSchool of Computer Science, University College Dublin, Dublin 4, IrelandSchool of Computer Science, University College Dublin, Dublin 4, IrelandNear Field Communication (NFC) has become prevalent in access control and contactless payment systems, however, there is evidence in the literature to suggest that the technology possesses numerous vulnerabilities. Contactless bank cards are becoming commonplace in society; while there are many benefits from the use of contactless payments, there are also security issues present that could be exploited by a malicious third party. The inherently short operating distance of NFC (typically about 4 cm) is often relied upon as a means of ensuring intentional interaction on the user's part and limiting attack vectors. However, NFC is particularly sensitive to relay attacks, which entirely negate the security usefulness of the short-range aspect of technology. The aim of this article is to demonstrate how standard hardware can be used to exploit the technology to carry out a relay attack. Considering the risk that relay attacks pose, a countermeasure is proposed to mitigate this threat. Our countermeasure yields a 100% detection rate in experiments undertaken - in which over 10,000 contactless transactions were carried out on a range of different contactless cards and devices. In these experiments, there was a false positive rate of 0.38% - 0.86%. As little as 1 in every 250 transactions were falsely classified as being the subject of a relay attack and so the user experience was not significantly impacted. With our countermeasure implemented, transaction time was lengthened by only 0.22 seconds.https://ieeexplore.ieee.org/document/9229124/Near field communicationrelay attacksecurity |
spellingShingle | Christina Thorpe John Tobin Liam Murphy An ISO/IEC 7816-4 Application Layer Approach to Mitigate Relay Attacks on Near Field Communication IEEE Access Near field communication relay attack security |
title | An ISO/IEC 7816-4 Application Layer Approach to Mitigate Relay Attacks on Near Field Communication |
title_full | An ISO/IEC 7816-4 Application Layer Approach to Mitigate Relay Attacks on Near Field Communication |
title_fullStr | An ISO/IEC 7816-4 Application Layer Approach to Mitigate Relay Attacks on Near Field Communication |
title_full_unstemmed | An ISO/IEC 7816-4 Application Layer Approach to Mitigate Relay Attacks on Near Field Communication |
title_short | An ISO/IEC 7816-4 Application Layer Approach to Mitigate Relay Attacks on Near Field Communication |
title_sort | iso iec 7816 4 application layer approach to mitigate relay attacks on near field communication |
topic | Near field communication relay attack security |
url | https://ieeexplore.ieee.org/document/9229124/ |
work_keys_str_mv | AT christinathorpe anisoiec78164applicationlayerapproachtomitigaterelayattacksonnearfieldcommunication AT johntobin anisoiec78164applicationlayerapproachtomitigaterelayattacksonnearfieldcommunication AT liammurphy anisoiec78164applicationlayerapproachtomitigaterelayattacksonnearfieldcommunication AT christinathorpe isoiec78164applicationlayerapproachtomitigaterelayattacksonnearfieldcommunication AT johntobin isoiec78164applicationlayerapproachtomitigaterelayattacksonnearfieldcommunication AT liammurphy isoiec78164applicationlayerapproachtomitigaterelayattacksonnearfieldcommunication |