Practical NFC peer-to-peer relay attack using mobile phones

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 6370 LNCS, Issue , 2010, Pages 35-49

  Francis, Lishoy ^a   Hancke, Gerhard ^a   Mayes, Keith ^a   Markantonakis, Konstantinos ^a  

^a UNIVERSITY OF LONDON   (United Kingdom)

Author keywords

attack; countermeasure; location; NFC; NFC enabled mobile phones; p2p; peer to peer; practical implementation; relay; security; transactions

Indexed keywords

ATTACK; COUNTERMEASURE; NFC; NFC-ENABLED-MOBILE-PHONES; P2P; PEER TO PEER; PRACTICAL-IMPLEMENTATION; RELAY; SECURITY; TRANSACTIONS;

CELLULAR TELEPHONE SYSTEMS; MOBILE DEVICES; MOBILE PHONES; MOBILE TELECOMMUNICATION SYSTEMS; PORTABLE EQUIPMENT; RADIO FREQUENCY IDENTIFICATION (RFID); RADIO WAVES; SECURITY OF DATA; TELEPHONE; TELEPHONE SETS;

PEER TO PEER NETWORKS;

EID: 78650216365     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-16822-2_4     Document Type: Conference Paper

References (52)

1. ISO/IEC 18092 (ECMA-340), Information technology Telecommunications and information exchange between systems Near Field Communication Interface and Protocol (NFCIP-1) (2004), http://www.iso.org/ (cited March 31, 2010)
2. Bluetooth Core Specification Version 2.1. + EDR. Vol. 2 (July 2007)
3. Lin, G., Mikhak, A.A., Nakajima, L.T., Mayo, S.A., Rosenblatt, M.: Peer-to-peer Financial Transaction Devices and Methods. Apple Inc. Patent Application WO/2010/039337 (April 2010)
4. Hancke, G.P., Mayes, K.E., Markantonakis, K.: Confidence in Smart Token Proximity: Relay Attacks Revisited. Elsevier Computers & Security 28(7), 615-627 (2009)
5. Anderson, R.: RFID and the Middleman. In: Conference on Financial Cryptography and Data Security, pp. 46-49 (December 2007)
6. Kfir, Z., Wool, A.: Picking Virtual Pockets using Relay Attacks on Contactless Smartcard Systems. In: Proceedings of IEEE/CreateNet SecureComm, pp. 47-58 (2005)
7. Sun Microsystems, JSR-000118 Mobile Information Device Profile 2.0, http://jcp.org/aboutJava/communityprocess/final/jsr118/index.html.
8. ISO/IEC 21481 (ECMA-352), Information technology Telecommunications and information exchange between systems Near Field Communication Interface and Protocol (NFCIP-2) (2005), http://www.iso.org/ (cited March 31, 2010)
9. ISO/IEC 14443, Identification cards Contactless integrated circuit cards Proximity cards, http://www.iso.org/ (cited March 31, 2010)
10. ISO/IEC 15693, Identification cards - Contactless integrated circuit cards - Vicinity cards, http://www.iso.org/ (cited March 31, 2010)
11. FeliCa, http://www.sony.net/Products/felica/ (cited March 31, 2010)
12. European Technical Standards Institute (ETSI), Smart Cards; UICC-Terminal interface; Physical and logical characteristics (Release 7), TS 102 221 V7.9.0 (2007-07), http://www.etsi.org/ (cited March 31,2010)
13. Third Generation Partnership Project, Specification of the Subscriber Identity Module-Mobile Equipment (SIM - ME) interface (Release 1999), TS 11.11 V8.14.0 (2007-06), http://www.3gpp.org/
14. Third Generation Partnership Project, Characteristics of the Universal Subscriber Identity Module (USIM) application (Release 7), TS 31.102 V7.10.0 (2007-09), http://www.3gpp.org/
15. Third Generation Partnership Project 2 (3GPP2), Removable User Identity Module (RUIM) for Spread Spectrum Systems, 3GPP2 C.S0023-C V1.0 (May 26, 2006), http://www.3gpp2.org/
16. SD Card Association, http://www.sdcard.org/ (cited March 31, 2010)
17. Candidate Technical Specification: Signature Record Type Definition. NFC Forum (October 2009)
18. Near Field Communication (NFC) Forum, http://www.nfc-forum.org (cited March 31, 2010)
19. Sun Microsystems, Java Card Platform Specification v2.2.1, http://java.sun.com/products/javacard/specs.html (cited March 31, 2010)
20. NXP, Java Card Open Platform, http://www.nxp.com/ (cited March 31, 2010)
21. Global Platform, Card Specification v2.1.1, http://www.globalplatform.org (cited March 31, 2010)
22. NXP Semiconductor: Mifare Standard Specification, http://www.nxp.com/ acrobat-download/other/identification/ (cited March 31, 2010)
23. Francis, L., Hancke, G.P., Mayes, K.E., Markantonakis, K.: Potential Misuse of NFC Enabled Mobile Handsets with Embedded Security Elements as Contactless Attack Platforms. In: Proceedings of the 1st Workshop on RFID Security and Cryptography (RISC 2009), in conjunction with the International Conference for Internet Technology and Secured Transactions (ICITST 2009), , pp. 1-8 (November 2009)
24. Mayes, K.E., Markantonakis, K. (eds.): Smart Cards, Tokens, Security and Applications. Springer, Heidelberg (2008), ISBN: 978-0-387-72197-2
25. Sun Microsystems: JSR-000257 Contactless Communication API 1.0, http://jcp.org/aboutJava/communityprocess/final/jsr257/index.html
26. Conway, J.H.: On Numbers and Games. Academic Press, London (1976)
27. Desmedt, Y., Goutier, C., Bengio, S.: Special Uses and Abuses of the Fiat-Shamir Passport Protocol. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, p. 21. Springer, Heidelberg (1988)
28. Hu, Y.C., Perrig, A., Johnson, D.B.: Wormhole Attacks in Wireless Networks. IEEE Journal on Selected Areas in Communications (JSAC), 370-380 (2006)
29. Hancke, G.P., Kuhn, M.G.: An RFID Distance Bounding Protocol. In: Proceedings of IEEE/CreateNet SecureComm, pp. 67-73 (September 2005)
30. Hancke, G.P.: Practical Attacks on Proximity Identification Systems. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 328-333 (May 2006) (short paper)
31. Libnfc.org, Public Platform Independent Near Field Communication (NFC) Library, http://www.libnfc.org/documentation/examples/nfc-relay (cited March 31, 2010)
32. RFID IO Tools, rfidiot.org (cited March 31, 2010)
33. Sun Microsystems: JSR-000082 Java API for Bluetooth 2.1, http://jcp.org/aboutJava/communityprocess/final/jsr082/index.html (cited March 31, 2010)
34. Sun Microsystems: Java Code Signing for J2ME, http://java.sun.com/ (cited March 31, 2010)
35. Nokia Forum, Java Security Domains, http://wiki.forum.nokia.com/index. php/Java-Security-Domains (cited March 31, 2010)
36. Nokia Forum, MIDP 2.0 API Access Rights, http://wiki.forum.nokia.com/ index.php/MIDP-2.0-API-access-rights (cited March 31, 2010)
37. Nokia Forum, MIDP 2.1 API Access Rights, http://wiki.forum.nokia.com/ index.php/MIDP-2.1-API-access-rights (cited March 31, 2010)
38. Nokia Forum, Nokia 6131 API Access Rights, http://wiki.forum.nokia.com/ index.php/API-access-rights-on-phones,-Series-40-3rd-FP1 (cited March 31, 2010)
39. Nokia Forum, Nokia 6212 API Access Rights, http://wiki.forum.nokia.com/ index.php/API-access-rights-on-phones,-Series-40-5th-FP1 (cited March 31, 2010)
40. Brands, S., Chaum, D.: Distance Bounding Protocols. Advances in Cryptology. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344-359. Springer, Heidelberg (1994)
41. Clulow, J., Hancke, G.P., Kuhn, M.G., Moore, T.: So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks. In: Buttyán, L., Gligor, V.D., Westhoff, D. (eds.) ESAS 2006. LNCS, vol. 4357, pp. 83-97. Springer, Heidelberg (2006)
42. Hancke, G.P., Kuhn, M.G.: Attacks on Time-of-Flight Distance Bounding Channels. In: Proceedings of the First ACM Conference on Wireless Network Security (WISEC 2008), pp. 194-202 (March 2008)
43. Rasmussen, K.B., Čapkun, S.: Implications of Radio Fingerprinting on the Security of Sensor Networks. In: Proceedings of IEEE SecureComm. (2007)
44. Danev, B., Heydt-Benjamin, T.S., Čapkun, S.: Physical-layer Identification of RFID Devices. In: Proceedings of USENIX Security Symposium (2009)
45. Anderson, R.J., Bond, M.: The Man-in-the-Middle Defense. Presented at Security Protocols Workshop (March 2006), http://www.cl.cam.ac.uk/~rja14/Papers/ Man-in-the-Middle-Defence.pdf
46. Stajano, F., Wong, F.L., Christianson, B.: Multichannel Protocols to Prevent Relay Attacks. In: Conference on Financial Cryptography and Data Security (January 2010)
47. Boukerche, A., Oliveira, H.A.B., Nakamura, E.F., Loureiro, A.A.F.: Secure Localization Algorithms for Wireless Sensor Networks. IEEE Communications Magazine 46(4), 96-101 (2008) (Pubitemid 351593414)
48. Google Maps: Google Inc., http://www.googlemaps.com/ (cited March 31, 2010)
49. Saroiu, S., Wolman, A.: Enabling New Mobile Applications with Location Proofs. In: Proceedings of the 10th Workshop on Mobile Computing Systems and Applications, HotMobile 2009, Santa Cruz, California, February 23-24, pp. 1-6. ACM, New York (2009)
50. Luo, W., Hengartner, U.: Proving your Location without giving up your Privacy. In: Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications, HotMobile 2010, Annapolis, Maryland, February 22-23, pp. 7-12. ACM, New York (2010)
51. Hu, Y.C., Perrig, A., Johnson, D.B.: Packet leashes: A Defense Against Wormhole Attacks in Wireless Networks. In: Proceedings of INFOCOM, pp. 1976-1986 (April 2003)
52. Tippenhauer, N.O., Rasmussen, K.B., Pöpper, C., Capkun, S.: Attacks on Public WLAN-based Positioning. In: Proceedings of the ACM/Usenix International Conference on Mobile Systems, Applications and Services, MobiSys (2009)