Confidence in smart token proximity : Relay attacks revisited

Research output: Journal Publications and ReviewsRGC 21 - Publication in refereed journalpeer-review

91 Scopus Citations
View graph of relations

Author(s)

Detail(s)

Original languageEnglish
Pages (from-to)615-627
Journal / PublicationComputers and Security
Volume28
Issue number7
Online published17 Jun 2009
Publication statusPublished - Oct 2009
Externally publishedYes

Abstract

Contactless and contact smart card systems use the physical constraints of the communication channel to implicitly prove the proximity of a token. These systems, however, are potentially vulnerable to an attack where the attacker relays communication between the reader and a token. Relay attacks are not new but are often not considered a major threat, like eavesdropping or skimming attacks, even though they arguably pose an equivalent security risk. In this paper we discuss the feasibility of implementing passive and active relay attacks against smart tokens and the possible security implications if an attacker succeeds. Finally, we evaluate the effectiveness of time-out constraints, distance bounding and the use of a additional verification techniques for making systems relay-resistant and explain the challenges still facing these mechanisms. © 2009 Elsevier Ltd. All rights reserved.

Research Area(s)

  • Contactless, Near-field communication, Relay attack, RFID, Smart card, Token

Citation Format(s)

Confidence in smart token proximity: Relay attacks revisited. / Hancke, G.P.; Mayes, K.E.; Markantonakis, K.
In: Computers and Security, Vol. 28, No. 7, 10.2009, p. 615-627.

Research output: Journal Publications and ReviewsRGC 21 - Publication in refereed journalpeer-review