Confidence in smart token proximity: Relay attacks revisited

G.P. Hancke; K.E. Mayes; K. Markantonakis

doi:10.1016/j.cose.2009.06.001

Confidence in smart token proximity : Relay attacks revisited

Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review

Overview

94 Scopus Citations

Scopus Metrics

View graph of relations

Author(s)

G.P. Hancke
K.E. Mayes
K. Markantonakis

Detail(s)

Original language	English
Pages (from-to)	615-627
Journal / Publication	Computers and Security
Volume	28
Issue number	7
Online published	17 Jun 2009
Publication status	Published - Oct 2009
Externally published	Yes

Link(s)

DOI	DOI https://doi.org/10.1016/j.cose.2009.06.001 Final Published version
	Check@CityULib
Link to Scopus	https://www.scopus.com/record/display.uri?eid=2-s2.0-70349451691&origin=recordpage
Permanent Link	https://scholars.cityu.edu.hk/en/publications/publication(917e504b-e033-4885-ad61-b2fc05479a5b).html

Abstract

Contactless and contact smart card systems use the physical constraints of the communication channel to implicitly prove the proximity of a token. These systems, however, are potentially vulnerable to an attack where the attacker relays communication between the reader and a token. Relay attacks are not new but are often not considered a major threat, like eavesdropping or skimming attacks, even though they arguably pose an equivalent security risk. In this paper we discuss the feasibility of implementing passive and active relay attacks against smart tokens and the possible security implications if an attacker succeeds. Finally, we evaluate the effectiveness of time-out constraints, distance bounding and the use of a additional verification techniques for making systems relay-resistant and explain the challenges still facing these mechanisms. © 2009 Elsevier Ltd. All rights reserved.