Confidence in smart token proximity: Relay attacks revisited

G.P. Hancke; K.E. Mayes; K. Markantonakis

doi:10.1016/j.cose.2009.06.001

Confidence in smart token proximity: Relay attacks revisited

G.P. Hancke^*
, K.E. Mayes
, K. Markantonakis

^*Corresponding author for this work

Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review

96 Citations (Scopus)

Abstract

Contactless and contact smart card systems use the physical constraints of the communication channel to implicitly prove the proximity of a token. These systems, however, are potentially vulnerable to an attack where the attacker relays communication between the reader and a token. Relay attacks are not new but are often not considered a major threat, like eavesdropping or skimming attacks, even though they arguably pose an equivalent security risk. In this paper we discuss the feasibility of implementing passive and active relay attacks against smart tokens and the possible security implications if an attacker succeeds. Finally, we evaluate the effectiveness of time-out constraints, distance bounding and the use of a additional verification techniques for making systems relay-resistant and explain the challenges still facing these mechanisms. © 2009 Elsevier Ltd. All rights reserved.

Original language	English
Pages (from-to)	615-627
Journal	Computers and Security
Volume	28
Issue number	7
Online published	17 Jun 2009
DOIs	https://doi.org/10.1016/j.cose.2009.06.001
Publication status	Published - Oct 2009
Externally published	Yes

Research Keywords

Contactless
Near-field communication
Relay attack
RFID
Smart card
Token

Access Output

10.1016/j.cose.2009.06.001

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

@article{917e504be0334885ad61b2fc05479a5b,

title = "Confidence in smart token proximity: Relay attacks revisited",

abstract = "Contactless and contact smart card systems use the physical constraints of the communication channel to implicitly prove the proximity of a token. These systems, however, are potentially vulnerable to an attack where the attacker relays communication between the reader and a token. Relay attacks are not new but are often not considered a major threat, like eavesdropping or skimming attacks, even though they arguably pose an equivalent security risk. In this paper we discuss the feasibility of implementing passive and active relay attacks against smart tokens and the possible security implications if an attacker succeeds. Finally, we evaluate the effectiveness of time-out constraints, distance bounding and the use of a additional verification techniques for making systems relay-resistant and explain the challenges still facing these mechanisms. {\textcopyright} 2009 Elsevier Ltd. All rights reserved.",

keywords = "Contactless, Near-field communication, Relay attack, RFID, Smart card, Token",

author = "G.P. Hancke and K.E. Mayes and K. Markantonakis",

year = "2009",

month = oct,

doi = "10.1016/j.cose.2009.06.001",

language = "English",

volume = "28",

pages = "615--627",

journal = "Computers and Security",

issn = "0167-4048",

publisher = "Elsevier Ltd.",

number = "7",

}

TY - JOUR

T1 - Confidence in smart token proximity

T2 - Relay attacks revisited

AU - Hancke, G.P.

AU - Mayes, K.E.

AU - Markantonakis, K.

PY - 2009/10

Y1 - 2009/10

N2 - Contactless and contact smart card systems use the physical constraints of the communication channel to implicitly prove the proximity of a token. These systems, however, are potentially vulnerable to an attack where the attacker relays communication between the reader and a token. Relay attacks are not new but are often not considered a major threat, like eavesdropping or skimming attacks, even though they arguably pose an equivalent security risk. In this paper we discuss the feasibility of implementing passive and active relay attacks against smart tokens and the possible security implications if an attacker succeeds. Finally, we evaluate the effectiveness of time-out constraints, distance bounding and the use of a additional verification techniques for making systems relay-resistant and explain the challenges still facing these mechanisms. © 2009 Elsevier Ltd. All rights reserved.

AB - Contactless and contact smart card systems use the physical constraints of the communication channel to implicitly prove the proximity of a token. These systems, however, are potentially vulnerable to an attack where the attacker relays communication between the reader and a token. Relay attacks are not new but are often not considered a major threat, like eavesdropping or skimming attacks, even though they arguably pose an equivalent security risk. In this paper we discuss the feasibility of implementing passive and active relay attacks against smart tokens and the possible security implications if an attacker succeeds. Finally, we evaluate the effectiveness of time-out constraints, distance bounding and the use of a additional verification techniques for making systems relay-resistant and explain the challenges still facing these mechanisms. © 2009 Elsevier Ltd. All rights reserved.

KW - Contactless

KW - Near-field communication

KW - Relay attack

KW - RFID

KW - Smart card

KW - Token

UR - https://www.scopus.com/pages/publications/70349451691

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-70349451691&origin=recordpage

U2 - 10.1016/j.cose.2009.06.001

DO - 10.1016/j.cose.2009.06.001

M3 - RGC 21 - Publication in refereed journal

SN - 0167-4048

VL - 28

SP - 615

EP - 627

JO - Computers and Security

JF - Computers and Security

IS - 7

ER -

Confidence in smart token proximity: Relay attacks revisited

Abstract

Research Keywords

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Cite this