May the force be with you: Force-based relay attack detection

Iakovos Gurulian; Gerhard P. Hancke; Konstantinos Markantonakis; Raja Naeem Akram

doi:10.1007/978-3-319-75208-2_9

May the force be with you: Force-based relay attack detection

Iakovos Gurulian^*
, Gerhard P. Hancke
, Konstantinos Markantonakis
, Raja Naeem Akram

^*Corresponding author for this work

Department of Computer Science

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

2 Citations (Scopus)

Abstract

Relay attacks pose a significant threat against communicating devices that are required to operate within a short-distance from each other and a restricted time frame. In the field of smart cards, distance bounding protocols have been proposed as an effective countermeasure, whereas, in the field of smartphones, many proposals suggest the use of (natural) ambient sensing as an effective alternative. However, empirical evaluation of the proposals carried out in existing literature has reported negative results in using natural ambient sensing in distance- and time-restricted scenarios, like EMV contactless payments that require the proximity to be less than 3 cm and the transaction duration to be under 500 ms. In this paper, we propose a novel approach for Proximity and Relay Attack Detection (PRAD), using bidirectional sensing and comparing button presses and releases behaviour (duration of press and gap between presses and releases), performed by a genuine user during the transaction. We implemented a test-bed environment to collect training and analysis data from a set of users, for both the genuine and attacker-involved transactions. Analysis of the collection-data indicates a high effectiveness of the proposed solution, as it was successful in distinguishing between proximity and relay-attack transactions, using thresholds set after analysis of genuine training transaction data. Furthermore, perfect classification of genuine and relay-attack transactions was achieved by using well-known machine learning classifiers.

Original language	English
Title of host publication	Smart Card Research and Advanced Applications
Subtitle of host publication	16th International Conference, CARDIS 2017 Lugano, Switzerland, November 13–15, 2017, Revised Selected Papers
Editors	Thomas Eisenbarth, Yannick Teglia
Publisher	Springer International Publishing
Pages	142-159
ISBN (Electronic)	9783319752082
ISBN (Print)	9783319752075
DOIs	https://doi.org/10.1007/978-3-319-75208-2_9
Publication status	Published - 2018
Event	16th International Conference on Smart Card Research and Advanced Applications, CARDIS 2017 - Lugano, Switzerland Duration: 13 Nov 2017 → 15 Nov 2017 https://2017.cardis.org/index.html

Publication series

Name	Lecture Notes in Computer Science
Volume	10728
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	16th International Conference on Smart Card Research and Advanced Applications, CARDIS 2017
Abbreviated title	CARDIS 2017
Place	Switzerland
City	Lugano
Period	13/11/17 → 15/11/17
Internet address	https://2017.cardis.org/index.html

Research Keywords

Contactless
Experimental analysis
Mobile payments
Relay attacks

Access Output

10.1007/978-3-319-75208-2_9

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

Gurulian, I., Hancke, G. P., Markantonakis, K., & Akram, R. N. (2018). May the force be with you: Force-based relay attack detection. In T. Eisenbarth, & Y. Teglia (Eds.), Smart Card Research and Advanced Applications: 16th International Conference, CARDIS 2017 Lugano, Switzerland, November 13–15, 2017, Revised Selected Papers (pp. 142-159). (Lecture Notes in Computer Science; Vol. 10728). Springer International Publishing . https://doi.org/10.1007/978-3-319-75208-2_9

Gurulian, Iakovos ; Hancke, Gerhard P. ; Markantonakis, Konstantinos et al. / May the force be with you : Force-based relay attack detection. Smart Card Research and Advanced Applications: 16th International Conference, CARDIS 2017 Lugano, Switzerland, November 13–15, 2017, Revised Selected Papers. editor / Thomas Eisenbarth ; Yannick Teglia. Springer International Publishing , 2018. pp. 142-159 (Lecture Notes in Computer Science).

@inproceedings{85c4c54ccd974306a2892bf721390043,

title = "May the force be with you: Force-based relay attack detection",

abstract = "Relay attacks pose a significant threat against communicating devices that are required to operate within a short-distance from each other and a restricted time frame. In the field of smart cards, distance bounding protocols have been proposed as an effective countermeasure, whereas, in the field of smartphones, many proposals suggest the use of (natural) ambient sensing as an effective alternative. However, empirical evaluation of the proposals carried out in existing literature has reported negative results in using natural ambient sensing in distance- and time-restricted scenarios, like EMV contactless payments that require the proximity to be less than 3 cm and the transaction duration to be under 500 ms. In this paper, we propose a novel approach for Proximity and Relay Attack Detection (PRAD), using bidirectional sensing and comparing button presses and releases behaviour (duration of press and gap between presses and releases), performed by a genuine user during the transaction. We implemented a test-bed environment to collect training and analysis data from a set of users, for both the genuine and attacker-involved transactions. Analysis of the collection-data indicates a high effectiveness of the proposed solution, as it was successful in distinguishing between proximity and relay-attack transactions, using thresholds set after analysis of genuine training transaction data. Furthermore, perfect classification of genuine and relay-attack transactions was achieved by using well-known machine learning classifiers.",

keywords = "Contactless, Experimental analysis, Mobile payments, Relay attacks",

author = "Iakovos Gurulian and Hancke, \{Gerhard P.\} and Konstantinos Markantonakis and Akram, \{Raja Naeem\}",

year = "2018",

doi = "10.1007/978-3-319-75208-2\_9",

language = "English",

isbn = "9783319752075",

series = "Lecture Notes in Computer Science",

publisher = "Springer International Publishing ",

pages = "142--159",

editor = "Thomas Eisenbarth and Yannick Teglia",

booktitle = "Smart Card Research and Advanced Applications",

address = "Switzerland",

note = "16th International Conference on Smart Card Research and Advanced Applications, CARDIS 2017, CARDIS 2017 ; Conference date: 13-11-2017 Through 15-11-2017",

url = "https://2017.cardis.org/index.html",

}

Gurulian, I, Hancke, GP, Markantonakis, K & Akram, RN 2018, May the force be with you: Force-based relay attack detection. in T Eisenbarth & Y Teglia (eds), Smart Card Research and Advanced Applications: 16th International Conference, CARDIS 2017 Lugano, Switzerland, November 13–15, 2017, Revised Selected Papers. Lecture Notes in Computer Science, vol. 10728, Springer International Publishing , pp. 142-159, 16th International Conference on Smart Card Research and Advanced Applications, CARDIS 2017, Lugano, Switzerland, 13/11/17. https://doi.org/10.1007/978-3-319-75208-2_9

May the force be with you: Force-based relay attack detection. / Gurulian, Iakovos; Hancke, Gerhard P.; Markantonakis, Konstantinos et al.
Smart Card Research and Advanced Applications: 16th International Conference, CARDIS 2017 Lugano, Switzerland, November 13–15, 2017, Revised Selected Papers. ed. / Thomas Eisenbarth; Yannick Teglia. Springer International Publishing , 2018. p. 142-159 (Lecture Notes in Computer Science; Vol. 10728).

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

TY - GEN

T1 - May the force be with you

T2 - 16th International Conference on Smart Card Research and Advanced Applications, CARDIS 2017

AU - Gurulian, Iakovos

AU - Hancke, Gerhard P.

AU - Markantonakis, Konstantinos

AU - Akram, Raja Naeem

PY - 2018

Y1 - 2018

N2 - Relay attacks pose a significant threat against communicating devices that are required to operate within a short-distance from each other and a restricted time frame. In the field of smart cards, distance bounding protocols have been proposed as an effective countermeasure, whereas, in the field of smartphones, many proposals suggest the use of (natural) ambient sensing as an effective alternative. However, empirical evaluation of the proposals carried out in existing literature has reported negative results in using natural ambient sensing in distance- and time-restricted scenarios, like EMV contactless payments that require the proximity to be less than 3 cm and the transaction duration to be under 500 ms. In this paper, we propose a novel approach for Proximity and Relay Attack Detection (PRAD), using bidirectional sensing and comparing button presses and releases behaviour (duration of press and gap between presses and releases), performed by a genuine user during the transaction. We implemented a test-bed environment to collect training and analysis data from a set of users, for both the genuine and attacker-involved transactions. Analysis of the collection-data indicates a high effectiveness of the proposed solution, as it was successful in distinguishing between proximity and relay-attack transactions, using thresholds set after analysis of genuine training transaction data. Furthermore, perfect classification of genuine and relay-attack transactions was achieved by using well-known machine learning classifiers.

AB - Relay attacks pose a significant threat against communicating devices that are required to operate within a short-distance from each other and a restricted time frame. In the field of smart cards, distance bounding protocols have been proposed as an effective countermeasure, whereas, in the field of smartphones, many proposals suggest the use of (natural) ambient sensing as an effective alternative. However, empirical evaluation of the proposals carried out in existing literature has reported negative results in using natural ambient sensing in distance- and time-restricted scenarios, like EMV contactless payments that require the proximity to be less than 3 cm and the transaction duration to be under 500 ms. In this paper, we propose a novel approach for Proximity and Relay Attack Detection (PRAD), using bidirectional sensing and comparing button presses and releases behaviour (duration of press and gap between presses and releases), performed by a genuine user during the transaction. We implemented a test-bed environment to collect training and analysis data from a set of users, for both the genuine and attacker-involved transactions. Analysis of the collection-data indicates a high effectiveness of the proposed solution, as it was successful in distinguishing between proximity and relay-attack transactions, using thresholds set after analysis of genuine training transaction data. Furthermore, perfect classification of genuine and relay-attack transactions was achieved by using well-known machine learning classifiers.

KW - Contactless

KW - Experimental analysis

KW - Mobile payments

KW - Relay attacks

UR - https://www.scopus.com/pages/publications/85041712772

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85041712772&origin=recordpage

U2 - 10.1007/978-3-319-75208-2_9

DO - 10.1007/978-3-319-75208-2_9

M3 - RGC 32 - Refereed conference paper (with host publication)

SN - 9783319752075

T3 - Lecture Notes in Computer Science

SP - 142

EP - 159

BT - Smart Card Research and Advanced Applications

A2 - Eisenbarth, Thomas

A2 - Teglia, Yannick

PB - Springer International Publishing

Y2 - 13 November 2017 through 15 November 2017

ER -

Gurulian I, Hancke GP, Markantonakis K, Akram RN. May the force be with you: Force-based relay attack detection. In Eisenbarth T, Teglia Y, editors, Smart Card Research and Advanced Applications: 16th International Conference, CARDIS 2017 Lugano, Switzerland, November 13–15, 2017, Revised Selected Papers. Springer International Publishing . 2018. p. 142-159. (Lecture Notes in Computer Science). Epub 2018 Jan 26. doi: 10.1007/978-3-319-75208-2_9

May the force be with you: Force-based relay attack detection

Abstract

Publication series

Conference

Research Keywords

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Cite this