Practical NFC peer-to-peer relay attack using mobile phones

Research output: Chapters, Conference Papers, Creative and Literary WorksRGC 32 - Refereed conference paper (with host publication)peer-review

153 Scopus Citations
View graph of relations

Author(s)

Detail(s)

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages35-49
Volume6370 LNCS
Publication statusPublished - 2010
Externally publishedYes

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6370 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Title6th International Workshop on Radio Frequency Identification: Security and Privacy Issues, RFIDSec 2010
PlaceTürkiye
CityIstanbul
Period8 - 9 June 2010

Abstract

NFC is a standardised technology providing short-range RFID communication channels for mobile devices. Peer-to-peer applications for mobile devices are receiving increased interest and in some cases these services are relying on NFC communication. It has been suggested that NFC systems are particularly vulnerable to relay attacks, and that the attacker's proxy devices could even be implemented using off-the-shelf NFC-enabled devices. This paper describes how a relay attack can be implemented against systems using legitimate peer-to-peer NFC communication by developing and installing suitable MIDlets on the attacker's own NFC-enabled mobile phones. The attack does not need to access secure program memory nor use any code signing, and can use publicly available APIs. We go on to discuss how relay attack countermeasures using device location could be used in the mobile environment. These countermeasures could also be applied to prevent relay attacks on contactless applications using 'passive' NFC on mobile phones. © 2010 Springer-Verlag.

Research Area(s)

  • attack, countermeasure, location, NFC, NFC-enabled-mobile-phones, p2p, peer-to-peer, practical-implementation, relay, security, transactions

Citation Format(s)

Practical NFC peer-to-peer relay attack using mobile phones. / Francis, Lishoy; Hancke, Gerhard; Mayes, Keith et al.
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 6370 LNCS 2010. p. 35-49 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6370 LNCS).

Research output: Chapters, Conference Papers, Creative and Literary WorksRGC 32 - Refereed conference paper (with host publication)peer-review