Practical relay attack on contactless transactions by using NFC mobile phones

Research output: Chapters, Conference Papers, Creative and Literary WorksRGC 32 - Refereed conference paper (with host publication)peer-review

109 Scopus Citations
View graph of relations

Author(s)

Detail(s)

Original languageEnglish
Title of host publicationRadio Frequency Identification System Security
Subtitle of host publicationRFIDsec'12 Asia Workshop Proceedings
Pages21-32
Volume8
Publication statusPublished - 2012
Externally publishedYes

Publication series

NameCryptology and Information Security Series
Volume8
ISSN (Print)1871-6431
ISSN (electronic)1879-8101

Abstract

Contactless technology is widely used in security sensitive applications, including identification, payment and access-control systems. Near Field Communication (NFC) is a short-range contactless technology allowing mobile devices to act primarily as either a reader or a token. Relay attacks exploit the assumption that a contactless token within communication range is in close proximity, by placing a proxy-token in range of a contactless reader and relaying communication over a greater distance to a proxy-reader communicating with the authentic token. It has been theorised that NFC-enabled mobile phones could be used as a generic relay attack platform without any additional hardware, but this has not been successfully demonstrated in practice. We present the first generic practical implementation of a contactless relay attack by using only NFC-enabled mobile phones, requiring only suitable mobile software applications. This implementation reduces the complexity of relay attacks and therefore has potential security implications for current contactless systems. © 2012 The authors and IOS Press.

Research Area(s)

  • Access control, Contactless, Identification, ISO 14443, Mobile phone, Near Field Communication (NFC), Payments, Practical implementation, Practical relay, Proximity, Relay, RFID, Security attack, Smart card, Transactions

Citation Format(s)

Practical relay attack on contactless transactions by using NFC mobile phones. / Francis, Lishoy; Hancke, Gerhard; Mayes, Keith et al.
Radio Frequency Identification System Security: RFIDsec'12 Asia Workshop Proceedings. Vol. 8 2012. p. 21-32 (Cryptology and Information Security Series; Vol. 8).

Research output: Chapters, Conference Papers, Creative and Literary WorksRGC 32 - Refereed conference paper (with host publication)peer-review