Practical NFC Peer-to-Peer Relay Attack Using Mobile Phones

NFC is a standardised technology providing short-range RFID communication channels for mobile devices. Peer-to-peer applications for mobile devices are receiving increased interest and in some cases these services are relying on NFC communication. It has been suggested that NFC systems are particularly vulnerable to relay attacks, and that the attacker's proxy devices could even be implemented using off-the-shelf NFC-enabled devices. This paper describes how a relay attack can be implemented against systems using legitimate peer-to-peer NFC communication by developing and installing suitable MIDlets on the attacker's own NFC-enabled mobile phones. The attack does not need to access secure program memory nor use any code signing, and can use publicly available APIs. We go on to discuss how relay attack countermeasures using device location could be used in the mobile environment. These countermeasures could also be applied to prevent relay attacks on contactless applications using 'passive' NFC on mobile phones.

[1]  Yih-Chun Hu,et al.  Wormhole attacks in wireless networks , 2006, IEEE Journal on Selected Areas in Communications.

[2]  Alec Wolman,et al.  Enabling new mobile applications with location proofs , 2009, HotMobile '09.

[3]  Gerhard P. Hancke,et al.  Confidence in smart token proximity: Relay attacks revisited , 2009, Comput. Secur..

[4]  Markus G. Kuhn,et al.  So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks , 2006, ESAS.

[5]  Andrew S. Tanenbaum,et al.  Is your cat infected with a computer virus? , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM'06).

[6]  J. Conway On Numbers and Games , 1976 .

[7]  Josef Langer,et al.  NFC Devices: Security and Privacy , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[8]  Bruce Christianson,et al.  Multichannel Protocols to Prevent Relay Attacks , 2010, Financial Cryptography.

[9]  Srdjan Capkun,et al.  Physical-layer Identification of RFID Devices , 2009, USENIX Security Symposium.

[10]  Srdjan Capkun,et al.  Implications of radio fingerprinting on the security of sensor networks , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[11]  Acm Sigmobile 10th Workshop on Mobile Computing Systems and Applications 2009 (Hotmobile 2009) : Santa Cruz, California, USA, 23-24 February 2009 , 2009 .

[12]  Azzedine Boukerche,et al.  Secure localization algorithms for wireless sensor networks , 2008, IEEE Communications Magazine.

[13]  Srdjan Capkun,et al.  Attacks on public WLAN-based positioning systems , 2009, MobiSys '09.

[14]  Samy Bengio,et al.  Special Uses and Abuses of the Fiat-Shamir Passport Protocol , 1987, CRYPTO.

[15]  David Chaum,et al.  Distance-Bounding Protocols (Extended Abstract) , 1994, EUROCRYPT.

[16]  Ross Anderson RFID and the Middleman , 2007 .

[17]  Yih-Chun Hu,et al.  Packet leashes: a defense against wormhole attacks in wireless networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[18]  Avishai Wool,et al.  Picking Virtual Pockets using Relay Attacks on Contactless Smartcard , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[19]  Gerhard P. Hancke,et al.  Potential misuse of NFC enabled mobile phones with embedded security elements as contactless attack platforms , 2009, 2009 International Conference for Internet Technology and Secured Transactions, (ICITST).

[20]  Gerhard P. Hancke Practical attacks on proximity identification systems , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[21]  Ross J. Anderson Position Statement in RFID S&P Panel: RFID and the Middleman , 2007, Financial Cryptography.

[22]  Markus G. Kuhn,et al.  Attacks on time-of-flight distance bounding channels , 2008, WiSec '08.

[23]  Ernst Haselsteiner Security in Near Field Communication ( NFC ) Strengths and Weaknesses , 2006 .

[24]  Keith Mayes,et al.  Smart Cards, Tokens, Security and Applications , 2010 .

[25]  Urs Hengartner,et al.  Proving your location without giving up your privacy , 2010, HotMobile '10.

[26]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).