Formal security analysis of near field communication using model checking

Near field communication (NFC) is a short-range wireless communication technology envisioned to support a large gamut of smart-device applications, such as payment and ticketing. Although two NFC devices need to be in close proximity to communicate (up to 10źcm), adversaries can use a fast and transparent communication channel to relay data and, thus, force an NFC link between two distant victims. Since relay attacks can bypass the NFC requirement for short-range communication cheaply and easily, it is important to evaluate the security of NFC applications. In this work, we present a general framework that exploits formal analysis and especially model checking as a means of verifying the resiliency of NFC protocol against relay attacks. Toward this goal, we built a continuous-time Markov chain (CTMC) model using the PRISM model checker. Firstly, we took into account NFC protocol parameters and, then, we enhanced our model with networking parameters, which include both mobile environment and security-aware characteristics. Combining NFC specifications with an adversary's characteristics, we produced the relay attack model, which is used for extracting our security analysis results. Through these results, we can explain how a relay attack could be prevented and discuss potential countermeasures.

[1]  Joao Barros,et al.  Jammer Selection Policies for Secure Wireless Networks , 2011, 2011 IEEE International Conference on Communications Workshops (ICC).

[2]  Georgios I. Papadimitriou,et al.  Quantitative analysis of a certified e-mail protocol in mobile environments: A probabilistic model checking approach , 2011, Comput. Secur..

[3]  Srdjan Capkun,et al.  Distance Hijacking Attacks on Distance Bounding Protocols , 2012, 2012 IEEE Symposium on Security and Privacy.

[4]  David Chaum,et al.  Distance-Bounding Protocols (Extended Abstract) , 1994, EUROCRYPT.

[5]  Jin Kwak,et al.  Countermeasure of NFC relay attack with jamming , 2015, 2015 12th International Conference & Expo on Emerging Technologies for a Smarter World (CEWIT).

[6]  J. Langer,et al.  Practical Attack Scenarios on Secure Element-Enabled Mobile Devices , 2012, 2012 4th International Workshop on Near Field Communication.

[7]  Marc Pasquet,et al.  The Complexity of Security Studies in NFC Payment System , 2010 .

[8]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[9]  Busra Ozdenizci,et al.  Developing NFC Applications , 2011 .

[10]  Sophia G. Petridou,et al.  Security analysis of NFC relay attacks using probabilistic model checking , 2014, 2014 International Wireless Communications and Mobile Computing Conference (IWCMC).

[11]  Antonio Scarfò,et al.  New Security Perspectives around BYOD , 2012, 2012 Seventh International Conference on Broadband, Wireless Computing, Communication and Applications.

[12]  Avishai Wool,et al.  Picking Virtual Pockets using Relay Attacks on Contactless Smartcard , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[13]  Marta Z. Kwiatkowska,et al.  Stochastic Model Checking , 2007, SFM.

[14]  Gerhard P. Hancke,et al.  Practical NFC Peer-to-Peer Relay Attack Using Mobile Phones , 2010, RFIDSec.

[15]  Ioannis K. Paparrizos,et al.  Quantitative analysis for authentication of low-cost RFID tags , 2011, 2011 IEEE 36th Conference on Local Computer Networks.

[16]  Jonguk Kim,et al.  Button-based method for the prevention of near field communication relay attacks , 2015, Int. J. Commun. Syst..

[17]  Mihaela Cardei,et al.  A Survey of Attacks and Countermeasures in Mobile Ad Hoc Networks , 2007 .

[18]  Markus G. Kuhn,et al.  Attacks on time-of-flight distance bounding channels , 2008, WiSec '08.

[19]  Panagiotis Katsaros,et al.  A Probabilistic Attacker Model for Quantitative Verification of DoS Security Threats , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.

[20]  Marta Z. Kwiatkowska,et al.  PRISM 4.0: Verification of Probabilistic Real-Time Systems , 2011, CAV.

[21]  J. Conway On Numbers and Games , 1976 .

[22]  Michael Hutter,et al.  Weaknesses of the ISO/IEC 14443 protocol regarding relay attacks , 2011, 2011 IEEE International Conference on RFID-Technologies and Applications.

[23]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[24]  Steven J. Murdoch,et al.  Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks , 2007, USENIX Security Symposium.

[25]  Srdjan Capkun,et al.  Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars , 2010, NDSS.

[26]  Josef Langer,et al.  NFC Devices: Security and Privacy , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[27]  Sophia G. Petridou,et al.  Survivability Analysis Using Probabilistic Model Checking: A Study on Wireless Sensor Networks , 2013, IEEE Systems Journal.

[28]  Sadiq Almuairfi,et al.  Anonymous proximity mobile payment (APMP) , 2014, Peer-to-Peer Netw. Appl..

[29]  Gerhard P. Hancke,et al.  A Practical Relay Attack on ISO 14443 Proximity Cards , 2005 .

[30]  Fabrizio Granelli,et al.  Formal Methods in Cross Layer Modeling and Optimization of Wireless Networks: State of the Art and Future Directions , 2009 .

[31]  Gerhard P. Hancke,et al.  Design of a secure distance-bounding channel for RFID , 2011, J. Netw. Comput. Appl..

[32]  Gerhard P. Hancke,et al.  Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones , 2011, IACR Cryptol. ePrint Arch..

[33]  Panagiotis Katsaros,et al.  Synthesis of attack actions using model checking for the verification of security protocols , 2011, Secur. Commun. Networks.

[34]  Serge Vaudenay,et al.  Mafia fraud attack against the RČ Distance-Bounding Protocol , 2012, 2012 IEEE International Conference on RFID-Technologies and Applications (RFID-TA).