Abstract
Contactless smart cards are used to securely store data and to authorize the execution of sensitive operations. Their contactless interface represents a mixed blessing, allowing fast operations but also such devices to potential attacks. Relay attacks are among the most powerful attacks applicable against contactless smart cards, allowing a contactless reader to interact with a physically far away card establishing a communication channel between them. In this paper we prove that it is possible to conduct such an attack on a geographical scale, basically without any constraints on the reader and card positions and reaching a relay distance of several kilometers, probably the first example in the literature for contactless smart cards, using cheap and off-the-shelf hardware and software tools.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Kfir, Z., Wool, A.: Picking virtual pockets using relay attacks on contactless smartcard. In: Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm), pp. 47–58 (2005)
Hancke, G.P.: A practical relay attack on ISO 14443 proximity cards. Technical report, University of Cambridge Computer Laboratory, pp. 1–13 (2005)
Thevenon, P., Savry, O., Tedjini, S.: On the weakness of contactless systems under relay attacks. In: Proceedings of the 19th International Conference on Software, Telecommunications and Computer Networks (SoftCOM), pp. 1–5 (2011)
Issovits, W., Hutter, M.: Weaknesses of the ISO/IEC 14443 protocol regarding relay attacks. In: Proceedings of the International Conference on RFID-Technologies and Applications (RFID-TA), pp. 335–342 (2011)
WeiB, M.: Performing relay attacks on ISO 14443 contactless smart cards using NFC mobile equipment. Master thesis, Der Technischen Universitat Munchen, Germany (2010)
Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Practical relay attack on contactless transactions by using NFC mobile phones. In: Proceedings of the Workshop on RFID and IoT Security (RFIDsec 2012 Asia) (2012)
Emms, M., Arief, B., Defty, T., Hannon, J., Hao, F., van Moorsel, A.: The dangers of verify PIN on contactless cards. Newcastle University, Technical Report Series, No. CS-TR-1332, pp. 1–10 (2012)
ISO/IEC 14443: Identification cards - Contactless Integrated Circuit Cards - Proximity Cards (2011)
ISO/IEC 7816–4: Identification Cards - Integrated Circuit Cards - Part 4: Organization, Security and Commands for Interchange (2005)
ISO/IEC 21481: Information technology - Telecommunications and Information Exchange Between Systems - Near Field Communication Interface and Protocol -2 (NFCIP-2) (2005)
Elenkov, N.: Emulating a PKI Smart Card with CyanogenMod 9.1 (2012). http://nelenkov.blogspot.it/2012/10/emulating-pki-smart-card-with-cm91.html
CyanogenMod, Ver. 9.1. http://www.cyanogenmod.org/ (2013)
Roland, M.: Software card emulation in NFC-enabled mobile phones: great advantage or security nightmare? In: Fourth International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use, pp. 1–6 (2012)
International Civil Aviation Organization: Machine Readable Travel Documents, Part 1, vol. 1, 6th edn (2006)
International Civil Aviation Organization: Machine Readable Travel Documents, Part 1, vol. 2, 6th edn (2006)
BSI: Advanced Security Mechanisms for Machine Readable Travel Documents - Extended Access Control (EAC), Password Authenticated Connection Establishment (PACE) and Restricted Identification (RI). Ver. 2.05 (2010)
ICAO SDK Pro, MaskTech GmbH (2008)
Golden Reader Tool, Ver. 2.9.4 (2009). https://www.bsi.bund.de/EN/Topics/ElectrIDDocuments/Projects/projectsGRT/GRT_node.html
Dunham, K.: Mobile Malware Attacks and Defense. Syngress, Burlington (2009)
Kirschenbaum, I., Wool, A.: How to build a low-cost, extended-range RFID skimmer. In: Proceedings of the 15th USENIX Security, Symposium, pp. 43–57 (2006)
MF1PLUSx0y1 - Mainstream Contactless Smart Card IC for Fast and Easy Solution Development, Product short data sheet, Rev. 3.2, NXP (2011)
Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm), pp. 67–73 (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 European Union
About this paper
Cite this paper
Sportiello, L., Ciardulli, A. (2013). Long Distance Relay Attack. In: Hutter, M., Schmidt, JM. (eds) Radio Frequency Identification. RFIDSec 2013. Lecture Notes in Computer Science(), vol 8262. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41332-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-41332-2_5
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41331-5
Online ISBN: 978-3-642-41332-2
eBook Packages: Computer ScienceComputer Science (R0)