Advertisement

Chameleon: A Lightweight Method for Thwarting Relay Attacks in Near Field Communication

  • Yafei Ji
  • Luning XiaEmail author
  • Jingqiang Lin
  • Jian Zhou
  • Guozhu Zhang
  • Shijie Jia
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9543)

Abstract

Near field communication (NFC) is applied in payment services, setup of high-bandwidth connection and information sharing. Therefore, NFC devices represent an increasing valuable target for adversaries. One of the major threats is relay attack, in which an adversary directly relays messages between a pair of communication peers referred to as initiator and target device. A successful relay attack allows an adversary to temporarily posses a ‘virtual’ initiator/target and thereby to gain associated benefits. In this paper, we propose a lightweight and automated method featuring role transitions and thus called Chameleon to thwart relay attacks. The principle of the method is: Chameleon exchanges the roles of the two devices after every NFC session in a random manner. The information of exchanged role is included in the messages of every session and encrypted by pre-shared key of the two legitimate devices. In this condition, the adversary cannot decrypt the message and configure themselves to appropriate role during the connection. Consequently, the relayed communication will be interrupted and a transaction is aborted due to uncompleted data packet. This method is implemented in real communication scenario and works well on thwarting relay attack. Our experiments indicate that it is an easy-to-implement and effective defense against relay attacks.

Keywords

Near field communication Radio frequency identification Relay attack Implementation Role transition Lightweight Tradeoff 

References

  1. 1.
    Coskun, V., Ozdenizci, B., Ok, K.: A survey on near field communication (NFC) technology. Wireless Pers. Commun. 71(3), 2259–2294 (2013)CrossRefGoogle Scholar
  2. 2.
    ISO, IEC 18092:2013, Near Field Communication Interface and Protocol (NFCIP-1), March 2013Google Scholar
  3. 3.
    ISO/IEC 21481:2012, Near Field Communication Interface and Protocol (NFCIP-2), June 2012Google Scholar
  4. 4.
    Roberts, C.M.: Radio frequency identification (RFID). Comput. Secur. 25(1), 18–26 (2006)CrossRefGoogle Scholar
  5. 5.
    Haselsteiner, E., Breitfuß, K.: Security in near field communication (NFC): strengths and weaknesses. In: proceedings of 2nd Workshop on RFID Security (RFIDSec 2006), p. 11, July 2006Google Scholar
  6. 6.
    Nelson, D., Qiao, M., Carpenter, A.: Security of the near field communication protocol: an overview. J. Comput. Sci. Coll. 29(2), 94–104 (2013)Google Scholar
  7. 7.
    Hancke, G.P., Mayes, K.E., Markantonakis, K.: Confidence in smart token proximity: relay attacks revisited. Comput. Secur. 28(7), 615–627 (2009)CrossRefGoogle Scholar
  8. 8.
    Reid, J., Nieto, J.M.G., Tang, T., Senadji, B.: DetectingRelay attacks with timingbased protocols. In: Proceedings of 2nd ACM Symposium on Information, Computer and Communication Security (ASIACCS 2007), pp. 204–213, March 2007Google Scholar
  9. 9.
    Drimer, S., Murdoch, S.J.: Keep your enemies close: distance bounding against smartcard relay attacks. In: proceedings of 16th USENIXSecuritySymposium (USENIX Sec 2007), pp. 87–1C102, August 2007Google Scholar
  10. 10.
    Kang, S., Kim, J., Hong, M.: Button-based method for the prevention of nearfield communication relay attacks. Int. J. Commun. Syst. 28(10), 1628–1639 (2015)CrossRefGoogle Scholar
  11. 11.
    Malek, B., Miri, A.: Chaotic masking for securing RFID systems against relay attacks. Secur. Commun. Netw. 6, 1496–1508 (2013)CrossRefGoogle Scholar
  12. 12.
    C̆agalj, M., Perković, T., Bugarić, M., Li, S.: Fortune cookies, smartphones: weakly unrelayable channels to counter relay attacks. Pervasive Mobile Comput. 20, 64–81 (2015)CrossRefGoogle Scholar
  13. 13.
    Urien, P., Piamuthu, S.: Elliptic curve-based RFID/NFC authentication with temperature sensor input for relay attacks. Decis. Support Syst. 59, 28–36 (2014)CrossRefGoogle Scholar
  14. 14.
    Stajano, F., Wong, F.-L., Christianson, B.: Multichannel protocols to prevent relay attacks. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 4–19. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  15. 15.
    Francis, L., Hancke, G., Mayesc, K.: A practical generic relay attack on contactless transactions by using NFC mobile phones. Int. J. RFID Secur. Crypt. (IJRFIDSC) 2(1–4), 92–106 (2013)Google Scholar
  16. 16.
    Roland, M., Langer, J., Scharinger, J.: Applying relay attacks to Google Wallet. In: Proceedings of 5th International Workshop on Near Field Communication (NFC 2013), p. 6, February 2013Google Scholar
  17. 17.
    Korak, T., Hutter, M.: On the power of active relay attacks using custom-made proxies. In: Proceedings of 8th Annual IEEE International Conference on RFID (IEEE RFID 2014), pp. 126–133, April 2014Google Scholar
  18. 18.
    Kim, G.-H., Lee, K.-H., Kim, S.-S., Kim, J.-M.: Vehicle relay attack avoidance methods using RF signal strength. Commun. Netw. 5, 573–577 (2013)CrossRefGoogle Scholar
  19. 19.
    Alexiou, N., Basagiannis, S., Petridou, S.: Security analysis of NFC relay attacks using probabilistic model checking. In: proceedings of 10th International Wireless Communications and Mobile Computing Conference (IWCMC 2014), pp. 524–529, August 2014Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Yafei Ji
    • 1
    • 2
    • 3
  • Luning Xia
    • 1
    • 2
    Email author
  • Jingqiang Lin
    • 1
    • 2
  • Jian Zhou
    • 1
    • 2
  • Guozhu Zhang
    • 1
    • 2
    • 3
  • Shijie Jia
    • 1
    • 2
    • 3
  1. 1.State Key Laboratory of Information SecurityInstitute of Information Engineering of Chinese Academy of SciencesBeijingChina
  2. 2.Data Assurance and Communication Security Research Center of Chinese Academy of SciencesBeijingChina
  3. 3.University of Chinese Academy SciencesBeijingChina

Personalised recommendations