Proximity Assurances Based on Natural and Artificial Ambient Environments

  • Iakovos Gurulian
  • Konstantinos Markantonakis
  • Carlton Shepherd
  • Eibe Frank
  • Raja Naeem Akram
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10543)


Relay attacks are passive man-in-the-middle attacks that aim to extend the physical distance of devices involved in a transaction beyond their operating environment. In the field of smart cards, distance bounding protocols have been proposed in order to counter relay attacks. For smartphones, meanwhile, the natural ambient environment surrounding the devices has been proposed as a potential Proximity and Relay-Attack Detection (PRAD) mechanism. These proposals, however, are not compliant with industry-imposed constraints that stipulate maximum transaction completion times, e.g. 500 ms for EMV contactless transactions. We evaluated the effectiveness of 17 ambient sensors that are widely-available in modern smartphones as a PRAD method for time-restricted contactless transactions. In our work, both similarity- and machine learning-based analyses demonstrated limited effectiveness of natural ambient sensing as a PRAD mechanism under the operating requirements for proximity and transaction duration specified by EMV and ITSO. To address this, we propose the generation of an Artificial Ambient Environment (AAE) as a robust alternative for an effective PRAD. The use of infrared light as a potential PRAD mechanism is evaluated, and our results indicate a high success rate while remaining compliant with industry requirements.


Mobile payments Relay attacks Ambient environment sensing Contactless Experimental analysis 



Carlton Shepherd is supported by the EPSRC and the British government as part of the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London (EP/K035584/1). The authors would also like to thank anonymous reviewers for their valuable comments.


  1. 1.
    Transit and Contactless Open Payments: An Emerging Approach for Fare Collection. White paper, Smart Card Alliance Transportation Council, November 2011Google Scholar
  2. 2.
    How to Optimize the Consumer Contactless Experience? The Perfect Tap. Technical report, MasterCard (2014)Google Scholar
  3. 3.
    EMV Contactless Specifications for Payment Systems: Book D - EMV Contactless Communication Protocol Specification. Spec V2.6, EMVCo, LLC, March 2016Google Scholar
  4. 4.
    Transactions Acceptance Device Guide (TADG). Specification Version 3.1, VISA, November 2016Google Scholar
  5. 5.
    Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Towards secure distance bounding. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 55–67. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-43933-3_4 Google Scholar
  6. 6.
    Coskun, V., Ozdenizci, B., Ok, K.: A survey on Near Field Communication (NFC) technology. Wireless Pers. Commun. 71(3), 2259–2294 (2013). CrossRefGoogle Scholar
  7. 7.
    Cremers, C., Rasmussen, K., Schmidt, B., Capkun, S.: Distance hijacking attacks on distance bounding protocols. In: 2012 IEEE Symposium on Security and Privacy, pp. 113–127, May 2012Google Scholar
  8. 8.
    Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Practical NFC peer-to-peer relay attack using mobile phones. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 35–49. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-16822-2_4 CrossRefGoogle Scholar
  9. 9.
    Francis, L., Hancke, G.P., Mayes, K., Markantonakis, K.: Practical relay attack on contactless transactions by using NFC mobile phones. In: IACR Cryptology Archive 2011, p. 618 (2011)Google Scholar
  10. 10.
    Galal, M.M., Fayed, H.A., Aziz, A.A.E., Aly, M.H.: Smartphones for payments and withdrawals utilizing embedded LED flashlight for high speed data transmission. In: 2013 Fifth International Conference on Computational Intelligence, Communication Systems and Networks, pp. 63–66, June 2013Google Scholar
  11. 11.
    Galal, M.M., Aziz, A.A.A.E., Fayed, H.A., Aly, M.H.: Smartphone payment via flashlight: utilizing the built-in flashlight of smartphones as replacement for magnetic cards. Optik - Int. J. Light Electron Optics 127(5), 2453–2460 (2016)CrossRefGoogle Scholar
  12. 12.
    Gurulian, I., Akram, R.N., Markantonakis, K., Mayes, K.: Preventing relay attacks in mobile transactions using infrared light. In: Proceedings of the Symposium on Applied Computing, SAC 2017, pp. 1724–1731. ACM, New York (2017)Google Scholar
  13. 13.
    Gurulian, I., Markantonakis, K., Akram, R.N., Mayes, K.: Artificial ambient environments for proximity critical applications. In: 2017 12th International Conference on Availability, Reliability and Security, ARES 2017. ACM, New York (2017)Google Scholar
  14. 14.
    Gurulian, I., Shepherd, C., Frank, E., Markantonakis, K., Akram, R., Mayes, K.: On the effectiveness of ambient sensing for NFC-based proximity detection by applying relay attack data. In: The 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2017. IEEE, August 2017Google Scholar
  15. 15.
    Haken, G., Markantonakis, K., Gurulian, I., Shepherd, C., Akram, R.N.: Evaluation of Apple iDevice sensors as a potential relay attack countermeasure for Apple Pay. In: Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security, CPSS 2017, pp. 21–32. ACM, New York (2017)Google Scholar
  16. 16.
    Halevi, T., Ma, D., Saxena, N., Xiang, T.: Secure proximity detection for NFC devices based on ambient sensor data. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 379–396. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33167-1_22 CrossRefGoogle Scholar
  17. 17.
    Hancke, G.P., Kuhn, M.G.: Attacks on time-of-flight distance bounding channels. In: Proceedings of the First ACM Conference on Wireless Network Security, WiSec 2008, pp. 194–202. ACM, New York (2008).
  18. 18.
    Hancke, G., Mayes, K., Markantonakis, K.: Confidence in smart token proximity: relay attacks revisited. Comput. Secur. 28(7), 615–627 (2009). CrossRefGoogle Scholar
  19. 19.
    Hesselmann, T., Henze, N., Boll, S.: FlashLight: optical communication between mobile phones and interactive tabletops. In: ACM International Conference on Interactive Tabletops and Surfaces, ITS 2010, pp. 135–138. ACM, New York (2010),
  20. 20.
    Jin, R., Shi, L., Zeng, K., Pande, A., Mohapatra, P.: MagPairing: pairing smartphones in close proximity using magnetometers. IEEE Trans. Inf. Forensics Secur. 11(6), 1306–1320 (2016)CrossRefGoogle Scholar
  21. 21.
    Karapanos, N., Marforio, C., Soriente, C., Capkun, S.: Sound-Proof: usable two-factor authentication based on ambient sound. In: 24th USENIX Security Symposium. USENIX Association, Washington, D.C., August 2015Google Scholar
  22. 22.
    Li, L., Xue, G., Zhao, X.: The power of whispering: near field assertions via acoustic communications. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2015, pp. 627–632. ACM, New York (2015).
  23. 23.
    Ma, D., Saxena, N., Xiang, T., Zhu, Y.: Location-aware and safer cards: enhancing RFID security and privacy via location sensing. IEEE TDSC 10(2), 57–69 (2013)Google Scholar
  24. 24.
    Maltoni, D., Maio, D., Jain, A., Prabhakar, S.: Handbook of Fingerprint Recognition. Springer Science & Business Media, London (2009). doi: 10.1007/978-1-84882-254-2 CrossRefMATHGoogle Scholar
  25. 25.
    Mehrnezhad, M., Hao, F., Shahandashti, S.F.: Tap-Tap and Pay (TTP): preventing man-in-the-middle attacks in NFC payment using mobile sensors. In: 2nd International Conference on Research in Security Standardisation, October 2014Google Scholar
  26. 26.
    Polla, M.L., Martinelli, F., Sgandurra, D.: A survey on security for mobile devices. IEEE Commun. Surv. Tutorials 15(1), 446–471 (2013)CrossRefGoogle Scholar
  27. 27.
    Rasmussen, K.B., Capkun, S.: Realization of RF distance bounding. In: USENIX Security Symposium, pp. 389–402 (2010)Google Scholar
  28. 28.
    Saxena, N., Uddin, M.B., Voris, J., Asokan, N.: Vibrate-to-unlock: mobile phone assisted user authentication to multiple personal RFID tags. In: 2011 IEEE International Conference on Pervasive Computing and Communications (PerCom), pp. 181–188, March 2011Google Scholar
  29. 29.
    Shen, Z., Zheng, X., Xie, H.: Near field service initiation via vibration channel. In: 2016 12th International Conference on Mobile Ad-Hoc and Sensor Networks (MSN), pp. 450–453, December 2016Google Scholar
  30. 30.
    Shepherd, C., Akram, R.N., Markantonakis, K.: Towards trusted execution of multi-modal continuous authentication schemes. In: Proceedings of the 32nd Symposium on Applied Computing, pp. 1444–1451. ACM (2017)Google Scholar
  31. 31.
    Shepherd, C., Gurulian, I., Frank, E., Markantonakis, K., Akram, R., Mayes, K., Panaousis, E.: The applicability of ambient sensors as proximity evidence for NFC transactions. In: Mobile Security Technologies, IEEE Security and Privacy Workshops, MoST 2017. IEEE, May 2017Google Scholar
  32. 32.
    Shrestha, B., Saxena, N., Truong, H.T.T., Asokan, N.: Drone to the rescue: relay-resilient authentication using ambient multi-sensing. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 349–364. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-45472-5_23 Google Scholar
  33. 33.
    Shrestha, B., Shirvanian, M., Shrestha, P., Saxena, N.: The sounds of the phones: dangers of zero-effort second factor login based on ambient audio. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016 pp. 908–919. ACM, New York (2016)Google Scholar
  34. 34.
    Truong, H.T.T., Gao, X., Shrestha, B., Saxena, N., Asokan, N., Nurmi, P.: Comparing and fusing different sensor modalities for relay attack resistance in zero-interaction authentication. In: 2014 IEEE International Conference on Pervasive Computing and Communications, pp. 163–171. IEEE (2014)Google Scholar
  35. 35.
    Umar, A., Mayes, K., Markantonakis, K.: Performance variation in host-based card emulation compared to a hardware security element. In: 2015 First Conference on Mobile and Secure Services, pp. 1–6. IEEE (2015)Google Scholar
  36. 36.
    Urien, P., Piramuthu, S.: Elliptic curve-based RFID/NFC authentication with temperature sensor input for relay attacks. Decision Support Syst. 59, 28–36 (2014)CrossRefGoogle Scholar
  37. 37.
    Varshavsky, A., Scannell, A., LaMarca, A., de Lara, E.: Amigo: proximity-based authentication of mobile devices. In: Krumm, J., Abowd, G.D., Seneviratne, A., Strang, T. (eds.) UbiComp 2007. LNCS, vol. 4717, pp. 253–270. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74853-3_15 CrossRefGoogle Scholar
  38. 38.
    Verdult, R., Kooman, F.: Practical attacks on NFC enabled cell phones. In: 2011 3rd International Workshop on Near Field Communication (NFC), pp. 77–82, February 2011Google Scholar
  39. 39.
    Yi, S., Qin, Z., Carter, N., Li, Q.: WearLock: unlocking your phone via acoustics using smartwatch. In: 2017 IEEE 37th IEEE International Conference on Distributed Computing Systems, ICDCS 2017 (2017)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Iakovos Gurulian
    • 1
  • Konstantinos Markantonakis
    • 1
  • Carlton Shepherd
    • 1
  • Eibe Frank
    • 2
  • Raja Naeem Akram
    • 1
  1. 1.Information Security Group Smart Card CentreRoyal Holloway, University of LondonEghamUK
  2. 2.Department of Computer ScienceUniversity of WaikatoHamiltonNew Zealand

Personalised recommendations