Skip to main content
SpringerLink
Log in

Practical NFC Peer-to-Peer Relay Attack Using Mobile Phones

  • Conference paper
Radio Frequency Identification: Security and Privacy Issues (RFIDSec 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6370))

Abstract

NFC is a standardised technology providing short-range RFID communication channels for mobile devices. Peer-to-peer applications for mobile devices are receiving increased interest and in some cases these services are relying on NFC communication. It has been suggested that NFC systems are particularly vulnerable to relay attacks, and that the attacker’s proxy devices could even be implemented using off-the-shelf NFC-enabled devices. This paper describes how a relay attack can be implemented against systems using legitimate peer-to-peer NFC communication by developing and installing suitable MIDlets on the attacker’s own NFC-enabled mobile phones. The attack does not need to access secure program memory nor use any code signing, and can use publicly available APIs. We go on to discuss how relay attack countermeasures using device location could be used in the mobile environment. These countermeasures could also be applied to prevent relay attacks on contactless applications using ’passive’ NFC on mobile phones.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ISO/IEC 18092 (ECMA-340), Information technology Telecommunications and information exchange between systems Near Field Communication Interface and Protocol (NFCIP-1) (2004), http://www.iso.org/ (cited March 31, 2010)

  2. Bluetooth Core Specification Version 2.1. + EDR. Vol. 2 (July 2007)

    Google Scholar 

  3. Lin, G., Mikhak, A.A., Nakajima, L.T., Mayo, S.A., Rosenblatt, M.: Peer-to-peer Financial Transaction Devices and Methods. Apple Inc. Patent Application WO/2010/039337 (April 2010)

    Google Scholar 

  4. Hancke, G.P., Mayes, K.E., Markantonakis, K.: Confidence in Smart Token Proximity: Relay Attacks Revisited. Elsevier Computers & Security 28(7), 615–627 (2009)

    Google Scholar 

  5. Anderson, R.: RFID and the Middleman. In: Conference on Financial Cryptography and Data Security, pp. 46–49 (December 2007)

    Google Scholar 

  6. Kfir, Z., Wool, A.: Picking Virtual Pockets using Relay Attacks on Contactless Smartcard Systems. In: Proceedings of IEEE/CreateNet SecureComm, pp. 47–58 (2005)

    Google Scholar 

  7. Sun Microsystems, JSR-000118 Mobile Information Device Profile 2.0, http://jcp.org/aboutJava/communityprocess/final/jsr118/index.html .

  8. ISO/IEC 21481 (ECMA-352), Information technology Telecommunications and information exchange between systems Near Field Communication Interface and Protocol (NFCIP-2) (2005), http://www.iso.org/ (cited March 31, 2010)

  9. ISO/IEC 14443, Identification cards Contactless integrated circuit cards Proximity cards, http://www.iso.org/ (cited March 31, 2010)

  10. ISO/IEC 15693, Identification cards – Contactless integrated circuit cards – Vicinity cards, http://www.iso.org/ (cited March 31, 2010)

  11. FeliCa, http://www.sony.net/Products/felica/ (cited March 31, 2010)

  12. European Technical Standards Institute (ETSI), Smart Cards; UICC-Terminal interface; Physical and logical characteristics (Release 7), TS 102 221 V7.9.0 (2007-07), http://www.etsi.org/ (cited March 31,2010)

  13. Third Generation Partnership Project, Specification of the Subscriber Identity Module-Mobile Equipment (SIM - ME) interface (Release 1999), TS 11.11 V8.14.0 (2007-06), http://www.3gpp.org/

  14. Third Generation Partnership Project, Characteristics of the Universal Subscriber Identity Module (USIM) application (Release 7), TS 31.102 V7.10.0 (2007-09), http://www.3gpp.org/

  15. Third Generation Partnership Project 2 (3GPP2), Removable User Identity Module (RUIM) for Spread Spectrum Systems, 3GPP2 C.S0023-C V1.0 (May 26, 2006), http://www.3gpp2.org/

  16. SD Card Association, http://www.sdcard.org/ (cited March 31, 2010)

  17. Candidate Technical Specification: Signature Record Type Definition. NFC Forum (October 2009)

    Google Scholar 

  18. Near Field Communication (NFC) Forum, http://www.nfc-forum.org (cited March 31, 2010)

  19. Sun Microsystems, Java Card Platform Specification v2.2.1, http://java.sun.com/products/javacard/specs.html (cited March 31, 2010)

  20. NXP, Java Card Open Platform, http://www.nxp.com/ (cited March 31, 2010)

  21. Global Platform, Card Specification v2.1.1, http://www.globalplatform.org (cited March 31, 2010)

  22. NXP Semiconductor: Mifare Standard Specification, http://www.nxp.com/acrobat_download/other/identification/ (cited March 31, 2010)

  23. Francis, L., Hancke, G.P., Mayes, K.E., Markantonakis, K.: Potential Misuse of NFC Enabled Mobile Handsets with Embedded Security Elements as Contactless Attack Platforms. In: Proceedings of the 1st Workshop on RFID Security and Cryptography (RISC 2009), in conjunction with the International Conference for Internet Technology and Secured Transactions (ICITST 2009), , pp. 1–8 (November 2009)

    Google Scholar 

  24. Mayes, K.E., Markantonakis, K. (eds.): Smart Cards, Tokens, Security and Applications. Springer, Heidelberg (2008), ISBN: 978-0-387-72197-2

    Google Scholar 

  25. Sun Microsystems: JSR-000257 Contactless Communication API 1.0, http://jcp.org/aboutJava/communityprocess/final/jsr257/index.html

  26. Conway, J.H.: On Numbers and Games. Academic Press, London (1976)

    MATH  Google Scholar 

  27. Desmedt, Y., Goutier, C., Bengio, S.: Special Uses and Abuses of the Fiat-Shamir Passport Protocol. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, p. 21. Springer, Heidelberg (1988)

    Google Scholar 

  28. Hu, Y.C., Perrig, A., Johnson, D.B.: Wormhole Attacks in Wireless Networks. IEEE Journal on Selected Areas in Communications (JSAC), 370–380 (2006)

    Google Scholar 

  29. Hancke, G.P., Kuhn, M.G.: An RFID Distance Bounding Protocol. In: Proceedings of IEEE/CreateNet SecureComm, pp. 67–73 (September 2005)

    Google Scholar 

  30. Hancke, G.P.: Practical Attacks on Proximity Identification Systems. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 328–333 (May 2006) (short paper)

    Google Scholar 

  31. Libnfc.org, Public Platform Independent Near Field Communication (NFC) Library, http://www.libnfc.org/documentation/examples/nfc-relay (cited March 31, 2010)

  32. RFID IO Tools, rfidiot.org (cited March 31, 2010)

  33. Sun Microsystems: JSR-000082 Java API for Bluetooth 2.1, http://jcp.org/aboutJava/communityprocess/final/jsr082/index.html (cited March 31, 2010)

  34. Sun Microsystems: Java Code Signing for J2ME, http://java.sun.com/ (cited March 31, 2010)

  35. Nokia Forum, Java Security Domains, http://wiki.forum.nokia.com/index.php/Java_Security_Domains (cited March 31, 2010)

  36. Nokia Forum, MIDP 2.0 API Access Rights, http://wiki.forum.nokia.com/index.php/MIDP_2.0_API_access_rights (cited March 31, 2010)

  37. Nokia Forum, MIDP 2.1 API Access Rights, http://wiki.forum.nokia.com/index.php/MIDP_2.1_API_access_rights (cited March 31, 2010)

  38. Nokia Forum, Nokia 6131 API Access Rights, http://wiki.forum.nokia.com/index.php/API_access_rights_on_phones,_Series_40_3rd_FP1 (cited March 31, 2010)

  39. Nokia Forum, Nokia 6212 API Access Rights, http://wiki.forum.nokia.com/index.php/API_access_rights_on_phones,_Series_40_5th_FP1 (cited March 31, 2010)

  40. Brands, S., Chaum, D.: Distance Bounding Protocols. Advances in Cryptology. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)

    Google Scholar 

  41. Clulow, J., Hancke, G.P., Kuhn, M.G., Moore, T.: So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks. In: Buttyán, L., Gligor, V.D., Westhoff, D. (eds.) ESAS 2006. LNCS, vol. 4357, pp. 83–97. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  42. Hancke, G.P., Kuhn, M.G.: Attacks on Time-of-Flight Distance Bounding Channels. In: Proceedings of the First ACM Conference on Wireless Network Security (WISEC 2008), pp. 194–202 (March 2008)

    Google Scholar 

  43. Rasmussen, K.B., Čapkun, S.: Implications of Radio Fingerprinting on the Security of Sensor Networks. In: Proceedings of IEEE SecureComm. (2007)

    Google Scholar 

  44. Danev, B., Heydt-Benjamin, T.S., Čapkun, S.: Physical-layer Identification of RFID Devices. In: Proceedings of USENIX Security Symposium (2009)

    Google Scholar 

  45. Anderson, R.J., Bond, M.: The Man-in-the-Middle Defense. Presented at Security Protocols Workshop (March 2006), http://www.cl.cam.ac.uk/~rja14/Papers/Man-in-the-Middle-Defence.pdf

  46. Stajano, F., Wong, F.L., Christianson, B.: Multichannel Protocols to Prevent Relay Attacks. In: Conference on Financial Cryptography and Data Security (January 2010)

    Google Scholar 

  47. Boukerche, A., Oliveira, H.A.B., Nakamura, E.F., Loureiro, A.A.F.: Secure Localization Algorithms for Wireless Sensor Networks. IEEE Communications Magazine 46(4), 96–101 (2008)

    Article  Google Scholar 

  48. Google Maps: Google Inc., http://www.googlemaps.com/ (cited March 31, 2010)

  49. Saroiu, S., Wolman, A.: Enabling New Mobile Applications with Location Proofs. In: Proceedings of the 10th Workshop on Mobile Computing Systems and Applications, HotMobile 2009, Santa Cruz, California, February 23 - 24, pp. 1–6. ACM, New York (2009)

    Chapter  Google Scholar 

  50. Luo, W., Hengartner, U.: Proving your Location without giving up your Privacy. In: Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications, HotMobile 2010, Annapolis, Maryland, February 22 - 23, pp. 7–12. ACM, New York (2010)

    Chapter  Google Scholar 

  51. Hu, Y.C., Perrig, A., Johnson, D.B.: Packet leashes: A Defense Against Wormhole Attacks in Wireless Networks. In: Proceedings of INFOCOM, pp. 1976–1986 (April 2003)

    Google Scholar 

  52. Tippenhauer, N.O., Rasmussen, K.B., Pöpper, C., Capkun, S.: Attacks on Public WLAN-based Positioning. In: Proceedings of the ACM/Usenix International Conference on Mobile Systems, Applications and Services, MobiSys (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Group, Smart Card Centre, Royal Holloway University of London, Egham Hill, TW20 0EX, Surrey, United Kingdom

    Lishoy Francis, Gerhard Hancke, Keith Mayes & Konstantinos Markantonakis

Authors
  1. Lishoy Francis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gerhard Hancke
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Keith Mayes
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Konstantinos Markantonakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Electrical and Electronics Engineering, Department of Electronics and Communication Engineering, Istanbul Technical University, 34469, Istanbul, Turkey

    Siddika Berna Ors Yalcin

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Francis, L., Hancke, G., Mayes, K., Markantonakis, K. (2010). Practical NFC Peer-to-Peer Relay Attack Using Mobile Phones. In: Ors Yalcin, S.B. (eds) Radio Frequency Identification: Security and Privacy Issues. RFIDSec 2010. Lecture Notes in Computer Science, vol 6370. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16822-2_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16822-2_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16821-5

  • Online ISBN: 978-3-642-16822-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation