Make Noise and Whisper: A Solution to Relay Attacks
In this paper we propose a new method to detect relay attacks. The relay attacks are possible in many communication systems, and are easy to put in practice since the attackers don’t require any knowledge about the underlying protocols or the cryptographic keys.
So far the most practical solutions against relay attacks rely on distance-bounding protocols. These protocols can provide an estimated maximum distance between two communicating devices.
We provide a different solution that can detect a relay attack regardless of the distance between the devices. Our solution relies on introducing intentional errors in the communication, providing a kind of hop-count metric.
In order to illustrate our idea we describe two idealized example implementations and we assess their theoretical performance with simulation experiments. There are several limitations in these two examples but we hope that the ideas presented in this paper will contribute towards practical implementations against relay attacks.
KeywordsDebit Card Intentional Error Honest Participant Honest Player Relay Attack
Unable to display preview. Download preview PDF.
- 1.Conway, J.: On numbers and games, p. 75. Academic Press (1976)Google Scholar
- 2.Desmedt, Y., Goutier, C., Bengio, S.: Special Uses and Abuses of the Fiat-Shamir Passport Protocol. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 21–39. Springer, Heidelberg (1988)Google Scholar
- 4.Hancke, G., Kuhn, M.: An RFID Distance Bounding Protocol. In: Proc. IEEE Securecomm 2005 (2005)Google Scholar
- 5.The Smart Card Detective: a hand-held EMV interceptor, Omar Choudary, MPhil thesis at University of Cambridge, Computer Lab, http://www.cl.cam.ac.uk/~osc22/scd/
- 7.Drimer, S., Murdoch, S.: Keep your enemies close: distance bounding against smartcard relay attacks. In: 16th USENIX Security Symposium (August 2007)Google Scholar
- 9.Fawcett, T.: ROC Graphs: Notes and Practical Considerations for Researchers. Kluwer Academic Publishers, Netherlands (2004)Google Scholar
- 10.Anderson, R., Bond, M.: The Man-in-the-Middle Defence. In: Cambridge Security Protocols Workshop (2006)Google Scholar