Skip to main content
SpringerLink
Log in

Tap-Tap and Pay (TTP): Preventing the Mafia Attack in NFC Payment

  • Conference paper
  • First Online:
Security Standardisation Research (SSR 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9497))

Included in the following conference series:

Abstract

Mobile NFC payment is an emerging industry, estimated to reach $670 billion by 2015. The Mafia attack presents a realistic threat to payment systems including mobile NFC payment. In this attack, a user consciously initiates an NFC payment against a legitimate-looking NFC reader (controlled by the Mafia), not knowing that the reader actually relays the data to a remote legitimate NFC reader to pay for something more expensive. In this paper, we present “Tap-Tap and Pay” (TTP), to effectively prevent the Mafia attack in mobile NFC payment. In TTP, a user initiates an NFC payment by physically tapping her mobile phone against the reader twice in succession. The physical tapping causes transient vibrations at both devices, which can be measured by the embedded accelerometers. Our experiments indicate that the two measurements are closely correlated if they are from the same tapping, and are different if obtained from different tapping events. By comparing the similarity between the two measurements, we can effectively tell apart the Mafia fraud from a legitimate NFC transaction. To evaluate the practical feasibility of this solution, we present a prototype of the TTP system based on a pair of NFC-enabled mobile phones and also conduct a user study. The results suggest that our solution is reliable, fast, easy-to-use and has good potential for practical deployment.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    For instance, the contactless limit increased from £20 to £30 in 2015 in the UK.

  2. 2.

    www.hsbc.com.hk.

  3. 3.

    http://wallet.google.com.

  4. 4.

    www.apple.com/iphone-6/apple-pay.

  5. 5.

    www.android.com/intl/en_us/pay.

  6. 6.

    www.idstronghold.com.

  7. 7.

    www.emvco.com.

  8. 8.

    http://developer.android.com/guide/topics/connectivity/nfc/hce.html.

  9. 9.

    Prototyping of our TTP protocol requires the facility of bidirectional NFC using Host-based Card Emulation (HCE). At the time of experiments, Nexus 5 was the only device allowing that facility.

  10. 10.

    www.mymobiler.com.

  11. 11.

    www.bu.mp.

  12. 12.

    www.bpayband.co.uk.

References

  1. Book 2 - Security and Key Management (2011). http://www.emvco.com/specifications.aspx?id=223

  2. International Organization for Standardization, BS ISO/IEC 14443–1:2008+A1:2012 Identification cards. Contactless integrated circuit cards. Proximity cards. Physical characteristics (2012). http://www.bsol.bsigroup.com

  3. International Organization for Standardization, BS ISO/IEC 14443–2:2010+A2:2012 Identification cards. Contactless integrated circuit cards. Proximity cards. Radio frequency power and signal interface (2012). http://www.bsol.bsigroup.com

  4. International Organization for Standardization, BS ISO/IEC 7816–4:2013, Identification cards. Integrated circuit cards. Organization, security and commands for interchange (2013). http://www.bsol.bsigroup.com

  5. EMV Acquirer and Terminal Security Guidelines (2014). http://www.emvco.com/specifications.aspx?id=71

  6. EMV Issuer and Application Security Guidelines (2014). http://www.emvco.com/specifications.aspx?id=71

  7. International Organization for Standardization, BS ISO/IEC 14443–3:2011+A6:2014 Identification cards. Contactless integrated circuit cards. Proximity cards. Initialization and anticollision (2014). http://www.bsol.bsigroup.com

  8. International Organization for Standardization, BS ISO/IEC 14443–4:2008+A4:2014 Identification cards. Contactless integrated circuit cards. Proximity cards. Transmission protocol (2014). http://www.bsol.bsigroup.com

  9. Mobile payment strategies: Remote, contactless & money transfer 2014–2018. Market leading report by Juniper Research, July 2014. http://www.juniperresearch.com/reports.php?id=726

  10. EMV Contactless Specifications for Payment Systems, Book A: Architecture and General Requirements (2015). http://www.emvco.com/specifications.aspx?id=21

  11. EMV Contactless Specifications for Payment Systems, Book B: Entry Point (2015). http://www.emvco.com/specifications.aspx?id=21

  12. EMV Contactless Specifications for Payment Systems, Book C2: Kernel 2 Specification (2015). http://www.emvco.com/specifications.aspx?id=21

  13. EMV Contactless Specifications for Payment Systems, Book C3: Kernel 3 Specification (2015). http://www.emvco.com/specifications.aspx?id=21

  14. EMV Contactless Specifications for Payment Systems, Book D: Contactless Communication Protocol (2015). http://www.emvco.com/specifications.aspx?id=21

  15. Bichler, D., Stromberg, G., Huemer, M., Löw, M.: Key generation based on acceleration data of shaking processes. In: Krumm, J., Abowd, G.D., Seneviratne, A., Strang, T. (eds.) UbiComp 2007. LNCS, vol. 4717, pp. 304–317. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  16. Brands, S., Chaum, D.: Distance bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  17. Chong, M.K., Gellersen, H.: How users associate wireless devices. In: Proceedingsof the SIGCHI Conference on Human Factors in Computing Systems, CHI 2011, pp. 1909–1918. ACM, New York, (2011)

    Google Scholar 

  18. Czeskis, A., Koscher, K., Smith, J.R., Kohno, T.: RFIDs and secret handshakes: defending against ghost-and-leech attacks and unauthorized reads with contextawarecommunications. In: Proceedings of the 15th ACM conference on Computerand communications security, pp. 479–490. ACM (2008)

    Google Scholar 

  19. Drimer, S., Murdoch, S.J.: Keep your enemies close: distance bounding against smartcard relay attacks. In: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, SS 2007, pp. 7:1–7:16. USENIX Association, Berkeley (2007)

    Google Scholar 

  20. Emms, M., van Moorsel, A.: Practical attack on contactless payment cards. In: HCI2011 Workshop-Heath, Wealth and Identity Theft (2011)

    Google Scholar 

  21. Francis, L., Hancke, G.P., Mayes, K., Markantonakis, K.: Practical relay attack on contactless transactions by using nfc mobile phones. In: IACR Cryptology ePrint Archive, p. 618 (2011)

    Google Scholar 

  22. Halevi, T., Ma, D., Saxena, N., Xiang, T.: Secure proximity detection for nfc devices based on ambient sensor data. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 379–396. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  23. Hesseldahl, A.: Apple iPhone 4 parts cost about \(\$188\). Bloomberg Business, June 2010. http://www.bloomberg.com/bw/technology/content/jun2010/tc20100627_763714.htm

  24. Hinckley, K.: Synchronous gestures for multiple persons and computers. In: Proceedings of the 16th Annual ACM Symposium on User Interface Software and Technology, UIST 2003, pp. 149–158. ACM, New York (2003)

    Google Scholar 

  25. Ion, I., Langheinrich, M., Kumaraguru, P., Čapkun, S.: Influence of user perception, security needs, and social factors on device pairing method choices. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, SOUPS 2010, pp. 6:1–6:13. ACM, New York (2010)

    Google Scholar 

  26. Keogh, E.J., Pazzani, M.J.: Derivative dynamic time warping. In: The 1st SIAM International Conference on Data Mining (SDM-2001). SIAM, Chicago (2001)

    Google Scholar 

  27. Kirovski, D., Sinclair, M., Wilson, D.: The martini synch. Technical report MSR-TR-2007-123, Microsoft Research, September 2007

    Google Scholar 

  28. Kirovski, D., Sinclair, M., Wilson, D.: The martini synch: device pairing via joint quantization. In: IEEE International Symposium on Information Theory, 2007. ISIT 2007, pp. 466–470, June 2007

    Google Scholar 

  29. Kobsa, A., Sonawalla, R., Tsudik, G., Uzun, E., Wang, Y.: Serial hook-ups: a comparative usability study of secure device pairing methods. In: Proceedings of the 5th Symposium on Usable Privacy and Security, SOUPS 2009, pp. 10:1–10:12. ACM, New York (2009)

    Google Scholar 

  30. Li, H., Ma, D., Saxena, N., Shrestha, B., Zhu, Y.: Tap-Wave-Rub: lightweight malware prevention for smartphones using intuitive human gestures. In: Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2013, pp. 25–30. ACM, New York (2013)

    Google Scholar 

  31. Lieb, D.: All good things (2014). http://blog.bu.mp/post/71781606704/all-good-things

  32. Liu, J., Zhong, L., Wickramasuriya, J., Vasudevan, V.: uWave: accelerometer-based personalized gesture recognition and its applications. Pervasive Mob. Comput. 5(6), 657–675 (2009)

    Article  Google Scholar 

  33. Ma, D., Saxena, N., Xiang, T., Zhu, Y.: Location-aware and safer cards: enhancing RFID security and privacy via location sensing. IEEE Trans. Dependable Secure Comput. 10(2), 57–69 (2013)

    Article  Google Scholar 

  34. Mayrhofer, R.: The candidate key protocol for generating secret shared keys from similar sensor data streams. In: Stajano, F., Meadows, C., Capkun, S., Moore, T. (eds.) ESAS 2007. LNCS, vol. 4572, pp. 1–15. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  35. Mayrhofer, R., Gellersen, H.-W.: Shake well before use: authentication based on accelerometer data. In: LaMarca, A., Langheinrich, M., Truong, K.N. (eds.) Pervasive 2007. LNCS, vol. 4480, pp. 144–161. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  36. Mayrhofer, R., Gellersen, H.: Shake well before use: intuitive and secure pairing of mobile devices. IEEE Trans. Mob. Comput. 8(6), 792–806 (2009)

    Article  Google Scholar 

  37. Saxena, N., Voris, J.: Still and silent: motion detection for enhanced RFID security and privacy without changing the usage model. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 2–21. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  38. Shrestha, B., Saxena, N., Truong, H.T.T., Asokan, N.: Drone to the rescue: relay-resilient authentication using ambient multi-sensing. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 344–359. Springer, Heidelberg (2014)

    Google Scholar 

  39. Studer, A., Passaro, T., Bauer, L.: Don’t bump, shake on it: the exploitation of a popular accelerometer-based smart phone exchange and its secure replacement. In: Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC 2011, pp. 333–342. ACM, New York (2011)

    Google Scholar 

Download references

Acknowledgements

We thank all the participants who contributed to our experiments. We also thank the anonymous reviewers of this paper. The second and the third authors are supported by ERC Starting Grant No. 306994.

Author information

Authors and Affiliations

  1. School of Computing Science, Newcastle University, Newcastle upon Tyne, UK

    Maryam Mehrnezhad, Feng Hao & Siamak F. Shahandashti

Authors
  1. Maryam Mehrnezhad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Feng Hao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Siamak F. Shahandashti
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Maryam Mehrnezhad .

Editor information

Editors and Affiliations

  1. Hewlett Packard Laboratories, Bristol, United Kingdom

    Liqun Chen

  2. NICT, Tokyo, Japan

    Shin'ichiro Matsuo

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Mehrnezhad, M., Hao, F., Shahandashti, S.F. (2015). Tap-Tap and Pay (TTP): Preventing the Mafia Attack in NFC Payment. In: Chen, L., Matsuo, S. (eds) Security Standardisation Research. SSR 2015. Lecture Notes in Computer Science(), vol 9497. Springer, Cham. https://doi.org/10.1007/978-3-319-27152-1_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-27152-1_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-27151-4

  • Online ISBN: 978-3-319-27152-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation