Name
Abstract | ||
|---|---|---|
A huge number of security-relevant systems nowadays use contactless smart cards. Such systems, like payment systems or access control systems, commonly use single-pass or mutual authentication protocols to proof the origin of the card holder. The application of relay attacks allows to circumvent this authentication process without needing to attack the implementation or protocol itself. Instead, the entire wireless communication is simply forwarded using a proxy and a mole allowing to relay messages over a large distance. In this paper, we present several relay attacks on an ISO/IEC 14443-based smart card implementing an AES challenge-response protocol. We highlight the strengths and weaknesses of two different proxy types: an NFC smart phone and a dedicated custom-made proxy device. First, we propose a “three-phones-in-the-middle” attack that allows to relay the communication over more than 360 feet (110 meters). Second, we present a custom-made proxy that solves major relay-attack restrictions that apply on almost all NFC smart phones, for example, cloning of the victim's UID, adaption of low-level protocol parameters, direct request for Waiting Time Extensions, or active modifications of the messages. Finally, we propose an attack that allows to induce single bit faults during the anticollision of the card which forces the reader to re-send or temporarily stall the communication which can be exploited by attacks to gain additional relay time. |
Year | DOI | Venue |
|---|---|---|
2014 | 10.1109/RFID.2014.6810722 | IEEE RFID |
Keywords | Field | DocType |
access control,computer crime,cryptographic protocols,data privacy,smart cards,smart phones,telecommunication security,AES challenge-response protocol,ISO/IEC 14443-based smart card,NFC smart phone,access control systems,active relay attacks,contactless smart cards,custom-made proxies,custom-made proxy device,mutual authentication protocols,payment systems,security-relevant systems,single bit faults,single-pass authentication protocols,wireless communication,Embedded Systems,Man-in-the-Middle,Radio-Frequency Identification (RFID),Relay Attacks,Smart Cards | Mutual authentication,Wireless,Authentication,Smart card,Access control,Engineering,Smart card application protocol data unit,Payment,Relay,Embedded system | Conference |
Citations | PageRank | References |
3 | 0.42 | 7 |
Authors | ||
2 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Thomas Korak | 1 | 71 | 7.32 |
| Michael Hutter | 2 | 345 | 25.26 |