Skip to main content
SpringerLink
Log in

Proximity Assurances Based on Natural and Artificial Ambient Environments

  • Conference paper
  • First Online:
Innovative Security Solutions for Information Technology and Communications (SecITC 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10543))

Included in the following conference series:

  • 569 Accesses

Abstract

Relay attacks are passive man-in-the-middle attacks that aim to extend the physical distance of devices involved in a transaction beyond their operating environment. In the field of smart cards, distance bounding protocols have been proposed in order to counter relay attacks. For smartphones, meanwhile, the natural ambient environment surrounding the devices has been proposed as a potential Proximity and Relay-Attack Detection (PRAD) mechanism. These proposals, however, are not compliant with industry-imposed constraints that stipulate maximum transaction completion times, e.g. 500 ms for EMV contactless transactions. We evaluated the effectiveness of 17 ambient sensors that are widely-available in modern smartphones as a PRAD method for time-restricted contactless transactions. In our work, both similarity- and machine learning-based analyses demonstrated limited effectiveness of natural ambient sensing as a PRAD mechanism under the operating requirements for proximity and transaction duration specified by EMV and ITSO. To address this, we propose the generation of an Artificial Ambient Environment (AAE) as a robust alternative for an effective PRAD. The use of infrared light as a potential PRAD mechanism is evaluated, and our results indicate a high success rate while remaining compliant with industry requirements.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Also known as the F1 score or F-measure.

  2. 2.

    http://developer.android.com/guide/topics/sensors/sensors_position.html#sensors-pos-prox.

  3. 3.

    dwdiff tool: http://os.ghalkes.nl/dwdiff.html.

References

  1. Transit and Contactless Open Payments: An Emerging Approach for Fare Collection. White paper, Smart Card Alliance Transportation Council, November 2011

    Google Scholar 

  2. How to Optimize the Consumer Contactless Experience? The Perfect Tap. Technical report, MasterCard (2014)

    Google Scholar 

  3. EMV Contactless Specifications for Payment Systems: Book D - EMV Contactless Communication Protocol Specification. Spec V2.6, EMVCo, LLC, March 2016

    Google Scholar 

  4. Transactions Acceptance Device Guide (TADG). Specification Version 3.1, VISA, November 2016

    Google Scholar 

  5. Boureanu, I., Mitrokotsa, A., Vaudenay, S.: Towards secure distance bounding. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 55–67. Springer, Heidelberg (2014). doi:10.1007/978-3-662-43933-3_4

    Google Scholar 

  6. Coskun, V., Ozdenizci, B., Ok, K.: A survey on Near Field Communication (NFC) technology. Wireless Pers. Commun. 71(3), 2259–2294 (2013). http://dx.doi.org/10.1007/s11277-012-0935-5

    Article  Google Scholar 

  7. Cremers, C., Rasmussen, K., Schmidt, B., Capkun, S.: Distance hijacking attacks on distance bounding protocols. In: 2012 IEEE Symposium on Security and Privacy, pp. 113–127, May 2012

    Google Scholar 

  8. Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Practical NFC peer-to-peer relay attack using mobile phones. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 35–49. Springer, Heidelberg (2010). doi:10.1007/978-3-642-16822-2_4

    Chapter  Google Scholar 

  9. Francis, L., Hancke, G.P., Mayes, K., Markantonakis, K.: Practical relay attack on contactless transactions by using NFC mobile phones. In: IACR Cryptology Archive 2011, p. 618 (2011)

    Google Scholar 

  10. Galal, M.M., Fayed, H.A., Aziz, A.A.E., Aly, M.H.: Smartphones for payments and withdrawals utilizing embedded LED flashlight for high speed data transmission. In: 2013 Fifth International Conference on Computational Intelligence, Communication Systems and Networks, pp. 63–66, June 2013

    Google Scholar 

  11. Galal, M.M., Aziz, A.A.A.E., Fayed, H.A., Aly, M.H.: Smartphone payment via flashlight: utilizing the built-in flashlight of smartphones as replacement for magnetic cards. Optik - Int. J. Light Electron Optics 127(5), 2453–2460 (2016)

    Article  Google Scholar 

  12. Gurulian, I., Akram, R.N., Markantonakis, K., Mayes, K.: Preventing relay attacks in mobile transactions using infrared light. In: Proceedings of the Symposium on Applied Computing, SAC 2017, pp. 1724–1731. ACM, New York (2017)

    Google Scholar 

  13. Gurulian, I., Markantonakis, K., Akram, R.N., Mayes, K.: Artificial ambient environments for proximity critical applications. In: 2017 12th International Conference on Availability, Reliability and Security, ARES 2017. ACM, New York (2017)

    Google Scholar 

  14. Gurulian, I., Shepherd, C., Frank, E., Markantonakis, K., Akram, R., Mayes, K.: On the effectiveness of ambient sensing for NFC-based proximity detection by applying relay attack data. In: The 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2017. IEEE, August 2017

    Google Scholar 

  15. Haken, G., Markantonakis, K., Gurulian, I., Shepherd, C., Akram, R.N.: Evaluation of Apple iDevice sensors as a potential relay attack countermeasure for Apple Pay. In: Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security, CPSS 2017, pp. 21–32. ACM, New York (2017)

    Google Scholar 

  16. Halevi, T., Ma, D., Saxena, N., Xiang, T.: Secure proximity detection for NFC devices based on ambient sensor data. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 379–396. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33167-1_22

    Chapter  Google Scholar 

  17. Hancke, G.P., Kuhn, M.G.: Attacks on time-of-flight distance bounding channels. In: Proceedings of the First ACM Conference on Wireless Network Security, WiSec 2008, pp. 194–202. ACM, New York (2008). http://doi.acm.org/10.1145/1352533.1352566

  18. Hancke, G., Mayes, K., Markantonakis, K.: Confidence in smart token proximity: relay attacks revisited. Comput. Secur. 28(7), 615–627 (2009). http://www.sciencedirect.com/science/article/pii/S0167404809000595

    Article  Google Scholar 

  19. Hesselmann, T., Henze, N., Boll, S.: FlashLight: optical communication between mobile phones and interactive tabletops. In: ACM International Conference on Interactive Tabletops and Surfaces, ITS 2010, pp. 135–138. ACM, New York (2010), http://doi.acm.org/10.1145/1936652.1936679

  20. Jin, R., Shi, L., Zeng, K., Pande, A., Mohapatra, P.: MagPairing: pairing smartphones in close proximity using magnetometers. IEEE Trans. Inf. Forensics Secur. 11(6), 1306–1320 (2016)

    Article  Google Scholar 

  21. Karapanos, N., Marforio, C., Soriente, C., Capkun, S.: Sound-Proof: usable two-factor authentication based on ambient sound. In: 24th USENIX Security Symposium. USENIX Association, Washington, D.C., August 2015

    Google Scholar 

  22. Li, L., Xue, G., Zhao, X.: The power of whispering: near field assertions via acoustic communications. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2015, pp. 627–632. ACM, New York (2015). http://doi.acm.org/10.1145/2714576.2714586

  23. Ma, D., Saxena, N., Xiang, T., Zhu, Y.: Location-aware and safer cards: enhancing RFID security and privacy via location sensing. IEEE TDSC 10(2), 57–69 (2013)

    Google Scholar 

  24. Maltoni, D., Maio, D., Jain, A., Prabhakar, S.: Handbook of Fingerprint Recognition. Springer Science & Business Media, London (2009). doi:10.1007/978-1-84882-254-2

    Book  MATH  Google Scholar 

  25. Mehrnezhad, M., Hao, F., Shahandashti, S.F.: Tap-Tap and Pay (TTP): preventing man-in-the-middle attacks in NFC payment using mobile sensors. In: 2nd International Conference on Research in Security Standardisation, October 2014

    Google Scholar 

  26. Polla, M.L., Martinelli, F., Sgandurra, D.: A survey on security for mobile devices. IEEE Commun. Surv. Tutorials 15(1), 446–471 (2013)

    Article  Google Scholar 

  27. Rasmussen, K.B., Capkun, S.: Realization of RF distance bounding. In: USENIX Security Symposium, pp. 389–402 (2010)

    Google Scholar 

  28. Saxena, N., Uddin, M.B., Voris, J., Asokan, N.: Vibrate-to-unlock: mobile phone assisted user authentication to multiple personal RFID tags. In: 2011 IEEE International Conference on Pervasive Computing and Communications (PerCom), pp. 181–188, March 2011

    Google Scholar 

  29. Shen, Z., Zheng, X., Xie, H.: Near field service initiation via vibration channel. In: 2016 12th International Conference on Mobile Ad-Hoc and Sensor Networks (MSN), pp. 450–453, December 2016

    Google Scholar 

  30. Shepherd, C., Akram, R.N., Markantonakis, K.: Towards trusted execution of multi-modal continuous authentication schemes. In: Proceedings of the 32nd Symposium on Applied Computing, pp. 1444–1451. ACM (2017)

    Google Scholar 

  31. Shepherd, C., Gurulian, I., Frank, E., Markantonakis, K., Akram, R., Mayes, K., Panaousis, E.: The applicability of ambient sensors as proximity evidence for NFC transactions. In: Mobile Security Technologies, IEEE Security and Privacy Workshops, MoST 2017. IEEE, May 2017

    Google Scholar 

  32. Shrestha, B., Saxena, N., Truong, H.T.T., Asokan, N.: Drone to the rescue: relay-resilient authentication using ambient multi-sensing. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 349–364. Springer, Heidelberg (2014). doi:10.1007/978-3-662-45472-5_23

    Google Scholar 

  33. Shrestha, B., Shirvanian, M., Shrestha, P., Saxena, N.: The sounds of the phones: dangers of zero-effort second factor login based on ambient audio. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016 pp. 908–919. ACM, New York (2016)

    Google Scholar 

  34. Truong, H.T.T., Gao, X., Shrestha, B., Saxena, N., Asokan, N., Nurmi, P.: Comparing and fusing different sensor modalities for relay attack resistance in zero-interaction authentication. In: 2014 IEEE International Conference on Pervasive Computing and Communications, pp. 163–171. IEEE (2014)

    Google Scholar 

  35. Umar, A., Mayes, K., Markantonakis, K.: Performance variation in host-based card emulation compared to a hardware security element. In: 2015 First Conference on Mobile and Secure Services, pp. 1–6. IEEE (2015)

    Google Scholar 

  36. Urien, P., Piramuthu, S.: Elliptic curve-based RFID/NFC authentication with temperature sensor input for relay attacks. Decision Support Syst. 59, 28–36 (2014)

    Article  Google Scholar 

  37. Varshavsky, A., Scannell, A., LaMarca, A., de Lara, E.: Amigo: proximity-based authentication of mobile devices. In: Krumm, J., Abowd, G.D., Seneviratne, A., Strang, T. (eds.) UbiComp 2007. LNCS, vol. 4717, pp. 253–270. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74853-3_15

    Chapter  Google Scholar 

  38. Verdult, R., Kooman, F.: Practical attacks on NFC enabled cell phones. In: 2011 3rd International Workshop on Near Field Communication (NFC), pp. 77–82, February 2011

    Google Scholar 

  39. Yi, S., Qin, Z., Carter, N., Li, Q.: WearLock: unlocking your phone via acoustics using smartwatch. In: 2017 IEEE 37th IEEE International Conference on Distributed Computing Systems, ICDCS 2017 (2017)

    Google Scholar 

Download references

Acknowledgement

Carlton Shepherd is supported by the EPSRC and the British government as part of the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London (EP/K035584/1). The authors would also like to thank anonymous reviewers for their valuable comments.

Author information

Authors and Affiliations

  1. Information Security Group Smart Card Centre, Royal Holloway, University of London, Egham, UK

    Iakovos Gurulian, Konstantinos Markantonakis, Carlton Shepherd & Raja Naeem Akram

  2. Department of Computer Science, University of Waikato, Hamilton, New Zealand

    Eibe Frank

Authors
  1. Iakovos Gurulian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Konstantinos Markantonakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Carlton Shepherd
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Eibe Frank
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Raja Naeem Akram
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Iakovos Gurulian .

Editor information

Editors and Affiliations

  1. École Normale Supérieure, Paris, France

    Pooya Farshim

  2. Polytechnic University of Bucharest, Bucharest, Romania

    Emil Simion

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gurulian, I., Markantonakis, K., Shepherd, C., Frank, E., Akram, R.N. (2017). Proximity Assurances Based on Natural and Artificial Ambient Environments. In: Farshim, P., Simion, E. (eds) Innovative Security Solutions for Information Technology and Communications. SecITC 2017. Lecture Notes in Computer Science(), vol 10543. Springer, Cham. https://doi.org/10.1007/978-3-319-69284-5_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-69284-5_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-69283-8

  • Online ISBN: 978-3-319-69284-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation