Keith Mayes scite author profile

Abstract. NFC is a standardised technology providing short-range RFID communication channels for mobile devices. Peer-to-peer applications for mobile devices are receiving increased interest and in some cases these services are relying on NFC communication. It has been suggested that NFC systems are particularly vulnerable to relay attacks, and that the attacker's proxy devices could even be implemented using off-the-shelf NFC-enabled devices. This paper describes how a relay attack can be implemented against systems using legitimate peer-to-peer NFC communication by developing and installing suitable MIDlets on the attacker's own NFC-enabled mobile phones. The attack does not need to access secure program memory nor use any code signing, and can use publicly available APIs. We go on to discuss how relay attack countermeasures using device location could be used in the mobile environment. These countermeasures could also be applied to prevent relay attacks on contactless applications using 'passive' NFC on mobile phones.

show abstract

Confidence in smart token proximity: Relay attacks revisited

Hancke

Mayes

Markantonakis

2009

Computers & Security

View full text Add to dashboard Cite

Contactless and contact smart card systems use the physical constraints of the communication channel to implicitly prove the proximity of a token. These systems, however, are potentially vulnerable to an attack where the attacker relays communication between the reader and a token. Relay attacks are not new but are often not considered a major threat, like eavesdropping or skimming attacks, even though they arguably pose an equivalent security risk. In this paper we discuss the feasibility of implementing passive and active relay attacks against smart tokens and the possible security implications if an attacker succeeds. Finally, we evaluate the effectiveness of time-out constraints, distance bounding and the use of a additional verification techniques for making systems relay-resistant and explain the challenges still facing these mechanisms.

show abstract

A Practical Generic Relay Attack on Contactless Transactions by Using NFC Mobile Phones

Francis¹,

Hancke²,

Mayes³

2013

IJRFIDSC

View full text Add to dashboard Cite

Contactless technology is widely used in security sensitive applications, including identification, payment and access-control systems. Near Field Communication (NFC) is a short-range contactless technology allowing mobile devices to act primarily as either a reader or a token. Relay attacks exploit the assumption that a contactless token within communication range is in close proximity, by placing a proxy-token in range of a contactless reader and relaying communication over a greater distance to a proxy-reader communicating with the authentic token. It has been theorised that NFC-enabled mobile phones could be used as a generic relay attack platform without any additional hardware, but this has not been successfully demonstrated in practice. We present a practical implementation of an NFCenabled relay attack, requiring only suitable mobile software applications. This implementation reduces the complexity of relay attacks and therefore has potential security implications for current contactless systems. We also discuss countermeasures to mitigate the attack.

show abstract

Birimian lithological succession and structural evolution in the Goren segment of the Boromo–Goren Greenstone Belt, Burkina Faso

Hein

Morel²,

Kagoné³

et al. 2004

Journal of African Earth Sciences

View full text Add to dashboard Cite

Secure Improved Cloud-Based RFID Authentication Protocol

Abughazalah

Markantonakis

Mayes

2015

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Keith Mayes

Practical NFC Peer-to-Peer Relay Attack Using Mobile Phones

Confidence in smart token proximity: Relay attacks revisited

A Practical Generic Relay Attack on Contactless Transactions by Using NFC Mobile Phones

Birimian lithological succession and structural evolution in the Goren segment of the Boromo–Goren Greenstone Belt, Burkina Faso

Secure Improved Cloud-Based RFID Authentication Protocol

Contact Info

Product

Resources

About