Contactless Access Control Based on Distance Bounding

Kılınç, Handan; Vaudenay, Serge

doi:10.1007/978-3-319-69659-1_11

Cited by 3 publications

(3 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While this simplifies the usage for many applications, it only measures the distance to some recipient, not necessarily the intended one. In contrast, an implementation on the application layer can ensure the correct recipient, but requires every application to implement their own, incompatible DB protocol [15,26,39].…”

Section: Countermeasuresmentioning

confidence: 99%

NFCGate: Opening the Door for NFC Security Research with a Smartphone-Based Toolkit

Klee,

Roussos,

Maass

et al. 2020

Preprint

View full text Add to dashboard Cite

Near Field Communication (NFC) is being used in a variety of security-critical applications, from access control to payment systems. However, NFC protocol analysis typically requires expensive or conspicuous dedicated hardware, or is severely limited on smartphones. In 2015, the NFCGate proof of concept aimed at solving this issue by providing capabilities for NFC analysis employing off-the-shelf Android smartphones.In this paper, we present an extended and improved NFC toolkit based on the functionally limited original open-source codebase. With in-flight traffic analysis and modification, relay, and replay features this toolkit turns an off-the-shelf smartphone into a powerful NFC research tool. To support the development of countermeasures against relay attacks, we investigate the latency incurred by NFCGate in different configurations.Our newly implemented features and improvements enable the case study of an award-winning, enterprise-level NFC lock from a well-known European lock vendor, which would otherwise require dedicated hardware. The analysis of the lock reveals several security issues, which were disclosed to the vendor.

show abstract

Section: Countermeasuresmentioning

confidence: 99%

NFCGate: Opening the Door for NFC Security Research with a Smartphone-Based Toolkit

Klee,

Roussos,

Maass

et al. 2020

Preprint

View full text Add to dashboard Cite

show abstract

“…In contactless payment, we consider the similar adversarial and communication model with the access control (AC) security model by Kılınç and Vaudenay [21]. The parties in AC: a controller, a reader, a tag correspond to the parties contactless payment: an issuer, a terminal, a card, respectively.…”

Section: Adversarial and Communication Modelmentioning

confidence: 99%

“…Instances of honest parties cannot be run in parallel. -The adversaries can change the location of honest instances (but they move at a limited speed) or can activate them (See [21] for details). -Adversaries can create the database.…”

Section: Adversarial and Communication Modelmentioning

confidence: 99%

Secure Contactless Payment

Kılınç

Vaudenay

2018

Information Security and Privacy

Self Cite

View full text Add to dashboard Cite

A contactless payment lets a card holder execute payment without any interaction (e.g., entering PIN or signing) between the terminal and the card holder. Even though the security is the first priority in a payment system, the formal security model of contactless payment does not exist. Therefore, in this paper, we design an adversarial model and define formally the contactless-payment security against malicious cards and malicious terminals including relay attacks. Accordingly, we design a contactless-payment protocol and show its security in our security model. At the end, we analyze EMV-contactless which is a commonly used specification by most of the mobile contactless-payment systems and credit cards in Europe. We find that it is not secure against malicious cards. We also prove its security against malicious terminals in our model. This type of cryptographic proof has not been done before for the EMV specification.

show abstract

You foot the bill! Attacking NFC with passive relays

Sun

Kumar

et al. 2020

Preprint

View full text Add to dashboard Cite

Contactless Access Control Based on Distance Bounding

Cited by 3 publications

References 28 publications

NFCGate: Opening the Door for NFC Security Research with a Smartphone-Based Toolkit

NFCGate: Opening the Door for NFC Security Research with a Smartphone-Based Toolkit

Secure Contactless Payment

You foot the bill! Attacking NFC with passive relays

Contact Info

Product

Resources

About