A Practical Relay Attack on ISO 14443 Proximity Cards
نویسنده
چکیده
Contactless smart cards are used in access control and payment systems. This paper illustrates an attack which effectively allows an attacker to ‘borrow’ the victim’s card for a short period without requiring physical access to the victim’s card. As a result the legitimate owner will remain unaware of the attack. We show that our hardware successfully executed a relay attack against an ISO 14443A contactless smart card, up to a distance of 50 m. Simply relaying information between the card and reader over a longer distance does not require the same technical resources from the attacker as hardware tampering or cryptanalysis. This attack is therefore a feasible method for circumventing current security protocols with little effort. Since application-level measures fail to protect against relay attacks, we discuss possible solutions involving characteristics of the physical communication medium.
منابع مشابه
Side - Channel Monitoring of Contactless Java Cards
Smart cards are small, portable, tamper-resistant computers used in securitysensitive applications ranging from identi_cation and access control to payment systems. Side-channel attacks, which use clues from timing, power consumption, or even electromagnetic (EM) signals, can compromise the security of these devices and have been an active research area since 1996. Newer contactless” cards comm...
متن کاملPractical Attacks on Proximity Identification Systems (Short Paper)
The number of RFID devices used in everyday life has increased, along with concerns about their security and user privacy. This paper describes our initial findings on practical attacks that we implemented against ‘proximity’ (ISO 14443 A) type RFID tokens. Focusing mainly on the RF communication interface we discuss the results and implementation of eavesdropping, unauthorized scanning and rel...
متن کاملHow to Build a Low-Cost, Extended-Range RFID Skimmer
Radio-Frequency Identifier (RFID) technology, using the ISO-14443 standard, is becoming increasingly popular, with applications like credit-cards, national-ID cards, E-passports, and physical access control. The security of such applications is clearly critical. A key feature of RFID-based systems is their very short range: Typical systems are designed to operate at a range of 5-10cm. Despite t...
متن کاملAn Embedded System for Practical Security Analysis of Contactless Smartcards
ISO 14443 compliant smartcards are widely-used in privacy and security sensitive applications. Due to the contactless interface, they can be activated and read out from a distance. Thus, relay and other attacks are feasible, even without the owner noticing it. Tools being able to perform these attacks and carry out security analyses need to be developed. In this contribution, a cost-effective, ...
متن کاملDEMO: NFCGate - An NFC Relay Application for Android
Near Field Communication (NFC) is a technology widely used for security-critical applications like access control or payment systems. Many of these systems rely on the security assumption that the card has to be in close proximity to communicate with the reader. We developed NFCGate, an Android application capable of relaying NFC communication between card and reader using two rooted but otherw...
متن کامل