Presented By Arpit Jain 113050028 Guided By Prof DB Phatak Outline Components of NFC Attacks in NFC Relay attack Countermeasures References Components of NFC devices Application Execution Environment AEE ID: 298312
Download Presentation The PPT/PDF document "Relay Attack on NFC" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Relay Attack on NFC
Presented By:Arpit Jain113050028
Guided By:
Prof. D.B.
PhatakSlide2
Outline
Components of NFCAttacks in NFCRelay attackCountermeasures
ReferencesSlide3
Components of NFC devices
Application Execution Environment (AEE)- General application area of the mobile phone providing data
storage and processing
capabilities.
Trusted Execution Environment (TEE)-
It is realized as use
of a secure
element (SE
) and provides secure data
storage.
NFC Controller-
NFC Controller handles
the physical transmitting and
receiving of
data over the RF interface.Slide4
Components of NFC devicesSlide5
Attacks in NFC
Eavesdropping- RF signal for the wireless data transfer can be picked up with antennas. Data modification-
It is relatively easy to destroy data by using an RFID jammer. There is no way currently to prevent such an attack. However, if NFC devices check the RF field while they are sending, it is possible to detect attacks.
Relay attack-
Attack based on relay of messages between sender and receiver.Slide6
Relay Attack
Chess Problem-Player forward the message from one grand master to other using some wireless or wired technology.Grandmaster thinks that they are playing against said person.
Actually 2 grandmaster playing against each other.Slide7
Relay AttackSlide8
Observations
No separate hardware required for relay attack, can be done using some application software.
Attacker is able to circumvent any application layer security protocol, even if protocol is based
on cryptographic
principles.Slide9
Countermeasures
Integrating Location into NFC Transactions.Determined by network operator or handset itself.Location information is incorporated to provide relay-resistant.
Location information contains
Cell-ID,
Mobile country
Code (MCC), Mobile Network
Code (MNC
) and
Location
Area Code (LAC
)
LC=‘‘23415431824422847’’, where MCC=234 | MNC=15 | LAC=43182 | Cell-ID=4422847Slide10
Preventing Relay Attacks with LocationSlide11
limitations of location-based
limitations depends upon how the location information is obtained and used within the application.
Some operators
may not be prepared to share this information nor to confirm its
accuracy unless
for legal or investigative reasons
.
GPS provide more independent solution, no need of network operator
But device should support GPS functionality.Slide12
References
[1].
Lishoy
Francis, Gerhard
Hancke
, Keith Mayes,
Konstantinos
Markantonakis
Practical Relay
Attack on
Contactless Transactions by Using NFC Mobile Phones , In
Information Security Group,
Smart Card
Centre Royal Holloway University of
London
[2].
Practical Experiences with NFC Security on mobile Phones Gauthier Van
Damme
and
Karel
Wouters
Katholieke
Universiteit
Leuven Dept. Electrical Engineering-ESAT/SCD/IBBT-COSIC
Kasteelpark
Arenberg
10, 3001.