Strengthening EPC tags against cloning
Proceedings of the 4th ACM workshop on Wireless security
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Detecting relay attacks with timing-based protocols
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Protocols for RFID tag/reader authentication
Decision Support Systems
RFID Noisy Reader How to Prevent from Eavesdropping on the Communication?
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Proceedings of the 15th ACM conference on Computer and communications security
rfidDOT: RFID delegation and ownership transfer made simple
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Universally Composable RFID Identification and Authentication Protocols
ACM Transactions on Information and System Security (TISSEC)
Attacking smart card systems: Theory and practice
Information Security Tech. Report
Effectiveness of distance-decreasing attacks against impulse radio ranging
Proceedings of the third ACM conference on Wireless network security
Vulnerabilities in first-generation RFID-enabled credit cards
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Privacy is essential for secure mobile devices
IBM Journal of Research and Development
Classifying RFID attacks and defenses
Information Systems Frontiers
RFIDSec'10 Proceedings of the 6th international conference on Radio frequency identification: security and privacy issues
Practical NFC peer-to-peer relay attack using mobile phones
RFIDSec'10 Proceedings of the 6th international conference on Radio frequency identification: security and privacy issues
Security in Bluetooth, RFID and wireless sensor networks
Proceedings of the 2011 International Conference on Communication, Computing & Security
Non-uniform stepping approach to RFID distance bounding problem
DPM'10/SETOP'10 Proceedings of the 5th international Workshop on data privacy management, and 3rd international conference on Autonomous spontaneous security
A framework for analyzing RFID distance bounding protocols
Journal of Computer Security - 2010 Workshop on RFID Security (RFIDSec'10 Asia)
Comprehensive protection of RFID traceability information systems using aggregate signatures
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
Varying levels of RFID tag ownership in supply chains
OTM'11 Proceedings of the 2011th Confederated international conference on On the move to meaningful internet systems
A traceability attack against e-passports
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Location-aware and safer cards: enhancing RFID security and privacy via location sensing
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
Gone in 360 seconds: Hijacking with Hitag2
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Simultaneous multi-level RFID tag ownership & transfer in health care environments
Decision Support Systems
Lapin: an efficient authentication protocol based on Ring-LPN
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Applying remote side-channel analysis attacks on a security-enabled NFC tag
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
Terrorism in distance bounding: modeling terrorist-fraud resistance
ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
Elliptic curve-based RFID/NFC authentication with temperature sensor input for relay attacks
Decision Support Systems
Hi-index | 0.01 |
A contactless smartcard is a smartcard that can communicate with other devices without any physical connection, using Radio-Frequency Identifier (RFID) technology. Contactless smartcards are becoming increasingly popular, with applications like credit-cards, national-ID, passports, physical access. The security of such applications is clearly critical. A key feature of RFID-based systems is their very short range: typical systems are designed to operate at a range of ≈ 10cm. In this study we show that contactless smartcard technology is vulnerable to relay attacks: An attacker can trick the reader into communicating with a victim smartcard that is very far away. A "low-tech" attacker can build a pick-pocket system that can remotely use a victim contactless smartcard, without the victim's knowledge. The attack system consists of two devices, which we call the "ghost" and the "leech". We discuss basic designs for the attacker's equipment, and explore their possible operating ranges. We show that the ghost can be up to 50m away from the card reader 3 orders of magnitude higher than the nominal range. We also show that the leech can be up to 50cm away from the the victim card. The main characteristics of the attack are: orthogonality to any security protocol, unlimited distance between the attacker and the victim, and low cost of the attack system.