Security analysis of NFC relay attacks using probabilistic model checking
2014 (English)In: IWCMC 2014 - 10th International Wireless Communications and Mobile Computing Conference, IEEE , 2014, 524-529 p.Conference paper (Refereed)
Near Field Communication (NFC) is a short-ranged wireless communication technology envisioned to support a large gamut of smart-device applications, such as payment and ticketing applications. Two NFC-enabled devices need to be in close proximity, typically less than 10 cm apart, in order to communicate. However, adversaries can use a secret and fast communication channel to relay data between two distant victim NFC-enabled devices and thus, force NFC link between them. Relay attacks may have tremendous consequences for security as they can bypass the NFC requirement for short range communications and even worse, they are cheap and easy to launch. Therefore, it is important to evaluate security of NFC applications and countermeasures to support the emergence of this new technology. In this work we present a probabilistic model checking approach to verify resiliency of NFC protocol against relay attacks based on protocol, channel and application specific parameters that affect the successfulness of the attack. We perform our formal analysis within the probabilistic model checking environment PRISM to support automated security analysis of NFC applications. Finally, we demonstrate how the attack can be thwarted and we discuss the successfulness of potential countermeasures.
Place, publisher, year, edition, pages
IEEE , 2014. 524-529 p.
Near Field Communication, probabilistic model checking, relay attack, security analysis
IdentifiersURN: urn:nbn:se:kth:diva-157959DOI: 10.1109/IWCMC.2014.6906411ISI: 000361140000089ScopusID: 2-s2.0-84908611758ISBN: 978-147990959-9OAI: oai:DiVA.org:kth-157959DiVA: diva2:773607
10th International Wireless Communications and Mobile Computing Conference, IWCMC 2014, 4 August 2014 through 8 August 2014, Nicosia, Cyprus
QC 201412192014-12-192014-12-182015-10-13Bibliographically approved