Formal security analysis of near field communication using model checking
2016 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 60, 1-14 p.Article in journal (Refereed) PublishedText
Near field communication (NFC) is a short-range wireless communication technology envisioned to support a large gamut of smart-device applications, such as payment and ticketing. Although two NFC devices need to be in close proximity to communicate (up to 10 cm), adversaries can use a fast and transparent communication channel to relay data and, thus, force an NFC link between two distant victims. Since relay attacks can bypass the NFC requirement for short-range communication cheaply and easily, it is important to evaluate the security of NFC applications. In this work, we present a general framework that exploits formal analysis and especially model checking as a means of verifying the resiliency of NFC protocol against relay attacks. Toward this goal, we built a continuous-time Markov chain (CTMC) model using the PRISM model checker. Firstly, we took into account NFC protocol parameters and, then, we enhanced our model with networking parameters, which include both mobile environment and security-aware characteristics. Combining NFC specifications with an adversary's characteristics, we produced the relay attack model, which is used for extracting our security analysis results. Through these results, we can explain how a relay attack could be prevented and discuss potential countermeasures.
Place, publisher, year, edition, pages
Elsevier, 2016. Vol. 60, 1-14 p.
Near field communication, Probabilistic model checking, Relay attack, Security analysis, Wireless communication, Continuous time systems, Markov processes, Model checking, Network protocols, Network security, Security systems, Wireless telecommunication systems, Continuous time Markov chain, Short-range communication, Short-range wireless communications, The near field communication (NFC), Wireless communications
Telecommunications Communication Systems
IdentifiersURN: urn:nbn:se:kth:diva-186922DOI: 10.1016/j.cose.2016.03.002ISI: 000378438600001ScopusID: 2-s2.0-84962408491OAI: oai:DiVA.org:kth-186922DiVA: diva2:928770
QC 201605162016-05-162016-05-162016-07-15Bibliographically approved