TY - JOUR
T1 - Using Ambient Sensors for Proximity and Relay Attack Detection in NFC Transactions
T2 - A Reproducibility Study
AU - Markantonakis, Konstantinos
AU - Meister, Julia A.
AU - Gurulian, Iakovos
AU - Shepherd, Carlton
AU - Naeem Akram, Raja
AU - Hani Abu Ghazalah, Sarah
AU - Kasi, Mumraiz
AU - Sauveron, Damien
AU - Hancke, Gerhard
N1 - Publisher Copyright:
© 2013 IEEE.
PY - 2024/10/24
Y1 - 2024/10/24
N2 - Near-Field Communication (NFC) has enabled mobile devices to emulate contactless smart cards, which has also rendered them susceptible to relay attacks. Numerous countermeasures have been proposed that use ambient sensors as an anti-relay mechanism. However, there are concerns regarding their efficacy in time-critical scenarios, such as transport ticketing and contactless payments. This paper empirically and comprehensively evaluates whether ambient sensors are an effective anti-relay mechanism for such NFC-based contactless transactions. To this end, we examine 17 sensors available via the Android platform. Each sensor, where feasible, was used to record measurements in 1,000 contactless transactions with 252 users across four physical locations. We then conduct an extensive four-part evaluation using similarity metrics, traditional machine learning models, and deep learning methods used in existing work and beyond. We conclude that mobile ambient sensors are currently unsuitable for detecting relay attacks on NFC contactless transactions under realistic timing constraints, contrary to the suggestions and proposals made in existing work.
AB - Near-Field Communication (NFC) has enabled mobile devices to emulate contactless smart cards, which has also rendered them susceptible to relay attacks. Numerous countermeasures have been proposed that use ambient sensors as an anti-relay mechanism. However, there are concerns regarding their efficacy in time-critical scenarios, such as transport ticketing and contactless payments. This paper empirically and comprehensively evaluates whether ambient sensors are an effective anti-relay mechanism for such NFC-based contactless transactions. To this end, we examine 17 sensors available via the Android platform. Each sensor, where feasible, was used to record measurements in 1,000 contactless transactions with 252 users across four physical locations. We then conduct an extensive four-part evaluation using similarity metrics, traditional machine learning models, and deep learning methods used in existing work and beyond. We conclude that mobile ambient sensors are currently unsuitable for detecting relay attacks on NFC contactless transactions under realistic timing constraints, contrary to the suggestions and proposals made in existing work.
KW - ambient sensors
KW - contactless transactions
KW - mobile payment
KW - Near field communication (NFC)
KW - relay attacks
KW - security
UR - http://www.scopus.com/inward/record.url?scp=85207729410&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2024.3479729
DO - 10.1109/ACCESS.2024.3479729
M3 - Article
AN - SCOPUS:85207729410
SN - 2169-3536
VL - 12
SP - 150372
EP - 150386
JO - IEEE Access
JF - IEEE Access
ER -