Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

access icon openaccess Eavesdropping near-field contactless payments: a quantitative analysis

This is an open access article published by the IET under the Creative Commons Attribution-NonCommercial-NoDerivs License (http://creativecommons.org/licenses/by-nc-nd/3.0/)
Received 22/08/2013, Accepted 11/09/2013, Published 19/09/2013

This paper presents an assessment of how successful an eavesdropping attack on a contactless payment transaction can be in terms of bit and frame error rates, using an easily concealable antenna and low-cost electronics. Potential success of an eavesdropping attack largely depends on the correct recovery of the data frames used in the ISO 14443 standard. A near-field communication inductive loop antenna was used to emulate an ISO 14443 transmission. For eavesdropping, an identical inductive loop antenna as well as a shopping trolley modified to act like an antenna were used. The authors present and analyse frame error rates obtained with the authors equipment over a range of distances, up to 100 cm, well above the official maximum operating distance depending on the magnetic field strength.

Inspec keywords: near-field communication; electronic money; authorisation; transaction processing; magnetic fields; telecommunication security; telecommunication standards; loop antennas

Other keywords: near-field communication inductive loop antenna; ISO 14443 standard; official maximum operating distance; eavesdropping attack; shopping trolley; ISO 14443 transmission; magnetic field strength; inductive loop antenna; bit error rates; contactless payment transaction; near-field contactless payment eavesdropping; quantitative analysis; data frame recovery; low-cost electronics; frame error rates; concealable antenna

Subjects: Single antennas; Data security; Other radio links and systems; Financial computing

References

    1. 1)
      • 15. Berger, D.: ‘Contactless smart card standards and new test methods’. IEEE Workshop on Smart Card Technologies and Applications, Berlin, 1998, pp. 5054.
    2. 2)
      • 22. Enlighten Smart Posters. Available at http://www.smartposter.co/enlighten, 2013.
    3. 3)
      • 23. Brown, T.W.C., Diakos, T.P., Briffa, J.A.: ‘Evaluating the eavesdropping range of varying magnetic field strengths in NFC standards’. Proc. Seventh European Conf. Antennas and Propagation Antennas and Propagation (EuCAP), 2013.
    4. 4)
      • 12. ISO/IEC 14443. Identification cards – contactless integrated circuit cards – proximity cards. London, GB, 2008.
    5. 5)
      • 10. Google Wallet. Available at https://www.google.com/wallet, 2013.
    6. 6)
      • 24. Brown, T.W.C., Diakos, T.: ‘On the design of NFC antennas for contactless payment applications’., Proc. Fifth European Conf. Antennas and Propagation Antennas and Propagation (EuCAP), 2011, pp. 4447.
    7. 7)
      • 19. Pfeiffer, F., Finkenzeller, K., Biebl, E.: ‘Theoretical limits of ISO/IEC 14443 type A RFID eavesdropping attacks’. Proc. 2012 European Conf. Smart Objects, Systems and Technologies (SmartSysTech), 2012, pp. 19.
    8. 8)
      • 18. Hancke, G.P.: ‘Eavesdropping attacks on high-frequency RFID tokens’. Proc. RFIDsec 08. Budapest, Hungary, 2008.
    9. 9)
      • 3. Boden, R.: US Bank expands NFC iPhone payments nationwide. Available at http://www.nfcworld.com/2013/07/03/324861/us-bank-expands-nfc-iphone-payments-nationwide, 4 July 2013.
    10. 10)
      • 4. Boden, R.: Hang Seng launches NFC payments service. Available at http://www.nfcworld.com/2013/07/04/324893/hang-seng-launches-nfc-payments-service, 4 July 2013.
    11. 11)
      • 11. Cohen, B.: Millions of Barclays card users exposed to fraud. Available at http://www.channel4.com/news/millions-of-barclays-card-users-exposed-to-fraud. 23 March 2013.
    12. 12)
      • 20. Thevenon, P.-H., Savry, O., Tedjini, S., Malherbi-Martins, R.: ‘Attacks on the HF physical layer of contactless and RFID systems’. Current Trends and Challenges in RFID, 2011.
    13. 13)
      • 26. Proakis, J.G.: Digital Communications (McGraw-Hill, 1995, 3rd edn.).
    14. 14)
      • 14. Roland, M., Langer, J., Scharinger, J.: ‘Applying relay attacks to Google Wallet’. Proc. 2013 fifth Int. Workshop on Near Field Communication (NFC), 2013, pp. 16.
    15. 15)
      • 8. Visa payWave. Available at http://www.visaeurope.com/en/cardholders/visa/textunderscore; http://paywave. aspx, 2013.
    16. 16)
      • 5. Payments Council - The way we pay. Available at http://www.paymentscouncil.org.uk/files/payments_council/statistical_publications/the_way_we_pay_-_february_2013.pdf 2013.
    17. 17)
      • 21. Information technology – Telecommunications and information exchange between systems – Near Field Communica-tion – Interface and Protocol (NFCIP-1). London, GB, 2013.
    18. 18)
      • 27. AD8310 Data Sheet Rev F, June 2010.
    19. 19)
      • 1. Boden, R.: NFC transport ticketing service to launch in Valencia. Available at http://www.nfcworld.com/2013/07/01/324851/nfc-transport-ticketing-service-to-launch-in-valencia, 1 July 2013.
    20. 20)
      • 9. Mastecard payPass. Available at https://www.paypass.com, 2013.
    21. 21)
      • 17. Novotny, D.R., Guerrieri, J.R., Francis, M., Remley, K.: ‘HF RFID electromagnetic emissions and performance’. IEEE Int. Symp. Electromagnetic Compatibility, 2008 (EMC 2008), 2008, pp. 17.
    22. 22)
      • 2. Dyer, K.: GeoToll uses NFC to manage RFID road toll payments. Available at http://www.nfcworld.com/2013/07/04/324887/geotoll-uses-nfc-to-manage-rfid-road-toll-payments, 4 July 2013.
    23. 23)
      • 6. Boden, R.: NFC devices now account for 13.32% of mobile web traffic. Available at http://www.nfcworld.com/2013/06/26/324795/nfc-devices-now-account-for-13-32-of-mobile-web-traffic, 2013.
    24. 24)
      • 7. Samsung: Adopting Near Field Communication. Available at http://www.samsung.com/us/article/near-field-communication-a-simple-exchange-of-information, 2013.
    25. 25)
      • 25. Finkenzeller, K.: ‘RFID handbook: fundamentals and applications in contactless smart cards, radio frequency identification and near-field communication (Wiley, 2010, 3rd edn.).
    26. 26)
      • 13. Hancke, G.P.: ‘A practical relay attack on ISO 14443 proximity cards’. Technical report, University of Cambridge Computer Laboratory, 2005.
    27. 27)
      • 16. Hancke, G.P.: ‘Practical attacks on proximity identification systems’. Proc. IEEE Security and Privacy Symp., 2006. pp. 6333..
    28. 28)
      • 15. Berger, D.: ‘Contactless smart card standards and new test methods’. IEEE Workshop on Smart Card Technologies and Applications, Berlin, 1998, pp. 5054.
http://iet.metastore.ingenta.com/content/journals/10.1049/joe.2013.0087
Loading

Related content

content/journals/10.1049/joe.2013.0087
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
Print this page
This is a required field
Please enter a valid email address