Authors:
Ioana Boureanu
1
;
David Gerault
2
and
James Lewis
3
Affiliations:
1
University of Surrey, Surrey Centre for Cyber Security and U.K.
;
2
Nanyang Technological University and Singapore
;
3
Sky UK Ltd and U.K.
Keyword(s):
NFC Security, Proximity Checking, Proximity Attacks.
Related
Ontology
Subjects/Areas/Topics:
Applied Cryptography
;
Cryptographic Techniques and Key Management
;
Data Engineering
;
Databases and Data Security
;
Identification, Authentication and Non-Repudiation
;
Information and Systems Security
;
Security and Privacy in Mobile Systems
;
Security Protocols
Abstract:
Whilst proximity-checking mechanisms are on the rise, proximity-based attacks other than relaying have not been studied from a practical viewpoint, not even in academia. Are the simplest proximity-based attacks, namely distance frauds, a practical danger? Can an attacker make it look like they are here and there at the same time? In this paper, we first distinguish “credible” vs. impractical distance frauds, in a quantifiable, formal manner. Second, we implement two “credible” distance frauds on off-the-shelf NFC-enabled Android phones. We present an initial evaluation focused on their feasibility.