A relay attack for host-based card emulation (HCE) using NFC-enabled device for mobile payment
Near field communication (NFC) is a family of radio frequency identification (RFID) that used wireless communication and it becomes more popular nowadays. It has been used in many different systems such as contactless payment processing, access control, passport identification, etc. With a card...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2018
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/69015/1/FSKTM%202018%2047%20-%20IR.pdf http://psasir.upm.edu.my/id/eprint/69015/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Near field communication (NFC) is a family of radio frequency identification
(RFID) that used wireless communication and it becomes more popular
nowadays. It has been used in many different systems such as contactless
payment processing, access control, passport identification, etc. With a card
emulation mode, NFC technology is able to emulate the smartcard such as a
credit card and save it in mobile phone. Therefore, the physical credit card is
no longer needed in order to perform the electronic transaction. However,
NFC is susceptible to some attacks such as data fabrication and
eavesdropping. Thus, the mobile payment that used the NFC technology is
also at risk. NFC is also particularly vulnerable to a relay attack. A relay
attack is a type of Man-In-The-Middle attack that extends the range of NFC
communication. It is therefore allows an attacker to interact with a Point of
Sales (PoS) using the contactless card and perform electronic transaction
without a user knowledge. Attacker starts an interaction with a card reader (PoS terminal) and victim’s device through an Internet or Bluetooth
connection. One type of NFC approach, which is host card emulation (HCE)
approach makes a relay attacks in NFC communication becomes easier, as it
could interact with PoS directly without the need to interact with Secure
Element (SE) as hardware on the device. One of the objectives of this
research is to identify security problem of a relay attack for HCE approach in
NFC-enabled device. Thus, a proof of concept has been built and tested in a
lab environment to prove that a HCE approach is susceptible to the relay
attack. The result from this research shows that HCE implementation
approach is susceptible to relay attack. An overview of security issues in
NFC communication, the relay attack process in detail, discussion of testing
result, and some mitigation techniques towards the relay attack for HCE
approach on NFC-enabled device are the elements that have been discussed
in this project. |
|---|