Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Authenticated Key Exchange over Bitcoin Kapitel lesen Erstes Kapitel lesen

2015 | OriginalPaper | Buchkapitel

Tap-Tap and Pay (TTP): Preventing the Mafia Attack in NFC Payment

verfasst von : Maryam Mehrnezhad, Feng Hao, Siamak F. Shahandashti

Erschienen in: Security Standardisation Research

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Mobile NFC payment is an emerging industry, estimated to reach $670 billion by 2015. The Mafia attack presents a realistic threat to payment systems including mobile NFC payment. In this attack, a user consciously initiates an NFC payment against a legitimate-looking NFC reader (controlled by the Mafia), not knowing that the reader actually relays the data to a remote legitimate NFC reader to pay for something more expensive. In this paper, we present “Tap-Tap and Pay” (TTP), to effectively prevent the Mafia attack in mobile NFC payment. In TTP, a user initiates an NFC payment by physically tapping her mobile phone against the reader twice in succession. The physical tapping causes transient vibrations at both devices, which can be measured by the embedded accelerometers. Our experiments indicate that the two measurements are closely correlated if they are from the same tapping, and are different if obtained from different tapping events. By comparing the similarity between the two measurements, we can effectively tell apart the Mafia fraud from a legitimate NFC transaction. To evaluate the practical feasibility of this solution, we present a prototype of the TTP system based on a pair of NFC-enabled mobile phones and also conduct a user study. The results suggest that our solution is reliable, fast, easy-to-use and has good potential for practical deployment.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Authenticated Key Exchange over Bitcoin
Nächstes Kapitel Robust Authenticated Key Exchange Using Passwords and Identity-Based Signatures
Fußnoten
1
For instance, the contactless limit increased from £20 to £30 in 2015 in the UK.
 
9
Prototyping of our TTP protocol requires the facility of bidirectional NFC using Host-based Card Emulation (HCE). At the time of experiments, Nexus 5 was the only device allowing that facility.
 
Literatur
1.
2.
International Organization for Standardization, BS ISO/IEC 14443–1:2008+A1:2012 Identification cards. Contactless integrated circuit cards. Proximity cards. Physical characteristics (2012). http://​www.​bsol.​bsigroup.​com
3.
International Organization for Standardization, BS ISO/IEC 14443–2:2010+A2:2012 Identification cards. Contactless integrated circuit cards. Proximity cards. Radio frequency power and signal interface (2012). http://​www.​bsol.​bsigroup.​com
4.
International Organization for Standardization, BS ISO/IEC 7816–4:2013, Identification cards. Integrated circuit cards. Organization, security and commands for interchange (2013). http://​www.​bsol.​bsigroup.​com
5.
6.
7.
International Organization for Standardization, BS ISO/IEC 14443–3:2011+A6:2014 Identification cards. Contactless integrated circuit cards. Proximity cards. Initialization and anticollision (2014). http://​www.​bsol.​bsigroup.​com
8.
International Organization for Standardization, BS ISO/IEC 14443–4:2008+A4:2014 Identification cards. Contactless integrated circuit cards. Proximity cards. Transmission protocol (2014). http://​www.​bsol.​bsigroup.​com
9.
10.
11.
12.
13.
14.
15.
Bichler, D., Stromberg, G., Huemer, M., Löw, M.: Key generation based on acceleration data of shaking processes. In: Krumm, J., Abowd, G.D., Seneviratne, A., Strang, T. (eds.) UbiComp 2007. LNCS, vol. 4717, pp. 304–317. Springer, Heidelberg (2007) CrossRef
16.
Brands, S., Chaum, D.: Distance bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994) CrossRef
17.
Chong, M.K., Gellersen, H.: How users associate wireless devices. In: Proceedingsof the SIGCHI Conference on Human Factors in Computing Systems, CHI 2011, pp. 1909–1918. ACM, New York, (2011)
18.
Czeskis, A., Koscher, K., Smith, J.R., Kohno, T.: RFIDs and secret handshakes: defending against ghost-and-leech attacks and unauthorized reads with contextawarecommunications. In: Proceedings of the 15th ACM conference on Computerand communications security, pp. 479–490. ACM (2008)
19.
Drimer, S., Murdoch, S.J.: Keep your enemies close: distance bounding against smartcard relay attacks. In: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, SS 2007, pp. 7:1–7:16. USENIX Association, Berkeley (2007)
20.
Emms, M., van Moorsel, A.: Practical attack on contactless payment cards. In: HCI2011 Workshop-Heath, Wealth and Identity Theft (2011)
21.
Francis, L., Hancke, G.P., Mayes, K., Markantonakis, K.: Practical relay attack on contactless transactions by using nfc mobile phones. In: IACR Cryptology ePrint Archive, p. 618 (2011)
22.
Halevi, T., Ma, D., Saxena, N., Xiang, T.: Secure proximity detection for nfc devices based on ambient sensor data. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 379–396. Springer, Heidelberg (2012) CrossRef
23.
24.
Hinckley, K.: Synchronous gestures for multiple persons and computers. In: Proceedings of the 16th Annual ACM Symposium on User Interface Software and Technology, UIST 2003, pp. 149–158. ACM, New York (2003)
25.
Ion, I., Langheinrich, M., Kumaraguru, P., Čapkun, S.: Influence of user perception, security needs, and social factors on device pairing method choices. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, SOUPS 2010, pp. 6:1–6:13. ACM, New York (2010)
26.
Keogh, E.J., Pazzani, M.J.: Derivative dynamic time warping. In: The 1st SIAM International Conference on Data Mining (SDM-2001). SIAM, Chicago (2001)
27.
Kirovski, D., Sinclair, M., Wilson, D.: The martini synch. Technical report MSR-TR-2007-123, Microsoft Research, September 2007
28.
Kirovski, D., Sinclair, M., Wilson, D.: The martini synch: device pairing via joint quantization. In: IEEE International Symposium on Information Theory, 2007. ISIT 2007, pp. 466–470, June 2007
29.
Kobsa, A., Sonawalla, R., Tsudik, G., Uzun, E., Wang, Y.: Serial hook-ups: a comparative usability study of secure device pairing methods. In: Proceedings of the 5th Symposium on Usable Privacy and Security, SOUPS 2009, pp. 10:1–10:12. ACM, New York (2009)
30.
Li, H., Ma, D., Saxena, N., Shrestha, B., Zhu, Y.: Tap-Wave-Rub: lightweight malware prevention for smartphones using intuitive human gestures. In: Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2013, pp. 25–30. ACM, New York (2013)
31.
32.
Liu, J., Zhong, L., Wickramasuriya, J., Vasudevan, V.: uWave: accelerometer-based personalized gesture recognition and its applications. Pervasive Mob. Comput. 5(6), 657–675 (2009)CrossRef
33.
Ma, D., Saxena, N., Xiang, T., Zhu, Y.: Location-aware and safer cards: enhancing RFID security and privacy via location sensing. IEEE Trans. Dependable Secure Comput. 10(2), 57–69 (2013)CrossRef
34.
Mayrhofer, R.: The candidate key protocol for generating secret shared keys from similar sensor data streams. In: Stajano, F., Meadows, C., Capkun, S., Moore, T. (eds.) ESAS 2007. LNCS, vol. 4572, pp. 1–15. Springer, Heidelberg (2007) CrossRef
35.
Mayrhofer, R., Gellersen, H.-W.: Shake well before use: authentication based on accelerometer data. In: LaMarca, A., Langheinrich, M., Truong, K.N. (eds.) Pervasive 2007. LNCS, vol. 4480, pp. 144–161. Springer, Heidelberg (2007) CrossRef
36.
Mayrhofer, R., Gellersen, H.: Shake well before use: intuitive and secure pairing of mobile devices. IEEE Trans. Mob. Comput. 8(6), 792–806 (2009)CrossRef
37.
Saxena, N., Voris, J.: Still and silent: motion detection for enhanced RFID security and privacy without changing the usage model. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 2–21. Springer, Heidelberg (2010) CrossRef
38.
Shrestha, B., Saxena, N., Truong, H.T.T., Asokan, N.: Drone to the rescue: relay-resilient authentication using ambient multi-sensing. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 344–359. Springer, Heidelberg (2014)
39.
Studer, A., Passaro, T., Bauer, L.: Don’t bump, shake on it: the exploitation of a popular accelerometer-based smart phone exchange and its secure replacement. In: Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC 2011, pp. 333–342. ACM, New York (2011)
Metadaten
Titel
Tap-Tap and Pay (TTP): Preventing the Mafia Attack in NFC Payment
verfasst von
Maryam Mehrnezhad
Feng Hao
Siamak F. Shahandashti
Copyright-Jahr
2015
Buch
Security Standardisation Research

Print ISBN: 978-3-319-27151-4

Electronic ISBN: 978-3-319-27152-1

Copyright-Jahr: 2015

DOI
https://doi.org/10.1007/978-3-319-27152-1_2

Premium Partner

    Bildnachweise