Gurulian, I., Markantonakis, K., Frank, E., & Akram, R. N. (2018). Good vibrations: artificial ambience-based relay attack detection. In Proceedings of 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) (pp. 481–489). Washington, DC, USA: IEEE Computer Society. https://doi.org/10.1109/TrustCom/BigDataSE.2018.00075
Permanent Research Commons link: https://hdl.handle.net/10289/12322
Relay attacks are passive man in the middle attacks, aiming to extend the physical distance of devices involved in a transaction beyond their operating environment, within the restricted time-frame. In the field of smartphones, proposals have been put forward suggesting sensing the natural ambient environment as an effective Proximity and Relay Attack Detection (PRAD) mechanism. However, these proposals are not in compliance with industry imposed constraints (e.g. EMV and ITSO) mandating that transactions should complete within a certain time-frame (e.g. 500ms for EMV contactless transactions). The generation of an artificial ambient environment (AAE) using peripherals of the transaction devices has shown positive results when using infrared light as an AAE actuator. In this paper we propose the use of vibration as an alternative AAE actuator. We empirically evaluated the effectiveness of the proposed solution as a PRAD mechanism on an experimental test-bed that we deployed. A total of 36,000 genuine and relay attack transaction pairs were analysed using well-known machine learning algorithms. The results of our analysis indicate that the proposed solution is highly effective.
IEEE Computer Society
This is an author’s accepted version of an article published in the Proceedings of 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). © 2018 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.