Accepted version, 358.2Kb
MoST 2017 programme.pdf
Supporting information, 28.88Kb
Supporting information, 18.41Kb
SPW MoST proceedings.pdf
Supporting information, 224.6Kb
Shepherd, C., Gurulian, I., Frank, E., Markantonakis, K., Akram, R. N., Panaousis, E., & Mayes, K. (2017). The applicability of ambient sensors as proximity evidence for NFC transactions. In Proc Mobile Security Technologies (MOST) 2017 (pp. 179–188). Washington, DC, USA: IEEE Computer Society. https://doi.org/10.1109/SPW.2017.29
Permanent Research Commons link: https://hdl.handle.net/10289/12388
Near Field Communication (NFC) has enabled mobile phones to emulate contactless smart cards. Similar to contactless smart cards, they are also susceptible to relay attacks. To counter these, a number of methods have been proposed that rely primarily on ambient sensors as a proximity detection mechanism (also known as an anti-relay mechanism). In this paper, we empirically evaluate a comprehensive set of ambient sensors for their effectiveness as a proximity detection mechanism for NFC contactless-based applications like banking, transport and high-security access controls. We selected 17 sensors available via the Google Android platform. Each sensor, where feasible, was used to record the measurements of 1,000 contactless transactions at four different physical locations. A total of 252 users, a random sample from the university student population, were involved during the field trials. After careful analysis, we conclude that no single evaluated mobile ambient sensor is suitable for proximity detection in NFC-based contactless applications in realistic deployment scenarios. Lastly, we identify a number of potential avenues that may improve their effectiveness.
IEEE Computer Society
This is an author’s accepted version of an article published in the Proceedings of Mobile Security Technologies (MOST) 2017. © 2017 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.