experiences on nfc relay attacks with android virtual
play

Experiences on NFC Relay Attacks with Android: Virtual Pickpocketing - PowerPoint PPT Presentation

Dec 12, 2022 •484 likes •1.03k views

Experiences on NFC Relay Attacks with Android: Virtual Pickpocketing Revisited e Vila , Ricardo J. Rodr guez Jos 594190@unizar.es, rj.rodriguez@unileon.es All wrongs reversed University of Zaragoza, Spain RIASC,

  1. Experiences on NFC Relay Attacks with Android: Virtual Pickpocketing Revisited e Vila † , Ricardo J. Rodr´ ıguez ‡ Jos´ 594190@unizar.es, rj.rodriguez@unileon.es � All wrongs reversed † University of Zaragoza, Spain ‡ RIASC, University of Le´ on, Spain 14 de Septiembre, 2015 I Jornadas Nacionales de Investigaci´ on en Ciberseguridad Le´ on (Espa˜ na) I n proceedings of the 11 th I nternational W orkshop on RFID S ecurity

  2. Agenda Introduction 1 Background 2 EMV Contactless Cards Relay Attacks and Mafia Frauds Android and NFC: A Tale of L � ve 3 Evolution of NFC Support in Android Practical Implementation Alternatives in Android Relay Attack Implementation 4 Demo experiment Threat Scenarios Resistant Mechanisms Related Work 5 Conclusions 6 J. Vila, R. J. Rodr´ ıguez Experiences on NFC Relay Attacks & Android: Virtual Pickpocketing Revisited JNIC 2015 2 / 30

  3. Agenda Introduction 1 Background 2 EMV Contactless Cards Relay Attacks and Mafia Frauds Android and NFC: A Tale of L � ve 3 Evolution of NFC Support in Android Practical Implementation Alternatives in Android Relay Attack Implementation 4 Demo experiment Threat Scenarios Resistant Mechanisms Related Work 5 Conclusions 6 J. Vila, R. J. Rodr´ ıguez Experiences on NFC Relay Attacks & Android: Virtual Pickpocketing Revisited JNIC 2015 3 / 30

  4. Introduction to NFC (I) What is NFC? – Near Field Communication Bidirectional short-range contactless communication technology Up to 10 cm Based on RFID standards, works in the 13 . 56 MHz spectrum Data transfer rates vary: 106 , 216 , and 424 kbps J. Vila, R. J. Rodr´ ıguez Experiences on NFC Relay Attacks & Android: Virtual Pickpocketing Revisited JNIC 2015 4 / 30

  5. Introduction to NFC (I) What is NFC? – Near Field Communication Bidirectional short-range contactless communication technology Up to 10 cm Based on RFID standards, works in the 13 . 56 MHz spectrum Data transfer rates vary: 106 , 216 , and 424 kbps Security based on proximity concern: physical constraints J. Vila, R. J. Rodr´ ıguez Experiences on NFC Relay Attacks & Android: Virtual Pickpocketing Revisited JNIC 2015 4 / 30

  6. Introduction to NFC (I) What is NFC? – Near Field Communication Bidirectional short-range contactless communication technology Up to 10 cm Based on RFID standards, works in the 13 . 56 MHz spectrum Data transfer rates vary: 106 , 216 , and 424 kbps Security based on proximity concern: physical constraints Main elements & operation modes Two main elements: Proximity Coupling Device (PCD, also NFC-capable device) Proximity Integrated Circuit Cards (PICC, also NFC tags) Three operation modes: Peer to peer: direct communication between parties Read/write: communication with a NFC tag Card-emulation: an NFC device behaves as a tag J. Vila, R. J. Rodr´ ıguez Experiences on NFC Relay Attacks & Android: Virtual Pickpocketing Revisited JNIC 2015 4 / 30

  7. Introduction to NFC (II) NFC-related ISO/IEC standards ISO/IEC 14443 standard Four-part international standard: Half-duplex communication, 106 kbps IsoDep cards: compliant with the four parts Example: contactless payment cards ISO/IEC 7816: Fifteen-part international standard Application Protocol Data Units (APDUs) J. Vila, R. J. Rodr´ ıguez Experiences on NFC Relay Attacks & Android: Virtual Pickpocketing Revisited JNIC 2015 5 / 30

  8. Introduction to NFC (II) NFC-related ISO/IEC standards ISO/IEC 14443 standard Four-part international standard: Half-duplex communication, 106 kbps IsoDep cards: compliant with the four parts Example: contactless payment cards ISO/IEC 7816: Fifteen-part international standard Application Protocol Data Units (APDUs) NFC security threats Eavesdropping Secure communication as solution Data modification (i.e., alteration, insertion, or destruction) Feasible in theory (but requires quite advanced RF knowledge) J. Vila, R. J. Rodr´ ıguez Experiences on NFC Relay Attacks & Android: Virtual Pickpocketing Revisited JNIC 2015 5 / 30

  9. Introduction to NFC (II) NFC-related ISO/IEC standards ISO/IEC 14443 standard Four-part international standard: Half-duplex communication, 106 kbps IsoDep cards: compliant with the four parts Example: contactless payment cards ISO/IEC 7816: Fifteen-part international standard Application Protocol Data Units (APDUs) NFC security threats Eavesdropping Secure communication as solution Data modification (i.e., alteration, insertion, or destruction) Feasible in theory (but requires quite advanced RF knowledge) Relays Forwarding of wireless communication J. Vila, R. J. Rodr´ ıguez Experiences on NFC Relay Attacks & Android: Virtual Pickpocketing Revisited JNIC 2015 5 / 30

  10. Introduction to NFC (II) NFC-related ISO/IEC standards ISO/IEC 14443 standard Four-part international standard: Half-duplex communication, 106 kbps IsoDep cards: compliant with the four parts Example: contactless payment cards ISO/IEC 7816: Fifteen-part international standard Application Protocol Data Units (APDUs) NFC security threats Eavesdropping Secure communication as solution Data modification (i.e., alteration, insertion, or destruction) Feasible in theory (but requires quite advanced RF knowledge) Relays Forwarding of wireless communication Types: passive (just forwards); and active (forwards and alters the data) J. Vila, R. J. Rodr´ ıguez Experiences on NFC Relay Attacks & Android: Virtual Pickpocketing Revisited JNIC 2015 5 / 30

  11. Introduction to NFC (III) NFC brings “cards” to mobile devices Payment sector is quite interested in this new way for making payments 500M NFC payment users expected by 2019 Almost 300 smart phones available at the moment with NFC capabilities Check http: //www.nfcworld.com/nfc-phones-list/ Most of them runs Android OS J. Vila, R. J. Rodr´ ıguez Experiences on NFC Relay Attacks & Android: Virtual Pickpocketing Revisited JNIC 2015 6 / 30

  12. Introduction to NFC (III) NFC brings “cards” to mobile devices Payment sector is quite interested in this new way for making payments 500M NFC payment users expected by 2019 Almost 300 smart phones available at the moment with NFC capabilities Check http: //www.nfcworld.com/nfc-phones-list/ Most of them runs Android OS Research Hypothesis Can a passive relay attack be performed in contactless payment cards, using an Android NFC-capable OTS device? Is there any constraints? J. Vila, R. J. Rodr´ ıguez Experiences on NFC Relay Attacks & Android: Virtual Pickpocketing Revisited JNIC 2015 6 / 30

  13. Agenda Introduction 1 Background 2 EMV Contactless Cards Relay Attacks and Mafia Frauds Android and NFC: A Tale of L � ve 3 Evolution of NFC Support in Android Practical Implementation Alternatives in Android Relay Attack Implementation 4 Demo experiment Threat Scenarios Resistant Mechanisms Related Work 5 Conclusions 6 J. Vila, R. J. Rodr´ ıguez Experiences on NFC Relay Attacks & Android: Virtual Pickpocketing Revisited JNIC 2015 7 / 30

  14. Background (I) EMV contactless cards Europay, Mastercard, and VISA standard for inter-operation of IC cards, Point-of-Sale terminals and automated teller machines Authenticating credit and debit card transactions Commands defined in ISO/IEC 7816-3 and ISO/IEC 7816-4 ( http://en.wikipedia.org/wiki/EMV ) Application ID (AID) command J. Vila, R. J. Rodr´ ıguez Experiences on NFC Relay Attacks & Android: Virtual Pickpocketing Revisited JNIC 2015 8 / 30

  15. Background (I) EMV contactless cards Europay, Mastercard, and VISA standard for inter-operation of IC cards, Point-of-Sale terminals and automated teller machines Authenticating credit and debit card transactions Commands defined in ISO/IEC 7816-3 and ISO/IEC 7816-4 ( http://en.wikipedia.org/wiki/EMV ) Application ID (AID) command Security on contactless payments Amount limit on a single transaction Up to £20 GBP , 20 € , US$50, 50CHF , CAD$100, or AUD$100 J. Vila, R. J. Rodr´ ıguez Experiences on NFC Relay Attacks & Android: Virtual Pickpocketing Revisited JNIC 2015 8 / 30

  16. Background (I) EMV contactless cards Europay, Mastercard, and VISA standard for inter-operation of IC cards, Point-of-Sale terminals and automated teller machines Authenticating credit and debit card transactions Commands defined in ISO/IEC 7816-3 and ISO/IEC 7816-4 ( http://en.wikipedia.org/wiki/EMV ) Application ID (AID) command Security on contactless payments Amount limit on a single transaction Up to £20 GBP , 20 € , US$50, 50CHF , CAD$100, or AUD$100 Sequential contactless payments limited – asks for PIN after some payments Protected by the same fraud guarantee as standard transactions J. Vila, R. J. Rodr´ ıguez Experiences on NFC Relay Attacks & Android: Virtual Pickpocketing Revisited JNIC 2015 8 / 30

  17. Background (II) Relay attacks “On Numbers and Games”, J. H. Conway (1976) Mafia frauds – Y. Desmedt (SecuriCom’88) P −→ V ≪ communication link ≫ P −→ V Real-time fraud where a fraudulent prover P and verifier V cooperate J. Vila, R. J. Rodr´ ıguez Experiences on NFC Relay Attacks & Android: Virtual Pickpocketing Revisited JNIC 2015 9 / 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Practical Experiences on NFC Relay Attacks with Android Virtual Pickpocketing Revisited e Vila

Practical Experiences on NFC Relay Attacks with Android Virtual Pickpocketing Revisited e Vila

Practical Experiences on NFC Relay Attacks with Android Virtual Pickpocketing Revisited e Vila 1 and Ricardo J. Rodr Jos guez 2 1 DIIS, University of Zaragoza, Spain 2 Research Institute of Applied Sciences in Cybersecurity, University

337 views • 17 slides
Relay Attacks in EMV Contactless Cards with Android OTS Devices e Vila , Ricardo J. Rodr

Relay Attacks in EMV Contactless Cards with Android OTS Devices e Vila , Ricardo J. Rodr

Relay Attacks in EMV Contactless Cards with Android OTS Devices e Vila , Ricardo J. Rodr guez Jos pvtolkien@gmail.com, rj.rodriguez@unileon.es All wrongs reversed Computer Science and Research Institute of Systems

1.23k views • 57 slides
NFC Payments: The Art of Relay & Replay Attacks Who are we? Troopers 2018? NFC

NFC Payments: The Art of Relay & Replay Attacks Who are we? Troopers 2018? NFC

NFC Payments: The Art of Relay & Replay Attacks Who are we? Troopers 2018? NFC Replay/Relay @Netxing @L_AGalloway Content Terminology Replay Attack Intro to NFC Relay Attack EMV Flow Process Extracting

1.09k views • 65 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
On Relaying NFC Payment Transactions using Android devices Pepe Vila Ricardo J. Rodrguez

On Relaying NFC Payment Transactions using Android devices Pepe Vila Ricardo J. Rodrguez

On Relaying NFC Payment Transactions using Android devices Pepe Vila Ricardo J. Rodrguez other title candidates Holystic relay attacks on NFC cyber- payments with Android mobile cloud phones ENE-FE-S relai con droides movibles

714 views • 45 slides
Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine Universit e catholique de Louvain, Belgium Information Security Group SUMMARY RFID Background Relay Attacks Countermeasures and Evolved Frauds

633 views • 40 slides
Defeating Relay Attacks in NFC Payments Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE

Defeating Relay Attacks in NFC Payments Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE

Defeating Relay Attacks in NFC Payments Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE LAUSANNE http://lasec.epfl.ch/ SV 2014 distance-bounding SDTA 14 1 / 42 Relay Attacks 1 Distance-Bounding Protocols 2 3 Asymmetric DB Protocols

1.02k views • 42 slides
Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine Universit e catholique de Louvain, Belgium Information Security Group SUMMARY RFID Background Relay Attacks Distance Bounding Protocols Conclusion

666 views • 53 slides
Relay Attacks and Distance Bounding Protocols Gildas Avoine Universit e catholique de Louvain,

Relay Attacks and Distance Bounding Protocols Gildas Avoine Universit e catholique de Louvain,

Relay Attacks and Distance Bounding Protocols Gildas Avoine Universit e catholique de Louvain, Belgium Workshop on Cryptography for the Internet of Things November 20 21, 2012, Antwerp, Belgium SUMMARY Relay Attacks Distance Bounding

349 views • 21 slides
NFC Payments: The Art of Relay & Replay Attacks Who am I? Security Researcher

NFC Payments: The Art of Relay & Replay Attacks Who am I? Security Researcher

NFC Payments: The Art of Relay & Replay Attacks Who am I? Security Researcher Samsung Pay Exploiting Mag-stripe info with Bluetooth audio Co-founder of Women in Tech Fund @Netxing (WomenInTechFund.org) Content

1.07k views • 73 slides
Distance Bounding for RFID Prof. Gildas Avoine Universit e catholique de Louvain, Belgium

Distance Bounding for RFID Prof. Gildas Avoine Universit e catholique de Louvain, Belgium

Distance Bounding for RFID Prof. Gildas Avoine Universit e catholique de Louvain, Belgium Information Security Group SUMMARY Relay Attacks Distance Bounding Protocols Discussion RELAY ATTACKS Relay Attacks Distance Bounding Protocols

330 views • 28 slides
Android Internals Android Builders Summit April 13 th 2011 Karim Yaghmour

Android Internals Android Builders Summit April 13 th 2011 Karim Yaghmour

Android Internals Android Builders Summit April 13 th 2011 Karim Yaghmour karim.yaghmour@opersys.com @karimyaghmour About ... Author of: Introduced Linux Trace Toolkit in 1999 Originated Adeos and relayfs (kernel/relay.c) 1.

439 views • 39 slides
Frame Relay Bigger, Longer, Uncut 2005/03/11 (C) Herbert Haas What is Frame Relay?

Frame Relay Bigger, Longer, Uncut 2005/03/11 (C) Herbert Haas What is Frame Relay?

Frame Relay Bigger, Longer, Uncut 2005/03/11 (C) Herbert Haas What is Frame Relay? Connection-oriented packet switching (Virtual Circuit) WAN Technology Specifies User to Network Interface (UNI) Does not not specify network

787 views • 53 slides
Research Project I PROTECTING AGAINST RELAY ATTACKS FORGING INCREASED DISTANCE REPORTS Xavier

Research Project I PROTECTING AGAINST RELAY ATTACKS FORGING INCREASED DISTANCE REPORTS Xavier

SYSTEM AND NETWORK ENGINEERING MSc Research Project I PROTECTING AGAINST RELAY ATTACKS FORGING INCREASED DISTANCE REPORTS Xavier Torrent Gorjn xavier.torrentgorjon@os3.nl Supervisors: Paul van Iterson Jordi van

263 views • 23 slides
1 Virtual Channel Connection Uses Advantages of Virtual Paths (VP) & Virtual Channels (VC)

1 Virtual Channel Connection Uses Advantages of Virtual Paths (VP) & Virtual Channels (VC)

Chapter 11. ATM and Frame Relay ATM: Cell Switching ATM: a method of packet switching Overview of ATM A virtual circuit packet switching technique with QoS Protocol Architecture guarantee. Used in both WAN and LAN settings

64 views • 5 slides
Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars Aurlien Francillon,

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars Aurlien Francillon,

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars Aurlien Francillon, Boris Danev, Srdjan apkun Monday February 7, 2011 System Security Group 1 Modern Cars Evolution Increasing amount of electronics in cars

552 views • 24 slides
Disconnected islands in a sea of connectivity Ciaran Fisher 1 st Year PhD University of Sussex

Disconnected islands in a sea of connectivity Ciaran Fisher 1 st Year PhD University of Sussex

Disconnected islands in a sea of connectivity Ciaran Fisher 1 st Year PhD University of Sussex Dan Chalmers Ian Wakeman Steve Naicken Jon Rimmer Overview Digital Stadium Project EPSRC Produce a working DTN useable in the real

642 views • 40 slides
im watch the first Android Smartwatch Nicola La Gloria, Ph.D. Field Application Engineer

im watch the first Android Smartwatch Nicola La Gloria, Ph.D. Field Application Engineer

Software & Systems Design im watch the first Android Smartwatch Nicola La Gloria, Ph.D. Field Application Engineer Agenda Introduction Hardware Design OS firmware design Enterprise (quick introduction) Q&A

465 views • 30 slides
AVT 691 Erin Jacobs Wed. 4:30-7:10 Rm L004 Wednesday, August 28, 13 WISH TREES AVT 691 Erin

AVT 691 Erin Jacobs Wed. 4:30-7:10 Rm L004 Wednesday, August 28, 13 WISH TREES AVT 691 Erin

AVT 691 Erin Jacobs Wed. 4:30-7:10 Rm L004 Wednesday, August 28, 13 WISH TREES AVT 691 Erin Jacobs Wed. 4:30-7:10 Rm L004 Wednesday, August 28, 13 AVT 691 Erin Jacobs Wed. 4:30-7:10 Rm L004 IMAGINED PETS Wednesday, August 28, 13 AVT

270 views • 14 slides
Lab 1 Introduction to Android & Hello World Example KUAN-TING LAI 2018/9/10 Android

Lab 1 Introduction to Android & Hello World Example KUAN-TING LAI 2018/9/10 Android

Lab 1 Introduction to Android & Hello World Example KUAN-TING LAI 2018/9/10 Android History Code Version Linux kernel Initial release API version [1] name number date level (No codename) [2] 1.0 ? September 23, 2008 1 Petit

1.4k views • 40 slides
Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer

Overview Malware Halting 1. Malware 2. Software diversity Part I: Method Development 3. Computer immunization Kjell Jrgen Hole Simula@UiB 4. Epidemiological model 5. Malware halting analysis 6. Malware halting method Last updated

672 views • 29 slides
Functional Encryptions and Cloudy Applications Function on a Cloudy Day Giuseppe Persiano

Functional Encryptions and Cloudy Applications Function on a Cloudy Day Giuseppe Persiano

Functional Encryptions and Cloudy Applications Function on a Cloudy Day Giuseppe Persiano Dipartimento di Informatica Universit` a di Salerno giuper@dia.unisa.it Crypto for 2020 January, 23 2013 Tenerife, Spain Giuseppe Persiano (UNISA)

1.35k views • 95 slides
Luca Bedogni Dipartimento di Scienze dellInformazione Universit di Bologna Outline Android

Luca Bedogni Dipartimento di Scienze dellInformazione Universit di Bologna Outline Android

Programming with Android: System Architecture Luca Bedogni Dipartimento di Scienze dellInformazione Universit di Bologna Outline Android Architecture: An Overview Android Java Virtual Machine Android Components: Activities Android

804 views • 56 slides
P1 P1 Math th parents Workshop 2018 2018 FACILITATORS: MDM SABARIAH, MS ANGELA TANG,MDM

P1 P1 Math th parents Workshop 2018 2018 FACILITATORS: MDM SABARIAH, MS ANGELA TANG,MDM

P1 P1 Math th parents Workshop 2018 2018 FACILITATORS: MDM SABARIAH, MS ANGELA TANG,MDM FERVINNA, MDM SUZANNA The question that all parents dread Mom, Dad, can you help me with my math homework please? Math Learning is Everywhere

627 views • 41 slides

More recommend