TY - GEN
T1 - Picking virtual pockets using relay attacks on contactless smartcard systems
AU - Kfir, Ziv
AU - Wool, Avishai
PY - 2005
Y1 - 2005
N2 - A contactless smartcard is a smartcard that can communicate with other devices without any physical connection, using Radio-Frequency Identifier (RFID) technology. Contactless smartcards are becoming increasingly popular, with applications like credit-cards, national-ID, passports, physical access. The security of such applications is clearly critical. A key feature of RFID-based systems is their very short range: typical systems are designed to operate at a range of ≈ 70cm. In this study we show that contactless smartcard technology is vulnerable to relay attacks: An attacker can trick the reader into communicating with a victim smartcard that is very far away. A "low-tech" attacker can build a pick-pocket system that can remotely use a victim contactless smartcard, without the victim's knowledge. The attack system consists of two devices, which we call the "ghost" and the "leech". We discuss basic designs for the attacker's equipment, and explore their possible operating ranges. We show that the ghost can be up to 50m away from the card reader - 3 orders of magnitude higher than the nominal range. We also show that the leech can be up to 50cm away from the the victim card. The main characteristics of the attack are: orthogonality to any security protocol, unlimited distance between the attacker and the victim, and low cost of the attack system.
AB - A contactless smartcard is a smartcard that can communicate with other devices without any physical connection, using Radio-Frequency Identifier (RFID) technology. Contactless smartcards are becoming increasingly popular, with applications like credit-cards, national-ID, passports, physical access. The security of such applications is clearly critical. A key feature of RFID-based systems is their very short range: typical systems are designed to operate at a range of ≈ 70cm. In this study we show that contactless smartcard technology is vulnerable to relay attacks: An attacker can trick the reader into communicating with a victim smartcard that is very far away. A "low-tech" attacker can build a pick-pocket system that can remotely use a victim contactless smartcard, without the victim's knowledge. The attack system consists of two devices, which we call the "ghost" and the "leech". We discuss basic designs for the attacker's equipment, and explore their possible operating ranges. We show that the ghost can be up to 50m away from the card reader - 3 orders of magnitude higher than the nominal range. We also show that the leech can be up to 50cm away from the the victim card. The main characteristics of the attack are: orthogonality to any security protocol, unlimited distance between the attacker and the victim, and low cost of the attack system.
KW - Contactless smartcard
KW - Payment systems
KW - RFID
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=33847269759&partnerID=8YFLogxK
U2 - 10.1109/SECURECOMM.2005.32
DO - 10.1109/SECURECOMM.2005.32
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:33847269759
SN - 0769523692
SN - 9780769523699
T3 - Proceedings - First International Conference on Security and Privacy for Emerging Areas in Communications Networks, SecureComm 2005
SP - 47
EP - 58
BT - Proceedings - First International Conference on Security and Privacy for Emerging Areas in Communications Networks, SecureComm 2005
T2 - 1st International Conference on Security and Privacy for Emerging Areas in Communications Networks, SecureComm 2005
Y2 - 5 September 2005 through 9 September 2005
ER -