Title :
Weaknesses of the ISO/IEC 14443 protocol regarding relay attacks
Author :
Issovits, Wolfgang ; Hutter, Michael
Author_Institution :
Inst. for Appl. Inf. Process. & Commun. (IAIK), Graz Univ. of Technol., Graz, Austria
Abstract :
RFID and NFC are widely spread contactless communication systems and are commonly used in security-critical applications such as payment and keyless-entry systems. Relay attacks pose a serious threat in this context that are not addressed by most of the RFID applications in use today. The attacks circumvent application-layer security and they cannot be prevented by the usual cryptographic primitives. In this paper, we will present a practical implementation of a relay attack based on systems using the widely used ISO/IEC 14443 standard. We use an off-the-shelf mobile phone and a self-developed RFID-tag emulator that can forward RFID communication over a Bluetooth channel. We will show that the attack succeeded and discuss various methods how to exploit certain mechanisms of the ISO protocol to increase the chance for a successful attack. We will also give recommendations to protect against relay attacks in practice while still complying to the ISO standard which is not considered by most of the proposed countermeasures given in literature.
Keywords :
Bluetooth; IEC standards; ISO standards; cryptographic protocols; radiofrequency identification; telecommunication security; Bluetooth channel; ISO/IEC 14443 protocol; ISO/IEC 14443 standard; NFC; RFID communication; attacks circumvent application-layer security; cryptographic primitives; relay attacks; spread contactless communication systems; Delay; IEC standards; ISO standards; Protocols; Radiofrequency identification; Relays; Transponders;
Conference_Titel :
RFID-Technologies and Applications (RFID-TA), 2011 IEEE International Conference on
Conference_Location :
Sitges
Print_ISBN :
978-1-4577-0028-6
DOI :
10.1109/RFID-TA.2011.6068658
