Change search
ReferencesLink to record
Permanent link

Direct link
Relay attacks of NFC smart cards
Norwegian University of Science and Technology, Faculty of Information Technology, Mathematics and Electrical Engineering, Department of Telematics.
2014 (English)MasteroppgaveStudent thesis
Abstract [en]

Near Field Communication (NFC) is a set of standards, which allows two devices to transfer messages over a short range of distance of 10 cm. NFC based smart cards and applications are widely used for public transportation, ticketing system and security critical identity cards. NFC contains mainly two proximity smart card specifications ISO 14443 and ISO 18092 for lower level data exchange. However, none of the specifications above provides security mechanism to protect communication between smart card and reader device. Regardless the variety of different application protocols that developers implement on both smart card and reader side, the communication in between is vulnerable and easy to be tempered. With available commodity smart card readers, mobile phone with NFC read/write functionalities. Attacker can monitor and relay messages between card and reader without the actual present of the real smart card. In this scenario, the card holder won't be noticed that his/her card has been used already. This thesis would study and understand a public transportation ticketing system based on DESFire cards. Student would investigate whether replay attack using two proxy devices is possible or not. After establishment of attack, student observes what would be the consequences of the replay attack on public transportation system and the valuable assets attackers can profit on during the attack. Student would develop Android programs on NFC based phones to perform research. Testing environment would be built on legacy Java and C code. Possible attacks experiment would be carried on real public ticketing system. Bases on the findings from research, student will try to recommend solutions to improve the ticket protocol that this system is unaffected by the relay attack or at least minimize the profit that attacker can get.

Place, publisher, year, edition, pages
Institutt for telematikk , 2014. , 77 p.
URN: urn:nbn:no:ntnu:diva-25890Local ID: ntnudaim:12078OAI: diva2:742061
Available from: 2014-08-29 Created: 2014-08-29 Last updated: 2014-08-29Bibliographically approved

Open Access in DiVA

fulltext(1492 kB)2154 downloads
File information
File name FULLTEXT01.pdfFile size 1492 kBChecksum SHA-512
Type fulltextMimetype application/pdf
cover(184 kB)6 downloads
File information
File name COVER01.pdfFile size 184 kBChecksum SHA-512
Type coverMimetype application/pdf
attachment(3044 kB)11 downloads
File information
File name ATTACHMENT01.zipFile size 3044 kBChecksum SHA-512
Type attachmentMimetype application/zip

By organisation
Department of Telematics

Search outside of DiVA

GoogleGoogle Scholar
Total: 2154 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 203 hits
ReferencesLink to record
Permanent link

Direct link