A Practical Relay Attack on ISO 14443 Proximity Cards. Hancke, G P
abstract   bibtex   
Contactless smart cards are used in access control and payment systems. This paper illustrates an attack which effectively allows an attacker to ‘borrow’ the victim’s card for a short period without requiring physical access to the victim’s card. As a result the legitimate owner will remain unaware of the attack. We show that our hardware successfully executed a relay attack against an ISO 14443A contactless smart card, up to a distance of 50 m. Simply relaying information between the card and reader over a longer distance does not require the same technical resources from the attacker as hardware tampering or cryptanalysis. This attack is therefore a feasible method for circumventing current security protocols with little effort. Since application-level measures fail to protect against relay attacks, we discuss possible solutions involving characteristics of the physical communication medium.
@article{hancke_practical_nodate,
	title = {A {Practical} {Relay} {Attack} on {ISO} 14443 {Proximity} {Cards}},
	abstract = {Contactless smart cards are used in access control and payment systems. This paper illustrates an attack which effectively allows an attacker to ‘borrow’ the victim’s card for a short period without requiring physical access to the victim’s card. As a result the legitimate owner will remain unaware of the attack. We show that our hardware successfully executed a relay attack against an ISO 14443A contactless smart card, up to a distance of 50 m. Simply relaying information between the card and reader over a longer distance does not require the same technical resources from the attacker as hardware tampering or cryptanalysis. This attack is therefore a feasible method for circumventing current security protocols with little effort. Since application-level measures fail to protect against relay attacks, we discuss possible solutions involving characteristics of the physical communication medium.},
	language = {en},
	author = {Hancke, G P},
	pages = {13}
}
Downloads: 0