Use this URL to cite or link to this record in EThOS: https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.792931
Title: On enhancing the security of time constrained mobile contactless transactions
Author: Gurulian, Iakovos
ISNI:       0000 0004 8500 7155
Awarding Body: Royal Holloway, University of London
Current Institution: Royal Holloway, University of London
Date of Award: 2019
Availability of Full Text:
Access from EThOS:
Access from Institution:
Abstract:
Relay attacks are passive man-in-the-middle attacks during which an attacker is extending the communication distance of two genuine devices by relaying communication messages between them, without the legitimate user's consent. In the field of smart cards, distance bounding protocols have been proposed as an effective countermeasure. For smartphones, distance bounding protocols may not work due to the multitude of hardware vendors and background processes. Instead, sensing the natural ambient environment has been proposed. However, previously proposed solutions may not be applicable in scenarios where industry imposed time constraints apply, e.g. in the cases of EMV contactless payments and transport ticketing, where a transaction should typically complete within 300-500ms. In this thesis, the applicability of the natural ambient sensing as a Proximity and Relay Attack Detection (PRAD) mechanism in time-restricted contactless transactions (up to 500ms) is initially investigated. The use of an Artificial Ambient Environment (AAE) is proposed as a potentially more effective PRAD mechanism. Infrared light and vibration have been examined as AAE actuators. Furthermore, two PRAD techniques that are not based on the ambient environment are proposed. First, comparing subsequent button press and release timings, performed by the genuine user on the smartphone during a transaction, and recorded by both transaction devices simultaneously. Finally, in order to protect against relay attacks initiated through a malicious application, installed on the user's smartphone, a repackaged application detection technique is proposed, based on similarity comparison of application names and icons. Repackaged applications have been found in the past to be responsible for the distribution of as much as 86% of all Android malware. The effectiveness of all the proposed techniques has been empirically evaluated through field trials. Analysis of the collected data, using threshold- and/or machine learning-based techniques, indicates the high effectiveness of all the proposed solutions as PRAD mechanisms.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.792931  DOI: Not available
Share: