On the weakness of contactless systems under relay attacks

Abstract

International audienceContactless technology is a well explored area used in many different fields. However, the lack of security in the physical layer has recently delayed its use in many applications like payments. The permissiveness of this technology leads to threats such as the activation of a contactless card out of its operating range or the violation of the communication privacy between a reader and a transponder. Among the possible attacks, the relay attack is considered as the most dangerous. This attack creates unauthorized transactions between two contactless devices. For now, the current cryptographic algorithms are not able to circumvent it. In this paper, we develop two new designs of relays with introduced delays lower than 2 μs. By doing this, we demonstrate the requirements of countermeasures based on delay assessment. Finally, we propose a new protocol resistant to mafia and terrorist frauds and present experimental results to prove its reliability. Based on the HF physical layer properties, this solution authenticates the two communicating devices and uses correlation to measure delays. This new countermeasure, in accordance with contactless standards, detects relays with 300 ns accuracy which is enough to detect most of relay attacks