Paper 2018/402

Another Look at Relay and Distance-based Attacks in Contactless Payments

Ioana Boureanu and Anda Anda

Abstract

Relay attacks on contactless e-payments were demonstrated in 2015. Since, countermeasures have been proposed and Mastercard has recently adopted a variant of these in their specifications. These relay-counteractions are based on the payment-terminal checking that the card is close-by. To this end, several other EMV-adaptations have emerged, with the aim to impede dishonest cards cheating on their proximity-proofs. However, we argue that both the former and the latter measures are ineffective. We only sketch possible designs in the right directions, with the idea to pass on the message that these problems should be look at much more carefully. We shortly debate what should and should not be the case w.r.t. confirmation of EMV contactless payments. We also discuss alternative views onto making contactless payments secure against relay-attacks via proximity-checking.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Contact author(s)
icboureanu @ gmail com
History
2018-05-03: received
Short URL
https://ia.cr/2018/402
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/402,
      author = {Ioana Boureanu and Anda Anda},
      title = {Another Look at Relay and Distance-based Attacks in Contactless Payments},
      howpublished = {Cryptology ePrint Archive, Paper 2018/402},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/402}},
      url = {https://eprint.iacr.org/2018/402}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.