Range extension attacks on contactless smart cards

Yossef Oren; Dvir Schirman; Avishai Wool

doi:https://doi.org/10.1007/978-3-642-40203-6_36

Range extension attacks on contactless smart cards

Yossef Oren, Dvir Schirman, Avishai Wool

School of Electrical Engineering

Tel Aviv University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The security of many near-field RFID systems such as credit cards, access control, e-passports, and e-voting, relies on the assumption that the tag holder is in close proximity to the reader. This assumption should be reasonable due to the fact that the nominal operation range of the RFID tag is only few centimeters. In this work we demonstrate a range extension setup which breaks this proximity assumption. Our system allows full communications with a near-field RFID reader from a range of 115cm - two orders of magnitude greater than nominal range - and uses power that can be supplied by a car battery. The added flexibility offered to an attacker by this range extension significantly improves the effectiveness and practicality of relay attacks on real-world systems.

Original language	English
Title of host publication	Computer Security, ESORICS 2013 - 18th European Symposium on Research in Computer Security, Proceedings
Pages	646-663
Number of pages	18
DOIs	https://doi.org/10.1007/978-3-642-40203-6_36
State	Published - 4 Oct 2013
Event	18th European Symposium on Research in Computer Security, ESORICS 2013 - Egham, United Kingdom Duration: 9 Sep 2013 → 13 Sep 2013

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	8134 LNCS

Conference

Conference	18th European Symposium on Research in Computer Security, ESORICS 2013
Country/Territory	United Kingdom
City	Egham
Period	9/09/13 → 13/09/13

Keywords

Contactless smart card
ISO/IEC 14443
RFID
Relay attack

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Access to Document

https://doi.org/10.1007/978-3-642-40203-6_36

Cite this

Oren, Y., Schirman, D., & Wool, A. (2013). Range extension attacks on contactless smart cards. In Computer Security, ESORICS 2013 - 18th European Symposium on Research in Computer Security, Proceedings (pp. 646-663). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8134 LNCS). https://doi.org/10.1007/978-3-642-40203-6_36

@inproceedings{2572e14a9214420db14eb251dd508cd3,

title = "Range extension attacks on contactless smart cards",

abstract = "The security of many near-field RFID systems such as credit cards, access control, e-passports, and e-voting, relies on the assumption that the tag holder is in close proximity to the reader. This assumption should be reasonable due to the fact that the nominal operation range of the RFID tag is only few centimeters. In this work we demonstrate a range extension setup which breaks this proximity assumption. Our system allows full communications with a near-field RFID reader from a range of 115cm - two orders of magnitude greater than nominal range - and uses power that can be supplied by a car battery. The added flexibility offered to an attacker by this range extension significantly improves the effectiveness and practicality of relay attacks on real-world systems.",

keywords = "Contactless smart card, ISO/IEC 14443, RFID, Relay attack",

author = "Yossef Oren and Dvir Schirman and Avishai Wool",

year = "2013",

month = oct,

day = "4",

doi = "https://doi.org/10.1007/978-3-642-40203-6_36",

language = "English",

isbn = "9783642402029",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "646--663",

booktitle = "Computer Security, ESORICS 2013 - 18th European Symposium on Research in Computer Security, Proceedings",

note = "18th European Symposium on Research in Computer Security, ESORICS 2013 ; Conference date: 09-09-2013 Through 13-09-2013",

}

Oren, Y, Schirman, D & Wool, A 2013, Range extension attacks on contactless smart cards. in Computer Security, ESORICS 2013 - 18th European Symposium on Research in Computer Security, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8134 LNCS, pp. 646-663, 18th European Symposium on Research in Computer Security, ESORICS 2013, Egham, United Kingdom, 9/09/13. https://doi.org/10.1007/978-3-642-40203-6_36

Range extension attacks on contactless smart cards. / Oren, Yossef; Schirman, Dvir; Wool, Avishai.
Computer Security, ESORICS 2013 - 18th European Symposium on Research in Computer Security, Proceedings. 2013. p. 646-663 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8134 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Range extension attacks on contactless smart cards

AU - Oren, Yossef

AU - Schirman, Dvir

AU - Wool, Avishai

PY - 2013/10/4

Y1 - 2013/10/4

N2 - The security of many near-field RFID systems such as credit cards, access control, e-passports, and e-voting, relies on the assumption that the tag holder is in close proximity to the reader. This assumption should be reasonable due to the fact that the nominal operation range of the RFID tag is only few centimeters. In this work we demonstrate a range extension setup which breaks this proximity assumption. Our system allows full communications with a near-field RFID reader from a range of 115cm - two orders of magnitude greater than nominal range - and uses power that can be supplied by a car battery. The added flexibility offered to an attacker by this range extension significantly improves the effectiveness and practicality of relay attacks on real-world systems.

AB - The security of many near-field RFID systems such as credit cards, access control, e-passports, and e-voting, relies on the assumption that the tag holder is in close proximity to the reader. This assumption should be reasonable due to the fact that the nominal operation range of the RFID tag is only few centimeters. In this work we demonstrate a range extension setup which breaks this proximity assumption. Our system allows full communications with a near-field RFID reader from a range of 115cm - two orders of magnitude greater than nominal range - and uses power that can be supplied by a car battery. The added flexibility offered to an attacker by this range extension significantly improves the effectiveness and practicality of relay attacks on real-world systems.

KW - Contactless smart card

KW - ISO/IEC 14443

KW - RFID

KW - Relay attack

UR - http://www.scopus.com/inward/record.url?scp=84884756745&partnerID=8YFLogxK

U2 - https://doi.org/10.1007/978-3-642-40203-6_36

DO - https://doi.org/10.1007/978-3-642-40203-6_36

M3 - Conference contribution

SN - 9783642402029

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 646

EP - 663

BT - Computer Security, ESORICS 2013 - 18th European Symposium on Research in Computer Security, Proceedings

T2 - 18th European Symposium on Research in Computer Security, ESORICS 2013

Y2 - 9 September 2013 through 13 September 2013

ER -

Oren Y, Schirman D, Wool A. Range extension attacks on contactless smart cards. In Computer Security, ESORICS 2013 - 18th European Symposium on Research in Computer Security, Proceedings. 2013. p. 646-663. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: https://doi.org/10.1007/978-3-642-40203-6_36

Range extension attacks on contactless smart cards

Abstract

Publication series

Conference

Keywords

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this