Abstract
RFID is widely used in many security sensitive areas. Researchers proposed many theoretical attacks and security implementation models on RFID devices. To test these theories and models is challenging and difficult task. In this paper, we use three common-off-the-shelf security testing platforms i.e. PN532, TI RF430CL330H and Chameleon Mini, to test the most widely used standards ISO14443A, ISO14443B and ISO18092. We present a detailed workflow of each platform. Furthermore, we highlight the advantages and disadvantages of each platform in regards fast implementation, delays and support for different types of RFIDs.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Finkenzeller, K.: RFID Handbook: Fundamentals and Applications in Contactless Smart Cards, Radio Frequency Identification and Near-Field Communication. Wiley, Chichester (2010)
Identification Cards-Contactless Integrated Circuit. ISO/IEC 15693–2 cards-vicinity cards-part 2: Physical characteristics, Int. Std. Technical report, ISO/IEC/JTC1 Information Technology (2006)
International Organization for Standardization/International Electrotechnical Commission, et al.: ISO/IEC 14443 identification cards-contactless integrated circuit cards-proximity cards. ISO/IEC, 14443, 2001
International Organization for Standardization/International Electrotechnical Commission, et al.: ISO/IEC 18092 information technology-telecommunications and information exchange between systems-near field communication-interface and protocol (NFCIP-1). ISO/IEC, 18092 (2004)
Pourghomi, P., Ghinea, G., et al.: A proposed NFC payment application. arXiv preprint arXiv:1312.2828 (2013)
Lee, D,: Wearable device and method for processing NFC payment using the wearable device, April 24 2018. US Patent 9,953,312
Dmitrienko, A., Sadeghi, A.-R., Tamrakar, S., Wachsmann, C.: SmartTokens: delegable access control with NFC-enabled smartphones. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 219–238. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30921-2_13
Saparkhojayev, N., Dauitbayeva, A., Nurtayev, A., Baimenshina, G.: NFC-enabled access control and management system. In: 2014 International Conference on Web and Open Access to Learning (ICWOAL), pp. 1–4. IEEE (2014)
Qiao, H., Zhang, J., Mitrokotsa, A., Hancke, G.: Tangible security: survey of methods supporting secure ad-hoc connects of edge devices with physical context. Comput. Secur. 78, 281–300 (2018)
Qureshi, U.M., Hancke, G.P., Gebremichael, T., Jennehag, U., Forsström, S., Gidlund, M.: Survey of proximity based authentication mechanisms for the industrial internet of things. In: IECON 2018–44th Annual Conference of the IEEE Industrial Electronics Society, pp. 5246–5251. IEEE (2018)
Madlmayr, G., Langer, J., Kantner, C., Scharinger, J.: NFC devices: security and privacy. In: 2008 Third International Conference on Availability, Reliability and Security, pp. 642–647. IEEE (2008)
de Koning Gans, G., Hoepman, J.-H., Garcia, F.D.: A practical attack on the MIFARE classic. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 267–282. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85893-5_20
Hancke, G.P.: Practical eavesdropping and skimming attacks on high-frequency RFID tokens. J. Comput. Secur. 19(2), 259–288 (2011)
Francis, L., Hancke, G., Mayes, K., Markantonakis. Practical , K.: FC peer-to-peer relay attack using mobile phones. In: International Workshop on Radio Frequency Identification: Security and Privacy Issues, pp. 35–49. Springer (2010)
Kfir, Z., Wool, A.: Picking virtual pockets using relay attacks on contactless smartcard. In: First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM 2005), pp. 47–58. IEEE (2005)
Hancke, G.P., Mayes, K.E., Markantonakis, K.: Confidence in smart token proximity: relay attacks revisited. Comput. Secur. 28(7), 615–627 (2009)
Thevenon, P.-H., Savry, O.: Implementation of a countermeasure to relay attacks for contactless HF systems. In: Radio Frequency Identification from System to Applications, Intech (2013)
Avoine, G., et al.: Security of distance-bounding: a survey. ACM Comput. Surv. (CSUR) 51(5), 1–33 (2018)
Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM 2005), pp. 67–73. IEEE (2005)
Drimer, S., Murdoch, S.J., et al.: Keep your enemies close: distance bounding against smartcard relay attacks. In: USENIX Security Symposium, vol. 312 (2007)
Hu, Q., Liu, Y., Yang, A., Hancke, G.: Preventing overshadowing attacks in self-jamming audio channels. IEEE Trans. Depend. Secur. Comput. 18(1), 45–57 (2018)
Zhou, L., Yeh, K.-H., Hancke, G., Liu, Z., Chunhua, S.: Security and privacy for the industrial internet of things: an overview of approaches to safeguarding endpoints. IEEE Sig. Process. Mag. 35(5), 76–87 (2018)
Cheng, B., Zhang, J., Hancke, G.P., Karnouskos, S., Colombo, A.W.: Industrial cyberphysical systems: realizing cloud-based big data infrastructures. IEEE Ind. Electr. Mag. 12(1), 25–35 (2018)
Liu, Y., Zhang, J., Zheng, W., Hancke, G.P.: Approaches for best-effort relay-resistant channels on standard contactless channels. In: 2019 IEEE 17th International Conference on Industrial Informatics (INDIN), vol. 1, pp. 1719–1724 (2019)
Acknowledgements
This work was funded by an Industrial Technology Fund grant by the Industrial Technology Commission (ITS/047/16). Any opinions, findings, conclusions or recommendations expressed in this material/event (or by members of the project team) do not reflect the views of the Government of the Hong Kong Special Administrative Region, the Innovation and Technology Commission or the Panel of Assessors for the Innovation and Technology Support Programme of the Innovation and Technology Fund. This work was partly supported by the Research Grants Council of Hong Kong under Project CityU 21204716.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Liu, Y., Hancke, G.P., Qureshi, U.M. (2021). Off-the-Shelf Security Testing Platform for Contactless Systems. In: Maimut, D., Oprina, AG., Sauveron, D. (eds) Innovative Security Solutions for Information Technology and Communications. SecITC 2020. Lecture Notes in Computer Science(), vol 12596. Springer, Cham. https://doi.org/10.1007/978-3-030-69255-1_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-69255-1_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-69254-4
Online ISBN: 978-3-030-69255-1
eBook Packages: Computer ScienceComputer Science (R0)