Weaknesses of the ISO/IEC 14443 protocol regarding relay attacks

摘要

RFID and NFC are widely spread contactless communication systems and are commonly used in security-critical applications such as payment and keyless-entry systems. Relay attacks pose a serious threat in this context that are not addressed by most of the RFID applications in use today. The attacks circumvent application-layer security and they cannot be prevented by the usual cryptographic primitives. In this paper, we will present a practical implementation of a relay attack based on systems using the widely used ISO/IEC 14443 standard. We use an off-the-shelf mobile phone and a self-developed RFID-tag emulator that can forward RFID communication over a Bluetooth channel. We will show that the attack succeeded and discuss various methods how to exploit certain mechanisms of the ISO protocol to increase the chance for a successful attack. We will also give recommendations to protect against relay attacks in practice while still complying to the ISO standard which is not considered by most of the proposed countermeasures given in literature.