The Library
OPay : an orientation-based contactless payment solution against passive attacks
Tools
Nezhad, Mahshid Mehr and Hao, Feng (2021) OPay : an orientation-based contactless payment solution against passive attacks. In: ACSAC: Annual Computer Security Applications Conference, Online, 6-10 Dec 2021. Published in: Annual Computer Security Applications Conference pp. 375-384. doi:10.1145/3485832.3485887
|
PDF
WRAP-OPay-orientation-contactless-payment-solution-passiveattacks-2021.pdf - Accepted Version - Requires a PDF viewer. Download (5Mb) | Preview |
Official URL: https://doi.org/10.1145/3485832.3485887
Abstract
The usage of contactless payment has surged in recent years, especially during the Covid19 pandemic. A Passive relay (PR) attack against a contactless card is a well-known threat, which has been extensively studied in the past with many solutions available. However, with the mass deployment of mobile point-of-sale (mPoS) devices, there emerges a new threat, which we call mPoS-based passive (MP) attacks. In an MP attack, the various components required in a PR attack, including an NFC reader, a wireless link, a remote card emulator, and a remote payment terminal, are conveniently combined into one compact device, hence the attack becomes much easier. Since the attacker and the victim are in the same location, the previous distance bounding or ambient sensor-based solutions are no longer effective. In this paper, we propose a new orientation-based payment solution called OPay. OPay builds on the observation that when a user makes a legitimate contactless payment, the card and the terminal surface are naturally aligned, but in an attack scenario, this situation is less likely to occur. This allows us to distinguish the legitimate payments from passive attacks based on measuring the alignment of orientations. We build a concrete prototype using two Arduino boards embedded with NFC and motion sensors to act as a card and a payment terminal respectively. To evaluate the feasibility, we recruited twenty volunteers in a user study. Participants generally find OPay easy to use, fast and reliable. Experiments show that OPay can substantially reduce the attack success rate by 85-99% with little inconvenience to real users. To our best knowledge, OPay is the first solution that can prevent both the PR and MP attacks, while preserving the existing usage model in contactless payment.
Item Type: | Conference Item (Paper) | ||||||
---|---|---|---|---|---|---|---|
Subjects: | T Technology > TK Electrical engineering. Electronics Nuclear engineering | ||||||
Divisions: | Faculty of Science, Engineering and Medicine > Science > Computer Science | ||||||
Library of Congress Subject Headings (LCSH): | Smart cards, Near-field communication, Wireless communication systems | ||||||
Journal or Publication Title: | Annual Computer Security Applications Conference | ||||||
Publisher: | ACM | ||||||
Official Date: | 6 December 2021 | ||||||
Dates: |
|
||||||
Page Range: | pp. 375-384 | ||||||
DOI: | 10.1145/3485832.3485887 | ||||||
Status: | Peer Reviewed | ||||||
Publication Status: | Published | ||||||
Access rights to Published version: | Restricted or Subscription Access | ||||||
Date of first compliant deposit: | 14 October 2021 | ||||||
Date of first compliant Open Access: | 14 October 2021 | ||||||
Conference Paper Type: | Paper | ||||||
Title of Event: | ACSAC: Annual Computer Security Applications Conference | ||||||
Type of Event: | Conference | ||||||
Location of Event: | Online | ||||||
Date(s) of Event: | 6-10 Dec 2021 | ||||||
Related URLs: |
Request changes or add full text files to a record
Repository staff actions (login required)
View Item |
Downloads
Downloads per month over past year