Relay attacks on card payment: vulnerabilities and defences

At this year’s Chaos Communication Congress (24C3), I presented some work I’ve been doing with Saar Drimer: implementing a smart card relay attack and demonstrating that it can be prevented by distance bounding protocols. My talk (abstract) was filmed and the video can be found below. For more information, we produced a webpage and the details can be found in our paper.

[ slides (PDF 9.6M) | video (BitTorrent — MPEG4, 106M) ]

Update 2008-01-15:
Liam Tung from ZDNet Australia has written an article on my talk: Bank card attack: Only Martians are safe.

The CCC is a great conference to attend and a good source of ideas for papers. There were many excellent talks, but here are a few I can particularly recommend (I’m still working though the videos of talks I couldn’t attend in person):

Current events in Tor development
Roger Dingledine gives Tor-related news, including anti-censorship features and interaction with law enforcement
Design Noir
ladyada talks about controversial electronics projects, including the TV-B-Gone and her own cellphone jammer
DNS Rebinding And More Packet Tricks
Dan Kaminsky describes the DNS Rebinding attack and demonstrates tunneling arbitrary TCP streams over a browser
Mifare
Karsten Nohl and Henryk Plötz describe how they reverse-engineered the Mifare encryption algorithm, Crypto1, and the weaknesses they discovered
Steam-Powered Telegraphy
Jens Ohlig et al. demonstrate their Internet connected (but not quite steam-powered) Telex machine
What can we do to counter the spies?
Annie Machon describes her work with MI5, the abuses which caused her to leave, and her life on the run
Why Silicon-Based Security is still that hard: Deconstructing Xbox 360 Security
Michael Steil and Felix Domke demonstrate the clever techniques they developed to install Linux on the Xbox 360

2 thoughts on “Relay attacks on card payment: vulnerabilities and defences

  1. @Jesus

    Clones of SDA cards are possible, but will not work in all situations. If the Chip & PIN terminal connects to the bank and verifies the cryptographic response from the card, the clone will be detected.

Leave a Reply

Your email address will not be published. Required fields are marked *