Investigation into NFC Contactless Transactions
-
Upload
massimo-salvato -
Category
Documents
-
view
150 -
download
4
Transcript of Investigation into NFC Contactless Transactions
![Page 1: Investigation into NFC Contactless Transactions](https://reader036.fdocuments.net/reader036/viewer/2022062306/588950e51a28abde5a8b732f/html5/thumbnails/1.jpg)
An Investigation into the Vulnerabilities of Near Field Communication Contactless
Transactions
![Page 2: Investigation into NFC Contactless Transactions](https://reader036.fdocuments.net/reader036/viewer/2022062306/588950e51a28abde5a8b732f/html5/thumbnails/2.jpg)
Introduction Problem Approach Research Analysis Experiments and Testing Results Evaluation
![Page 3: Investigation into NFC Contactless Transactions](https://reader036.fdocuments.net/reader036/viewer/2022062306/588950e51a28abde5a8b732f/html5/thumbnails/3.jpg)
Why this project? NFC Technology expected to increase
in popularity. Gaining deeper understanding of the
technology. Find out how secure it actually is. Many business sectors can associate
with this technology.
![Page 4: Investigation into NFC Contactless Transactions](https://reader036.fdocuments.net/reader036/viewer/2022062306/588950e51a28abde5a8b732f/html5/thumbnails/4.jpg)
Identify Problem 1.5 Billion Euros in credit card fraud
(Europol 2012). 853 million card purchases per month
(UK Cards association).
92% of adults personally own/use a mobile telephone (ofcom,2012).
![Page 5: Investigation into NFC Contactless Transactions](https://reader036.fdocuments.net/reader036/viewer/2022062306/588950e51a28abde5a8b732f/html5/thumbnails/5.jpg)
Approach 3 Documents (Dissertation, Report
and Brief) • Dissertation • Report• Brief
Soft Systems Methodology Prince 2
![Page 6: Investigation into NFC Contactless Transactions](https://reader036.fdocuments.net/reader036/viewer/2022062306/588950e51a28abde5a8b732f/html5/thumbnails/6.jpg)
Research Literature research.
• Understand the technology.• To understand the transaction process and
stages involved. Questionnaires.
• Users perception.
![Page 7: Investigation into NFC Contactless Transactions](https://reader036.fdocuments.net/reader036/viewer/2022062306/588950e51a28abde5a8b732f/html5/thumbnails/7.jpg)
Analyse Asses areas of
weakness or possible exploit.
Analyse threat vectors.
Categorise risk.
![Page 8: Investigation into NFC Contactless Transactions](https://reader036.fdocuments.net/reader036/viewer/2022062306/588950e51a28abde5a8b732f/html5/thumbnails/8.jpg)
Experiment and Testing ACR122U
• Data extraction.• De-crypt online• Feasibility attack.
![Page 9: Investigation into NFC Contactless Transactions](https://reader036.fdocuments.net/reader036/viewer/2022062306/588950e51a28abde5a8b732f/html5/thumbnails/9.jpg)
Experiment and Testing ACR122U
• Data extraction.• De-crypt online• Feasibility attack.• Backtrack• Penetration test –
credit card clone.
![Page 10: Investigation into NFC Contactless Transactions](https://reader036.fdocuments.net/reader036/viewer/2022062306/588950e51a28abde5a8b732f/html5/thumbnails/10.jpg)
Experiment and Testing Arduino Testing
• Understanding the physical components.
• Programming elements.
• In depth understanding.
• Bought RFID board online.
• Solder • Program board
![Page 11: Investigation into NFC Contactless Transactions](https://reader036.fdocuments.net/reader036/viewer/2022062306/588950e51a28abde5a8b732f/html5/thumbnails/11.jpg)
Experiment and Testing Penetration testing
• Aim – Apply extracted data to blank card magnetic strip.
![Page 12: Investigation into NFC Contactless Transactions](https://reader036.fdocuments.net/reader036/viewer/2022062306/588950e51a28abde5a8b732f/html5/thumbnails/12.jpg)
Results Various types of attack are possible.
• Experiment 1 – possible to extract card information wirelessly.
• Experiment 2 – understanding components involved
• Experiment 3 – Applying credit card details to blank card.
![Page 13: Investigation into NFC Contactless Transactions](https://reader036.fdocuments.net/reader036/viewer/2022062306/588950e51a28abde5a8b732f/html5/thumbnails/13.jpg)
Financial Impact Analysis Credit card details obtained. Potentially high losses to business
and user. 116 (average transactions/day) x
£100 (limit) =£11,600
Number of Credit Card
Duration
Card Limit £100
Card Limit £200
Card Limit £300
Details Obtained
(Months)
1 12 £1,200 £2,400 £3,6005 12 £6,000 £12,000 £18,000
10 12 £12,000 £24,000 £36,00025 12 £30,000 £60,000 £90,00050 12 £60,000 £120,000 £180,00075 12 £90,000 £180,000 £270,000
100 12 £120,000 £240,000 £360,000150 12 £180,000 £360,000 £540,000300 12 £360,000 £720,000 £1,080,000
600 12 £720,000£1,440,00
0 £2,160,000
![Page 14: Investigation into NFC Contactless Transactions](https://reader036.fdocuments.net/reader036/viewer/2022062306/588950e51a28abde5a8b732f/html5/thumbnails/14.jpg)
Discussion Details can be used;
• Online.• Phone. (32% increase)• Applied to card.
![Page 15: Investigation into NFC Contactless Transactions](https://reader036.fdocuments.net/reader036/viewer/2022062306/588950e51a28abde5a8b732f/html5/thumbnails/15.jpg)
Countermeasures Wireless blocking. Remain vigilant. Check bank
statements.
Biometrics. (Banks) Awareness
Training
![Page 16: Investigation into NFC Contactless Transactions](https://reader036.fdocuments.net/reader036/viewer/2022062306/588950e51a28abde5a8b732f/html5/thumbnails/16.jpg)
Summary Researched the operations of NFC. Investigated the vulnerabilities and areas
of exploit. Discovered possible threats. Carried out technical risk assessment. Tested contactless cards. Built NFC prototype. Demonstrated attacks including
penetration testing. Derived financial impact analysis. Given future recommendations
![Page 17: Investigation into NFC Contactless Transactions](https://reader036.fdocuments.net/reader036/viewer/2022062306/588950e51a28abde5a8b732f/html5/thumbnails/17.jpg)
Conclusion Questions?
![Page 18: Investigation into NFC Contactless Transactions](https://reader036.fdocuments.net/reader036/viewer/2022062306/588950e51a28abde5a8b732f/html5/thumbnails/18.jpg)
Research Area Space Who uses this technology? Incentive Questionnaire users perception of the technology? Understand how NFC operates/components. Areas of vulnerability?