PURE: Payments with UWB RElay-protection
Abstract
Contactless payments are now widely used and are expected to reach $10 trillion worth of transactions by 2027. Although convenient, contactless payments are vulnerable to relay attacks that enable attackers to execute fraudulent payments. A number of countermeasures have been proposed to address this issue, including Mastercard’s relay protection mechanism. These countermeasures, although effective against some Commercial off-the-shelf (COTS) relays, fail to prevent physicallayer relay attacks. In this work, we leverage the Ultra-Wide Band (UWB) radios incorporated in major smartphones, smartwatches, tags and accessories, and introduce PURE, the first UWB-based relay protection that integrates smoothly into existing contactless payment standards, and prevents even the most sophisticated physical layer attacks. PURE extends EMV payment protocols that are executed between cards and terminals, and does not require any modification to the backend of the issuer, acquirer, or payment network. PURE further tailors UWB ranging to the payment environment (i.e., wireless channels) to achieve both reliability and resistance to all known physicallayer distance reduction attacks against UWB 802.15.4z. We implement PURE within the EMV standard on modern smartphones, and evaluate its performance in a realistic deployment. Our experiments show that PURE provides a sub-meter relay protection with minimal execution overhead (41 ms). We formally verify the security of PURE’s integration within Mastercard’s EMV protocol using the Tamarin prover.
Research Area: Secure Ranging and Positioning
People
Talk
BibTex
@INPROCEEDINGS{coppola2024payments,
isbn = {978-1-939133-44-1},
copyright = {In Copyright - Non-Commercial Use Permitted},
year = {2024},
booktitle = {Proceedings of the 33rd USENIX Security Symposium},
type = {Conference Paper},
author = {Coppola, Daniele and Camurati, Giovanni and Anliker, Claudio and Hofmeier, Xenia and Schaller, Patrick and Basin, David and Capkun, Srdjan},
abstract = {Contactless payments are now widely used and are expected to reach $10 trillion worth of transactions by 2027. Although convenient, contactless payments are vulnerable to relay attacks that enable attackers to execute fraudulent payments. A number of countermeasures have been proposed to address this issue, including Mastercard’s relay protection mechanism. These countermeasures, although effective against some Commercial off-the-shelf (COTS) relays, fail to prevent physicallayer relay attacks. In this work, we leverage the Ultra-Wide Band (UWB) radios incorporated in major smartphones, smartwatches, tags and accessories, and introduce PURE, the first UWB-based relay protection that integrates smoothly into existing contactless payment standards, and prevents even the most sophisticated physical layer attacks. PURE extends EMV payment protocols that are executed between cards and terminals, and does not require any modification to the backend of the issuer, acquirer, or payment network. PURE further tailors UWB ranging to the payment environment (i.e., wireless channels) to achieve both reliability and resistance to all known physicallayer distance reduction attacks against UWB 802.15.4z. We implement PURE within the EMV standard on modern smartphones, and evaluate its performance in a realistic deployment. Our experiments show that PURE provides a sub-meter relay protection with minimal execution overhead (41 ms). We formally verify the security of PURE’s integration within Mastercard’s EMV protocol using the Tamarin prover.},
keywords = {EMV; UWB; Relay attacks; Contactless payment; secure ranging},
language = {en},
address = {Berkeley, CA},
publisher = {USENIX Association},
DOI = {10.3929/ethz-b-000662474},
title = {PURE: Payments with UWB RElay-protection},
PAGES = {4553 - 4569},
Note = {33rd USENIX Security Symposium (USENIX Security 2024); Conference Location: Philadelphia, PA, USA; Conference Date: August 14-16, 2024}
}Research Collection: 20.500.11850/662474