1 Large-Scale Invisible Attack on AFC Systems with NFC-Equipped Smartphones Fan Dang 1 , Pengfei Zhou 1, 2 , Zhenhua Li 1 , Ennai Zhai 3 , Aziz Mohaisen 4 , Qingfu Wen 1 , Mo Li 5 1 School of Software, Tsinghua University, China 2 Beijing Feifanshi Technology Co., Ltd., China 3 Department of Computer Science, Yale University, USA 4 Department of Computer Science and Engineering, State University of New York at Buffalo, USA 5 School of Computer Science and Engineering, Nanyang Technological University, Singapore
2 Introduction � Automated Fare Collection (AFC) system
3 Introduction � MIFARE Classic Processor Cards
4 Introduction � Card Terminal Generate Random Number (R) Secret Secret Key (K) Key (K) =? Reject Accept External Authentication: a card verifies a terminal
5 Introduction � Terminal Card Generate Random Number (R) Secret Secret Key (K) Key (K) =? Reject Accept Internal Authentication: a terminal verifies a card
6 Introduction � Random Number Data with MAC Message authentication code: MAC = Digest( data , rnd , key )
7 Introduction � What is a possible flaw?
8 Flaw � City Traffic Card ISO/IEC 14443-4 based Millions issued
9 Flaw � 1. Entrance Database Data Entrance 3. Calculate Price 2. Entrance 6. Transaction Data AFC Backend 4. Debit Log 5. Auth Code Exit
10 Flaw � Root Card Info Purse Bus Data Metro Data Transaction History
11 Flaw � Terminal Card (with SAM) Read basic info Success Verify Request Random Number Random Number (R) Calculate Entrance Data (with MAC) MAC Success
12 Flaw � Terminal Card (with SAM) Read basic info & entrance data Success Verify & Debit (with MAC) Calculate fare Upload Success (with MAC’)
13 Attack model � 1. Entrance transporta- Database Data (always in consistency) Web Server e, issue, Entrance 6. Auth 5. Debit , Code 2. Fake 3. Calculate Price Entrance 8. Transaction 4. Debit Host- AFC Backend Log AFC Card Pool 7. Auth Code distance- Exit Cloud Fig. 1: Architectural overview of our designed attack on an
�������� 14 Tampering Entrance Data � 1. Collecting entrance data We developed a lightweight app (different from LessPay app) to specifically collect data. 2. Obtaining data structure of entrance data # Entrance Data Enter Time Metro Line Station Balance When Entering 1 2015-12-05 14:17 4 Station A 75.00 1512051417043D014C1D 2 2015-11-30 11:35 2 Station B 24.80 1511301135020801B009 3 2015-11-22 15:22 X Station C 35.00 15112215225E1D01AC0D 4 2015-11-20 09:56 10 Station D 47.10 15112009560A11016612 5 2015-11-12 20:09 1 Station E 8.50 15111220090401015203 3. Obtaining station information Reverse an app E-Card Tapper ( e 卡贴) 4. Tampering the entrance data Location based
15 System Implementation � Server with 100Mbps network 5 ACR 122u readers with 5 CTC cards Cellphones: - Samsung Galaxy S5 - Huawei Mate 7 - Moto XT1095 - LGE Nexus 5X MNOs: - LTE-TDD - LTE-FDD
16 System Implementation � HTTP Request HTTP Response Dispatcher New client: In-use client: Fetch a new card Read from pool Timeout / Transaction Card 1 Card 1 Finished Card 1 Card 1 Card 1 Card 1 Card 1 Card 1 Lock Available Cards In Use Cards Card Pool Fig. 7: Card pool scheduler.
17 Performance � $ 4 23.3% $ 3 12.7% $ 3 $ 9 $ 5 Failure 97.6% $ 8 34.4% 1.3% 2.4% 5.1% $ 7 $ 6 7.7% 15.5% Users should pay the fares Except for 2.4% failures, from $3 to $9. users actually paid only $3.
18 Performance � 16000 Service Denial Rate = 0.1 Service Denial Rate = 0.2 12000 Users 8000 4000 0 0 50 100 150 200 Card Pool Size
19 Performance �
20 Countermeasures � 1. Switch to online transactions 2. Encrypt/sign data 3. Use secure messaging in ISO/IEC 7816-4 4. Detect relay attack
21 Conclusions � 1.We construct a large-scale invisible attack on AFC systems with NFC- equipped smartphones, thus enabling users to pay much less than actually required. 2.We develop an HCE app, named LessPay, based on our constructed attack. 3.We evaluate LessPay with real-world large-scale experiments, which not only demonstrate the feasibility of our attack, but also shows its low- overhead in terms of bandwidth and computation.
Q&A
Recommend
More recommend
