Three outstanding papers have been chosen as finalists for the best paper award.Be sure to attend their presentations during the conference! The winner will be announced during the Opening Plenary Session on Wednesday, April 9 at 8:30am, and the winning authors will get a certificate and $500 from ThingMagic!
Nominee: On the Power of Active Relay Attacks using Custom-Made Proxies
Michael Hutter & Thomas Korak (Graz University of Technology, Austria)
Presentation: Thursday, April 10 @ 3:15pm in the Protocols and Security II Session.
Abstract — A huge number of security-relevant systems nowadays use contactless smart cards. Such systems, like payment systems or access control systems, commonly use single-pass or mutual authentication protocols to proof the origin of the card holder. The application of relay attacks allows to circumvent this authentication process without needing to attack the implementation or protocol itself. Instead, the entire wireless communication is simply forwarded using a proxy and a mole allowing to relay messages over a large distance. In this paper, we present several relay attacks on an ISO/IEC 14443-based smart card implementing an AES challenge-response protocol. We highlight the strengths and weaknesses of two different proxy types: an NFC smart phone and a dedicated custom-made proxy device. First, we propose a “three-phones-in-the-middle” attack that allows to relay the communication over more than 360 feet (110 meters). Second, we present a custom-made proxy that solves major relay-attack restrictions that apply on almost all NFC smart phones, for example, cloning of the victim’s UID, adaption of low-level protocol parameters, direct request for Waiting Time Extensions, or active modifications of the messages. Finally, we propose an attack that allows to induce single bit faults during the anticollision of the card which forces the reader to re-send or temporarily stall the communication which can be exploited by attacks to gain additional relay time.
Nominee: Sifting Through the Airwaves: Efficient and Scalable Multiband RF Harvesting
Aaron Parks, Joshua Smith (University of Washington, US)
Presentation: Thursday, April 10 @ 10:30am in the Power Harvesting Session.
Abstract — Harvesting ambient RF power is attractive as a means to operate microelectronics without wires, batteries, or even a dedicated RFID reader. However, most previous ambient RF harvesters have been narrowband, making mobile sensing scenarios unfeasible: an RF harvester tuned to work in one city will not generally work in another, as the spectral environments tend to differ. This paper presents a novel approach to multiband harvesting. A single wideband antenna is followed by several narrowband rectifier chains. Each rectifier chain consists of a bandpass filter, a tuned impedance matching network, and a rectifier. The outputs of the rectifiers are combined via a novel diode summation network that enables good performance even when only a subset of the narrowband harvesters is excited. These techniques make ambient RF harvesting feasible for mobile applications. The techniques can potentially enable applications such as ambient RF-powered data logging sensors that upload data to RFID readers when in range.
Nominee: A Feasibility Study on Simultaneous Data Collection from Multiple Sensor RF Tags with Multiple Subcarriers
Yuki Igarashi, Yuki Sato, Yuusuke Kawakita, Jin Mitsugi, Haruhisa Ichikawa (Keio University, Japan)
Presentation: Thursday, April 10 @ 3:15pm in the Sensors Session.
Abstract — Wireless and battery-less health monitoring of machinery and structures have been a dream in mechanical engineering. Particularly, simultaneous data collection from multiple sensors is required to detect failure or malfunction before it becomes fatal problem. In this paper, a concept of simultaneous data collection from multiple sensor RF tags with multiple subcarriers is proposed and its feasibility is examined. To facilitate the inclusion of sensor data in RF tag and to obtain the number of available communication channels, an analog modulation of digitally generated subcarriers is employed. The unavoidable mutual interference among subcarriers, stemming from the pulse shape of subcarrier in RF tags, is eliminated by a swift interference rejection method. We examined the feasibility and the performance of the concept with a two-subcarrier prototype in which the interference rejection is executed in a software defined radio platform. It is shown that the proposed concept is feasible. In order to evaluate the effect of the interference rejection method, we examined the correlation between the original sensor data and the recovered sensor data in a worst case interference environment. It is shown that the correlation coefficient is significantly improved from 0.00 to 0.91.