UPM Institutional Repository

A relay attack for host-based card emulation (HCE) using NFC-enabled device for mobile payment


Che Hasan, Hafizah (2018) A relay attack for host-based card emulation (HCE) using NFC-enabled device for mobile payment. Masters thesis, Universiti Putra Malaysia.


Near field communication (NFC) is a family of radio frequency identification (RFID) that used wireless communication and it becomes more popular nowadays. It has been used in many different systems such as contactless payment processing, access control, passport identification, etc. With a card emulation mode, NFC technology is able to emulate the smartcard such as a credit card and save it in mobile phone. Therefore, the physical credit card is no longer needed in order to perform the electronic transaction. However, NFC is susceptible to some attacks such as data fabrication and eavesdropping. Thus, the mobile payment that used the NFC technology is also at risk. NFC is also particularly vulnerable to a relay attack. A relay attack is a type of Man-In-The-Middle attack that extends the range of NFC communication. It is therefore allows an attacker to interact with a Point of Sales (PoS) using the contactless card and perform electronic transaction without a user knowledge. Attacker starts an interaction with a card reader (PoS terminal) and victim’s device through an Internet or Bluetooth connection. One type of NFC approach, which is host card emulation (HCE) approach makes a relay attacks in NFC communication becomes easier, as it could interact with PoS directly without the need to interact with Secure Element (SE) as hardware on the device. One of the objectives of this research is to identify security problem of a relay attack for HCE approach in NFC-enabled device. Thus, a proof of concept has been built and tested in a lab environment to prove that a HCE approach is susceptible to the relay attack. The result from this research shows that HCE implementation approach is susceptible to relay attack. An overview of security issues in NFC communication, the relay attack process in detail, discussion of testing result, and some mitigation techniques towards the relay attack for HCE approach on NFC-enabled device are the elements that have been discussed in this project.

Download File

FSKTM 2018 47 - IR.pdf

Download (1MB) | Preview

Additional Metadata

Item Type: Thesis (Masters)
Subject: Mobile communication systems
Subject: Radio frequency identification systems - Security measures
Call Number: FSKTM 2018 47
Divisions: Faculty of Computer Science and Information Technology
Depositing User: Ms. Nur Faseha Mohd Kadim
Date Deposited: 17 Jun 2019 01:57
Last Modified: 17 Jun 2019 01:57
URI: http://psasir.upm.edu.my/id/eprint/69015
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item