NFC-enabled attack on cyber physical systems: A practical case study

Abstract

Automated fare collection (AFC) systems have been widely applied to practical transportation due to their convenience. Although there are many potential threats of NFC such as eavesdropping, data modification, and relay attacks, NFC based AFC systems are considered secure, due to the limited 10cm communication distance. Nevertheless, the proliferation of NFC-equipped mobile phones make such system venerable. We introduce and implement an attack on AFC cards that permits an attacker to top up his smart card and get a refund. We also propose possible countermeasures to defend against these attacks.

Publication
In Proceedings of the 36th Annual IEEE International Conference on Computer Communications Workshops (INFOCOM Workshops 2017)
Avatar
Fan DANG
Postdoctral Research Fellow

My research interests include RFID, IoT security, and edge computing.