One major limitation to relay attacks are connection time-outs and distance-bounding protocols. It takes time to process incoming traffic, modify it as necessary, and send it along. Even if traffic was passed through without modification, the increased distance between the two target systems necessarily increases latency. Usually time-outs are implemented in systems without security in mind; typically with the purpose of ensuring responsiveness. No matter the intent, such time restrictions put upper bounds on the distance between two devices and how much computation can be performed on through-traffic in real-time.
ISO 14443-4 defines timing restrictions for communications between a proximity integrated-circuit card (PICC) and a proximity coupling device (PCD). The Request Guard Time and Frame Guard Time are lower bounds for communication, so they can be ignored for in the context of a relay attack. The Startup Frame Guard Time (SFGT) imposes a maximal limit of 4949 ms to a PCD's response to a PICC's Answer to Select (ATS). The Frame Waiting Time (FWT) can range from 302 μs to 4949 ms, and determines the minimum time between two consecutive frames.
The value of the FWT is sent by the PICC to the PCD during the ATS phase of the Activation Sequence, in the TB(1) byte. It is possible to modify the TB(1) byte in transit since it is sent in plaintext and is unsigned, but it still can not exceed 4949 ms.
If the relay attack system was smart, the Activation and Deactivation sequences would be handled by the proxy reader and proxy card without being sent over the network between the two. This would bypass the SFGT limitation.
There's a way to get around the FWT limit in the PICC-to-PCD direction. A PICC can request more time (up to 292 seconds!) to respond by sending a S(WTX) message, and these messages can be chained in order to get the PCD to wait indefinitely. Since PICCs are mass produced and cheap, manufacturers may cut corners and solely rely on the PCD to enforce the FWT limit. If this is the case, the FWT limit can be bypassed completely.
An NFC relay attack that implemented both ideas could extend the range between a PICC and PCD indefinitely, and have considerable time to process traffic before forwarding the data. There may be additional timing limitations in the standard that I've not yet found, and I'm sure there exist timing limitations at the application layer between NFC devices. However, this may still be a significant weakness of the protocol as is currently defined. I hope to test this in practice sometime in the future.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.