Skip to main content

Fortune cookies and smartphones: Weakly unrelayable channels to counter relay attacks

Čagalja, Mario, Perković, Toni, Bugarić, Marin, Li, Shujun (2015) Fortune cookies and smartphones: Weakly unrelayable channels to counter relay attacks. Pervasive and Mobile Computing, 20 . pp. 64-81. ISSN 1574-1192. (doi:10.1016/j.pmcj.2014.09.002) (KAR id:69556)

PDF Author's Accepted Manuscript
Language: English

Creative Commons Licence
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Download (882kB) Preview
Official URL


Smartphones are being increasingly used to perform financial transactions (through m-banking, virtual wallet or as a smartcard). The latter applications involve contactless technology (e.g., NFC) that is known to be vulnerable to mafia fraud attacks. In this work we show that a secret message inside an appropriately folded piece of paper (fortune cookie) can be used to effectively mitigate the mafia fraud attack. Fortune cookies implement a weakly unrelayable channel that, in combination with smartphones, provides a provable protection against those attacks. Our solution requires minimal or no hardware changes to the existing equipment (especially on the user’s side) and is suitable for different communication technologies (e.g., intra-body communication, NFC, WiFi, Bluetooth, sound, infrared).

Item Type: Article
DOI/Identification number: 10.1016/j.pmcj.2014.09.002
Uncontrolled keywords: Wireless security, Mafia-fraud attack, Weakly unrelayable channel, Multichannel protocols
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming, > QA76.9.H85 Human computer interaction
T Technology > TK Electrical engineering. Electronics. Nuclear engineering > TK7800 Electronics > TK7880 Applications of electronics > TK7885 Computer engineering. Computer hardware
Divisions: Faculties > University wide - Teaching/Research Groups > Centre for Cyber Security Research
Faculties > Sciences > School of Computing
Faculties > Sciences > School of Computing > Security Group
Depositing User: Shujun Li
Date Deposited: 14 Oct 2018 22:22 UTC
Last Modified: 13 Oct 2020 08:31 UTC
Resource URI: (The current URI for this page, for reference purposes)
Li, Shujun:
  • Depositors only (login required):