Skip to main content

Fortune cookies and smartphones: Weakly unrelayable channels to counter relay attacks

Čagalja, Mario, Perković, Toni, Bugarić, Marin, Li, Shujun (2015) Fortune cookies and smartphones: Weakly unrelayable channels to counter relay attacks. Pervasive and Mobile Computing, 20 . pp. 64-81. ISSN 1574-1192. (doi:10.1016/j.pmcj.2014.09.002) (KAR id:69556)

PDF Author's Accepted Manuscript
Language: English

Download (882kB) Preview
[thumbnail of PMC2015.pdf]
This file may not be suitable for users of assistive technology.
Request an accessible format
Official URL


Smartphones are being increasingly used to perform financial transactions (through m-banking, virtual wallet or as a smartcard). The latter applications involve contactless technology (e.g., NFC) that is known to be vulnerable to mafia fraud attacks. In this work we show that a secret message inside an appropriately folded piece of paper (fortune cookie) can be used to effectively mitigate the mafia fraud attack. Fortune cookies implement a weakly unrelayable channel that, in combination with smartphones, provides a provable protection against those attacks. Our solution requires minimal or no hardware changes to the existing equipment (especially on the user’s side) and is suitable for different communication technologies (e.g., intra-body communication, NFC, WiFi, Bluetooth, sound, infrared).

Item Type: Article
DOI/Identification number: 10.1016/j.pmcj.2014.09.002
Uncontrolled keywords: Wireless security, Mafia-fraud attack, Weakly unrelayable channel, Multichannel protocols
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming, > QA76.9.H85 Human computer interaction
T Technology > TK Electrical engineering. Electronics. Nuclear engineering > TK7800 Electronics > TK7880 Applications of electronics > TK7885 Computer engineering. Computer hardware
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
University-wide institutes > Institute of Cyber Security for Society
Depositing User: Shujun Li
Date Deposited: 14 Oct 2018 22:22 UTC
Last Modified: 24 Sep 2021 10:31 UTC
Resource URI: (The current URI for this page, for reference purposes)
Li, Shujun:
  • Depositors only (login required):