Abstract
Near field communication (NFC) is one of the emerging and promising technological developments for contactless devices. Payment services, identification verification and information sharing become possible by just touching two NFC devices together. However, prior research have demonstrated the vulnerability of NFC to relay attacks in which it may be misused by unscrupulous individuals. This could include malicious link via relay channel to force payment transactions or steal valuable financial information. In this paper, we improve the performance of Chameleon [1], a lightweight method for identity verification in near field communication. The Chameleon exchanges the roles of the two NFC devices after every NFC session in a random manner unpredictable by the adversary. The information of role transition is contained in messages of every session and encrypted by pre-shared key of the two legitimate NFC devices. The adversary, due to have no secret key, cannot decrypt the messages and configure proxy devices to appropriate role to pair with legitimate devices. Consequently, the relay channel is interrupted and therefore the relay attack cannot be implement successfully. We optimize both the experimental devices and the executable code in Chameleon. The experimental results of our implementation show that the improved Chameleon can verify whether the device in proximity is legitimate, and it exhibits an improvement of security and performance with reasonable overhead.