Empirical Evaluation of Ambient Sensors as Proximity Detection Mechanism for Mobile Payments
Near Field Communication (NFC) has enabled mobile phones to emulate contactless smart cards. Similar to contactless smart cards, they are also susceptible to relay attacks. To counter these, a number of methods have been proposed that rely primarily on ambient sensors as a proximity detection mechanism (also known as an anti-relay mechanism). In this paper, we, for the first time in academic literature, empirically evaluate a comprehensive set of ambient sensors for their effectiveness as a proximity detection mechanism. We selected 15 out of a total of 17 sensors available via the Google Android platform for evaluation, with the other two sensors unavailable on widely-used handsets. In existing academic literature, only 5 sensors have been proposed with positive results as a potential proximity detection mechanism. Each sensor, where feasible, was used to record the measurements of 1000 contactless transactions at four different physical locations. A total of 252 random users, random sample of the university student population, were involved during the field trails. The analysis of these transactions provides an empirical foundation to categorically answer whether ambient sensors provide a strong proximity detection mechanism for security sensitive applications like banking, transport and high-security access control. After careful analysis, we conclude that no single evaluated mobile ambient sensor is suitable for such critical applications in realistic deployment scenarios. Lastly, we identify a number of potential avenues that may improve their effectiveness.