RFID: I am concentrating on practical security in systems using Radio Frequency Identification Devices (RFID), or contactless smart cards, in payment and e-ID and applications. I am also interested in mobile phone security, especially in new applications using NFC (Near Field Communication), lightweight cryptography, privacy issues, and hardware attacks.
Distance Bounding/secure location: Some systems provide services based on a client's perceived location, or proximity. With communication technology becoming more pervasive, these systems are vulnerable to location spoofing, especially relay attacks. Distance bounding protocols verify the physical distance between two parties cryptographically, thus providing the verfier with proof of the client's proximity. I am working on relay attacks and issues surrounding distance protocols.
Advanced Sensing Applications: Reliable monitoring and controls of industrial and natural processes by means of 'Internet of Things' technologies, advanced sensor networks and mobile platforms. Advanced sensing applications could facilitate smarted and greener living and improved services delivery.
Other interests include:
- Information security in general
- Hardware security/tampering
- Pervasive computing
- Digital signal processing/wireless
- Security of embedded systems
- Mobile platforms, especially payment and financial services applications
Journal ArticlesDistance Bounding: A Practical Security Solution for Industrial Real-time Location Systems?
A. Abu-Mahfouz and G.P. Hancke. IEEE Transactions on Industrial Informatics, Vol. 9, No. 1, pp 16-27, February 2013.
Introduction to Industrial Control Networks
B. Galloway and G.P. Hancke. IEEE Communications Surveys and Tutorials, June 2012.
An overview of industrial control/SCADA networks. Preprint available.
The Role of Advanced Sensing in Smart Cities
B. Silva. G.P. Hancke and G.P. Hancke. MDPI Sensors, Vol. 13, No. 1, pp 393-425, December 2012.
Positioning System in Wireless Sensor Networks Using NS-2
A. Abu-Mahfouz, G.P. Hancke and S.J. Isaac. Software Engineering, Vol. 2, No. 4, pp 91-100, 2012.
Actor coordination using info-gap decision theory in wireless sensor and actor networks
S. Chinnapen-Rimer and G.P. Hancke. Inderscience International Journal of Sensor Networks, Vol. 10, No. 4, pp. 177-191, 2011.
On the security issues of NFC enabled mobile phones
L. Francis, G.P. Hancke, K.E. Mayes and K.Markantonakis. Journal of Internet Technology and Secured Transactions. Accepted to be published 2010.
Discussion of some security issues in application management in NFC phones with an embedded secure element.
Practical Eavesdropping and Skimming Attacks on High-Frequency RFID Tokens
G.P. Hancke. Journal of Computer Security. Vol 19, Issue 2, pp. 259-288, March 2011.
Some practical results and discussion of related industrial and academic work on eavesdropping and skimming attacks. Preprint available here.
Design of a Secure Distance-Bounding Channel for RFID
G.P. Hancke. Elsevier Journal of Network and Computer Applications. Accepted to be published 2010.
Proof-of-concept implementation of a communication channel suitable for distance-bounding in HF RFID environments. Preprint available here.
Security Challenges for User-Oriented RFID Applications within the 'Internet of Things'
G.P. Hancke, K.Markantonakis and K.E. Mayes. Journal of Internet Technology. Accepted to be published 2010.
Discussion of the role played by RFID in enabling user-oriented applications and the related security issues. Preprint available here.
Transport ticketing security and fraud controls
K.E. Mayes, K.Markantonakis and G.P. Hancke. Elsevier Information Security Technical Report, Vol.14, Issue 2, pp 87-95, May 2009.
Discussion of the security and fraud controls in transport ticketing systems (with emphasis on security issues as result of Mifare Classic exploits).
Attacking smart card systems: Theory and practice
K.Markantonakis, M. Tunstall, G.P. Hancke, I. Askoxylakis and K.E. Mayes. Information Security Technical Report, Vol. 14, Issue 2, pp 46-56, May 2009.
Short overview of smart card attacks for a non-technical audience.
Confidence in Smart Token Proximity: Relay Attacks Revisited
G.P. Hancke, K.E. Mayes and K.Markantonakis. Elsevier Computers & Security, Vol. 28, Issue 7, pp 615-627. October 2009.
An overview of relay attacks in the smart token environment that discusses attack implementations, implications and possible countermeasures. Preprint is available here.
Modulating a noisy carrier signal for eavesdropping-resistant HF RFID
G.P. Hancke. Radio Frequency Identification, e & i (Elektrotechnik und Informationstechnik), Vol. 124, No. 11, pp 404-408, Springer, November 2007.
An extended version of my RFID 2007 conference paper selected for publication in the e&i special issue journal on RFID.
Book ContributionsWireless Sensor Networks for Smart Grid: Research Challenges and Potential Applications
D. Sahiny, V.C. Gungor, G.P. Hancke and G.P. Hancke. Smart Grid Communications and Networking. Poor, Han and Hossain (Eds.), Cambridge University Press, pp. 265-278, 2012.
Calculation of an Optimum Mobile Sink Path in a Wireless Sensor Network.
S. Chinnappen-Rimer and G. P. Hancke. Wireless Sensor Networks:Technology and Protocols. Matin (Ed), InTech, September 2012.
Secure Proximity Identification for RFID
G.P. Hancke and S. Drimer. Security in RFID and Sensor Networks. Zhang and Kitsos (Eds). Auerbach Publications, 2009.
RFID and Contactless Technology
G.P. Hancke. Smart Cards, Tokens. Security and Applications, Mayes and Markantonakis (Eds). Published by Springer, January 2008.
Review of RFID applications, operating principles and standards relevant to proximity tokens, i.e. contactless smart cards.
Conferences and WorkshopsDistance Bounding for RFID: Effectiveness of Terrorist Fraud
G.P. Hancke. IEEE RFID-TA, November 2012.
Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones
L. Francis, G.P. Hancke, K.E. Mayes, K. Markantonakis. RFIDSec Asia, November 2012.
Tag Group Authentication using Bit Collisions
X. Leng, G.P. Hancke, K.E. Mayes, K. Markantonakis. Information Security South Africa, August 2012.
Smartphones as a Platform for Advanced Measurement and Processing
C. Opperman, G.P. Hancke. IEEE Instrumentation and Measurement Technology Conference, pp. 703-706, May 2012.
Industrial wireless sensor networks: A selection of challenging applications
G.P. Hancke and G.P. Hancke. European Conference on Antennas and Propogation (EUCAP), pp. 64-68, March 2012.
Using NFC-enabled Phones for Remote Data Acquisition and Digital Control
C.A. Opperman and G.P. Hancke. IEEE Africon 2011, September 2011.
ns-2 Extension to Simulate Localization Systems in Wireless Sensor Networks
A.M. Abu-Mahfouz and G.P. Hancke. IEEE Africon 2011, September 2011.
A Generic NFC-enabled Measurement System for Remote Monitoring and Control of Client-side Equipment
C.A. Opperman and G.P. Hancke. The 3rd IEEE International Workshop on Near Field Communication (NFC), pp. 44-49, February 2011.
Using 3G Network Components to Enable NFC Mobile Transactions and Authentication
W.D. Chen, G.P. Hancke, K.E. Mayes, Y. Lien and J-H. Chiu.
To be presented at Conference on Progress in Informatics and Computing (PIC-2010), December 2010.
Implementing mobile transaction authentication by re-using 3G security mechanisms.
A Location Based Security Framework for Authenticating Mobile Phones
L. Francis, K.E. Mayes, G.P. Hancke and K. Markantonakis
To be presented at Second International Workshop on Middleware for Pervasive Mobile and Embedded Computing (M-MPAC), November 2010.
Authentication and service access framework for mobile phones based on their physical location.
Practical NFC Peer-to-Peer Relay Attack using Mobile Phones
L. Francis, G.P. Hancke, K.E. Mayes and K. Markantonakis
Proceedings of RFIDSec 2010, June 2010.
Relay attack on mobile phone handsets using P2P NFC communication. Preprint is available here.
A Security Framework Model with Communication Protocol Translator Interface for Enhancing NFC Transactions
L. Francis, G.P. Hancke, K.E. Mayes and K. Markantonakis
Proceedings of the 6th Advanced International Conference on Telecommunications (AICT), pp.452-461, May 2010.
Describes secure protocol translator infrastructure for contactless to contact token communication in mobile devices (e.g. external contacless token to internal contact token or (U)SIM.
NFC Mobile Transaction and Authentication based on GSM Network
W. Chen, Y. Lien, K.E. Mayes, G.P. Hancke and J-H. Chiu .
Proceedings of 2nd IEEE Workshop on Near Field Communication (NFC 2010), pp 83-89, April 2010.
Point-of-sale payment infrastrucure reusing GSM security parameters/primitives.
Potential Misuse of NFC Enabled Mobile Handsets with Embedded Security Elements as Contactless Attack Platforms
L. Francis, G.P. Hancke, K.E. Mayes and K.Markantonakis .
Proceedings of the 1st Workshop on RFID Security and Cryptography (RISC'09), in conjunction with the International Conference for Internet Technology and Secured Transactions (ICITST 2009), pp 1-8, November 2009.
Explains the use of an NFC-enabled mobile phone to be used as a skimming and cloning attack platform.
Eavesdropping Attacks on High-Frequency RFID Tokens
G.P. Hancke. Presented the 4th Workshop on RFID Security (RFIDSec), July 2008.
An overview/explanatory paper describing practical eavesdropping experiments by myself and other researchers on ISO 14443 and ISO 15693 contactless tokens.
Attacks on time-of-flight distance-bounding channels
G.P. Hancke and M.G. Kuhn. Presented at the ACM Conference on Wireless Network Security (WISEC'08), pp 194-202, March 2008.
Practical demonstration of late-commit and clocking attacks at the physical communication layer, which allows an attacker to circumvent distance-bounding measures.
Talk given at ACM Wisec 2008 on 2 April 2008 can be found here here.
Noisy Carrier Modulation for HF RFID
G.P. Hancke. Proceedings of First International EURASIP Workshop on RFID Technology, pp 63-66, September 2007.
This paper describes how to make the backward communication of HF RFID tokens resistant to eavesdropping. The reader transmits a ''noisy'' carrier onto which the token modulates its reply. It also shows that an attacker can easily distinguish between a token's response and a bit-blocking sequence transmitted by another device.
Talk given at RFID 2007 on 25 September 2007 can be found here here.
So Near and yet So Far: Distance-Bounding Attacks in Wireless Networks
J. Clulow, G.P. Hancke, M.G. Kuhn and T. Moore, European Workshop on Security and Privacy in Ad-Hoc and Sensor Networks (ESAS), Springer-Verlag LNCS 4357, pp 83-97, July 2006.
A brief review of some secure location protocols, possible attacks on these and the subsequent requirements for implementing distance bounding protocols securely.
Practical Attacks on Proximity Identification Systems (Short Paper)
G.P. Hancke, Proceedings of IEEE Symposium on Security and Privacy, pp 328-333, May 2006.
This short paper describes some initial findings on practical attacks that we implemented against "proximity" (ISO 14443 A) type RFID tokens. Focusing mainly on the RF communication interface we discuss the results and implementation of eavesdropping, unauthorized scanning and relay attacks. Described attacks are simple and mostly "proof-of-concept", more work is being done to improve attack methods and extend attacks to other RFID standards.
Talk given at IEEE S&P on 24 May 2006 can be found here here.
An RFID distance bounding protocol
G.P. Hancke and Markus G. Kuhn. Proceedings of IEEE/CreateNet SecureComm, pp 67-73, September 2005.
Radio-frequency identification tokens, such as contactless smartcards, are vulnerable to relay attacks if they are used for proximity authentication. Cryptographic distance bounding protocols provide a possible countermeasure but schemes require fast time-base and signal acquisition hardware at both ends. We propose a new distance-bounding protocol that is more suited for use in systems with passive low-cost tokens.
Talk given at Securecomm on 6 September 2005 can be found here here.
Design and Implementation of a General Purpose Secure Measurement and Control Network Incorporating Internet Based Access
J.E.S. Smit, G.P. Hancke. 20th IEEE Instrumentation and Measurement Technology Conference. May 2003, Vail, Colorado, USA.
Technical Reports/Magazine ArticlesNFC Security Threats
K.E. Mayes, K.Markantonakis, L. Francis, G.P. Hancke.
Smart Card Technology International Magazine, pp 42-47, January 2010.
Discussion of some of the security issues surrounding NFC-enabled mobile phones and their applications.
A Practical Relay Attack on ISO 14443 Proximity Cards
G.P. Hancke, February 2005.
Authentication protocols in payment or access control systems based on contactless smartcards (or other NFC device) can be circumvented by simply relaying messages between the reader and smartcard. A proxy device is placed within range of the reader and communicates with another device held close to a valid card.The attack is based on the "grand master chess problem" and it is known that identification of physical entities are vulnerable to such real-time attacks. It should therefore be noted that this paper does not introduce a new attack, neither does it claim to be a high-tech, optimal realization. The paper describes a very simple working system, using off-the-shelf modules and standard components available from most electronic stores (Maplin etc).