Fortune cookies and smartphones: Weakly unrelayable channels to counter relay attacks

Abstract: Smartphones are being increasingly used to perform financial transactions (through m-banking, virtual wallet or as a smartcard). The latter applications involve contactless technology (e.g., NFC) that is known to be vulnerable to mafia fraud attacks. In this work we show that a secret message inside an appropriately folded piece of paper (fortune cookie) can be used to effectively mitigate the mafia fraud attack. Fortune cookies implement a weakly unrelayable channel that, in combination with smartphones, prov… Show more

“…For instance, Google reCAPTCHA v3 [33] uses a risk score and lets the website owner to decide when and what to do on suspicious activities, and the "Completely Automated Public Physical test to tell Computers and Humans Apart" (CAPPCHA) depends on some physical actions only humans can do (e.g., arranging a mobile device in a specific position) [39,40]. Some work for solving other security problems may also be used to design new CAPTCHAlike schemes, e.g.,Čagalja et al [41] reported a paper and smartphone based "weakly unrelayable channel" against (automatic) relay attacks, which can be used to design CAPPCHAs as well.…”

All about uncertainties and traps: Statistical oracle-based attacks on a new CAPTCHA protection against oracle attacks

“…For instance, Google reCAPTCHA v3 [33] uses a risk score and lets the website owner to decide when and what to do on suspicious activities, and the "Completely Automated Public Physical test to tell Computers and Humans Apart" (CAPPCHA) depends on some physical actions only humans can do (e.g., arranging a mobile device in a specific position) [39,40]. Some work for solving other security problems may also be used to design new CAPTCHAlike schemes, e.g.,Čagalja et al [41] reported a paper and smartphone based "weakly unrelayable channel" against (automatic) relay attacks, which can be used to design CAPPCHAs as well.…”

All about uncertainties and traps: Statistical oracle-based attacks on a new CAPTCHA protection against oracle attacks

“…The data were analyzed with the SPSS package, using reliability, correlation, and regression. Also, SEM and the Rival Model were also used to test validity and model fit (Hancock, 2015).The use of SEM is commonly justified in the social sciences because of its ability to impute relationships between unobserved constructs (latent variables) from observable variables (Loehlin, 2004). Table 1 shows the ideal value of the model fit index in SEM.…”

Emptiness and the Eight Consciousnesses: Toward a Deeper Understanding of Intuitive Judgment

Chord: Thwarting Relay Attacks Among Near Field Communications