Formal security analysis of near field communication using model checking

Near field communication (NFC) is a short-range wireless communication technology envisioned to support a large gamut of smart-device applications, such as payment and ticketing. Although two NFC devices need to be in close proximity to communicate (up to 10 cm), adversaries can use a fast and transparent communication channel to relay data and, thus, force an NFC link between two distant victims. Since relay attacks can bypass the NFC requirement for short-range communication cheaply and easily, it is important to evaluate the security of NFC applications. In this work, we present a general framework that exploits formal analysis and especially model checking as a means of verifying the resiliency of NFC protocol against relay attacks. Toward this goal, we built a continuous-time Markov chain (CTMC) model using the PRISM model checker. Firstly, we took into account NFC protocol parameters and, then, we enhanced our model with networking parameters, which include both mobile environment and security-aware characteristics. Combining NFC specifications with an adversary's characteristics, we produced the relay attack model, which is used for extracting our security analysis results. Through these results, we can explain how a relay attack could be prevented and discuss potential countermeasures.