A Context Aware Security Model for Preventing Relay Attacks in NFC Enabled Mobile Devices

Cavdar D., Tomur E., Can A. B.

Tehnicki Vjesnik, cilt.32, sa.4, ss.1336-1346, 2025 (SCI-Expanded, Scopus) identifier identifier

  • Yayın Türü: Makale / Tam Makale
  • Cilt numarası: 32 Sayı: 4
  • Basım Tarihi: 2025
  • Doi Numarası: 10.17559/tv-20240708001835
  • Dergi Adı: Tehnicki Vjesnik
  • Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Aerospace Database, Communication Abstracts, Compendex, INSPEC, Metadex, Directory of Open Access Journals, Civil Engineering Abstracts
  • Sayfa Sayıları: ss.1336-1346
  • Anahtar Kelimeler: access control, authentication, context aware, mobile device, near field communication (NFC)
  • Orta Doğu Teknik Üniversitesi Adresli: Evet

Özet

Near Field Communication (NFC) is widely used in mobile applications, yet relay attacks remain a significant security risk, especially in access control systems. Existing countermeasures, such as distance bounding, ambient sensing, and RF fingerprinting, either lack adaptability or fail to provide comprehensive protection at the application layer. In this study, we propose M-CARBAC, a context-aware access control model designed to prevent relay attacks in NFC-enabled mobile devices. Unlike prior solutions, M-CARBAC integrates dynamic contextual verification, formal security definitions, and adaptive access control policies, ensuring that captured credentials remain invalid if relayed. A formal coverage analysis confirms that the model correctly evaluates all possible access requests. Performance tests conducted on an NFC-based access control testbed demonstrate that M-CARBAC effectively mitigates relay attacks while maintaining a reasonable computational overhead. Compared to existing solutions, our model offers a more robust and scalable approach for securing NFC transactions. These findings highlight M-CARBAC's potential for enhancing the security of mobile-based access control systems against evolving threats.