Abstract
Near-field contactless payments using contactless cards or NFC devices are quickly becoming a quicker and more convenient alternative to conventional means of carrying out small value purchases. Along with their increased popularity, there are rising concerns regarding their security. Existing research has shown that certain attacks can be used successfully against contactless technology, but it is unclear how such attacks can be translated into a feasible and clear threat to a user’s privacy and financial security. Therefore there is a need for an evaluation to determine whether physical layer based attacks could be used by attackers to cause financial or anonymity loss to an individual. This dissertation presents the design and implementation of an inconspicuous, easily concealable and portable system that could be used to reliably eavesdrop contactless transactions. This includes guidelines on the effective and efficient design of eavesdropping antennas, including the use of large metallic structures already within the vicinity of such an attack, along with the assembly of a communications receiver consisting of readily available electronics with a moderate cost. Results are also presented in the form of a quantitative analysis of the enabling technology in terms of frame error rate dependence on eavesdropping distance and H-field strength using two antennas: a modified shopping trolley and a small loop antenna. The dissertation ends with a case study highlighting realistic security and privacy attack scenarios which could utilise the eavesdropping distances achieved during the quantitative analysis with the technology presented in this thesis.