**Author details**

**Figure 13.** Delay distribution with our solution for the case without relay and in the case with a wired relay for differ‐

In the case of NFC use in smartphones for critical application, we can suppose that the tar‐ get (corresponding to the contactless card) uses active mode to answer to the initiator (the

Then, the target can modulate its signal by varying the instantaneous phase of the carrier signal. The phase modulation can be more complex for implementation but more accurate in terms of correlation. In fact, the signal received and recorded by the initiator must be in phase with the generated one. There are fewer problems with establishing times in antennas because there is no subcarrier, c.f. II.C.2. The obtained accuracy depends on the phase modulation but we can think that we can detect delays close to half of a carrier. Such improvements imply

The relay attack is an attack on physical layer which should be seriously considered be‐ cause it can be easily implemented and used in a lot of applications. Moreover, the in‐ creasingly use of NFC technology, especially in phone applications, opens new opportunities for intruders. Nowadays, contactless readers are unable to detect a relay. This attack does not modify the signal, nor disturb the transaction and induce delays close to a few periods of the signal carrier. Additionally, cryptography, which is the best

ent distance between antennas.

reader in our solution).

modifications of standards.

**4. Conclusion**

*3.5.3. Correlation on PM (Phase Modulation) signals*

82 Radio Frequency Identification from System to Applications

solution for most threats, cannot detect this attack.

Pierre-Henri Thevenon and Olivier Savry

Léti, Minatec, CEA Grenoble, France
