Skip to main content
SpringerLink
Log in

Securing NFC Mobile Services with Cloud of Secure Elements (CoSE)

  • Conference paper
Mobile Computing, Applications, and Services (MobiCASE 2013)

Abstract

The availability of NFC smartphones has facilitated the development of a large number of related applications. Some of these NFC applications necessitate communication with other systems, which may not necessarily be secure, through communication channels and mechanisms that may be open to vulnerabilities. Security is therefore paramount to the success of these NFC mobile services. While Peer-to-Peer (P2P) communication mode is common in mobile NFC applications, it is vulnerable to security-related issues that arise from the use of untrusted devices for storage and to process applications. We propose the concept of a Cloud of Secure Elements (CoSE) where the secure services are hosted by servers rather than by smartphone Secure Elements. We discuss the use of CoSE for mobile payments. We also illustrate how an NFC smartphone may be efficiently used as a bridge between an NFC reader and an Internet server of secure microcontroller that hosts EMV applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Jurgensen, T.M., et al.: Smart Cards: The Developer’s Toolkit. Prentice Hall PTR (2002) ISBN 0130937304

    Google Scholar 

  2. https://www.emvco.com/

  3. http://www.eurosmart.com/publications.html

  4. MasterCard® PayPassTM, M/Chip, Acquirer Implementation Requirements, v.1-A4 6/06

    Google Scholar 

  5. ISO/IEC 18092, Information technology - Telecommunications and information exchange between systems - Near Field Communication - Interface and Protocol (NFCIP-1) (April 2004)

    Google Scholar 

  6. Hancke, G.: A Practical Relay Attack on ISO 14443 Proximity Cards (January 2005)

    Google Scholar 

  7. Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Practical NFC peer-to-peer relay attack using mobile phones. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 35–49. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  8. Roland, M.: Applying recent secure element relay attack scenarios to the real world: Google Wallet Relay Attack, technical report (August 2012)

    Google Scholar 

  9. Reid, J., et al.: Detecting Relay Attacks with Timing-Based Protocols. In: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security (2007)

    Google Scholar 

  10. Sidén, J., Skerved, V., Gao, J., Forsström, S., Nilsson, H.-E., Kanter, T., Gulliksson, M.: Home Care with NFC Sensors and a Smart Phone. In: Proceedings of the 4th International Symposium on Applied Sciences in Biomedical and Communication Technologies (ISABEL), vol. 150, pp. 1–5 (2011)

    Google Scholar 

  11. Hancke, G.P., Opperman, C.: A Generic NFC-enabled Measurement System for Remote Monitoring and Control of Client-side Equipment. In: Proceedings of the Third IEEE International Workshop on Near Field Communication, pp. 44–49 (2011)

    Google Scholar 

  12. Morak, J., Kumpusch, H., Hayn, D., Modre-Osprian, R., Schreier, G.: Design and Evaluation of a Telemonitoring Concept Based on NFC-Enabled Mobile Phones and Sensor Devices. IEEE Transactions on Information Technology in Medicine 16(1), 17–23 (2012)

    Article  Google Scholar 

  13. González, G.R., Organero, M.M., Kloos, C.D.: Early Infrastructure of an Internet of Things in Spaces for Learning. In: Proceedings of the Eighth IEEE International Conference on Advanced Learning Technologies (ICALT), pp. 381–383 (2008)

    Google Scholar 

  14. Widmann, R., Gruenberger, S., Stadlmann, B., Langer, J.: System Integration of NFC Ticketing into an Existing Public Transport Infrastructure. In: Proceedings of the 4th International Workshop on Near Field Communication, pp. 13–18 (2012)

    Google Scholar 

  15. Chaumette, S., Dubernet, D., Ouoba, J., Siira, E., Tuikka, T.: Architecture and Comparison of Two Different User-Centric NFC-Enabled Event Ticketing Approaches. In: Balandin, S., Koucheryavy, Y., Hu, H. (eds.) NEW2AN 2011 and ruSMART 2011. LNCS, vol. 6869, pp. 165–177. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  16. Mainetti, L., Patrono, L., Vergallo, R.: IDA-Pay: An Innovative Micro-Payment System Based on NFC Technology for Android Mobile Devices. In: Proceedings of the 20th IEEE International Conference on Software, Telecommunications and Computer Networks (SoftCOM), pp. 1–6 (2012)

    Google Scholar 

  17. Monteiro, D.M., Rodrigues, J.J.P.C., Lloret, J., Sendra, S.: A Hybrid NFC–Bluetooth Secure Protocol for Credit Transfer among Mobile Phones. In: Security and Communication Networks (2013), doi:10.1002/sec.732

    Google Scholar 

  18. Urien, P., Piramuthu, S.: Framework and Authentication Protocols for Smartphone, NFC, and RFID in Retail Transactions. In: Proceedings of the 8th IEEE International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), pp. 77–82 (2013)

    Google Scholar 

  19. Urien, P., Piramuthu, S.: LLCPS and SISO: A TLS-Based Framework with RFID for NFC P2P Retail Transaction Processing. In: Proceedings of IEEE International Conference on RFID, pp. 152–159 (2013)

    Google Scholar 

  20. Miller, C.: Don’t Stand So Close to Me: An Analysis of the NFC Attack Surface (July 25, 2012), http://www.blackhat.com/usa/bh-us-12-briefings.html#miller

  21. Urien, P., Piramuthu, S.: Identity-Based Authentication to Address Relay Attacks in Temperature Sensor-enabled Smartcards. In: Proceedings of the European Conference on Smart Objects, Systems and Technologies (Smart SysTech), Erlangen/Nuremberg (2013)

    Google Scholar 

  22. Mulliner, C.: Vulnerability Analysis and Attacks on NFC-enabled Mobile Phones. In: Fourth International Conference on Availability, Reliability and Security (ARES), pp. 695–700 (2009)

    Google Scholar 

  23. Ries, U.: “Phishing via NFC,” The H Security (March 2, 2012), http://www.webcitation.org/6BzrM8Qmp

  24. Borgaonkar, R.: USSD/Android Dailer vulnerability (June 2012), http://www.webcitation.org/6DW71H3uK

  25. http://www.implementa.com/products/sim-array

  26. http://www.globalplatform.org/

  27. Lee, E.: NFC Hacking: The Easy Way, DEFCON 20 (July 2012)

    Google Scholar 

  28. ISO 7816, Cards Identification - Integrated Circuit Cards with Contacts

    Google Scholar 

  29. http://sourceforge.net/p/globalplatform/wiki/GPShell/

  30. Urien, P.: LLCPS: A New Security Framework Based on TLS For NFC P2P Applications in the Internet of Things, IEEE CCNC 2013 (January 2013)

    Google Scholar 

  31. Urien, P., Piramuthu, S.: Towards a Secure Cloud of Secure Elements Concepts and Experiments with NFC Mobiles. In Proceeding of the CTS 2013 Conference (May 2013)

    Google Scholar 

  32. AWS CloudHSM Getting Started Guide, Kindle Edition, Amazon WEB Services (2013)

    Google Scholar 

  33. SECFUNET, a research project funded by the European Commission’s Framework Programme 7 and CNPq, the Brazilian National Council for Technological and Scientific Development, http://www.secfunet.eu

  34. IETF Draft, Remote APDU Call Secure (RACS), draft-urien-core-racs-00 (August. 2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Telecom ParisTech, UMR 5141, 23 Avenue d’Italie, 75013, France

    Pascal Urien

  2. Information Systems and Operations Management, University of Florida, Gainesville, FL, 32611-7169, USA

    Selwyn Piramuthu

Authors
  1. Pascal Urien
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Selwyn Piramuthu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Télécom ParisTech Department, 75013, Paris, France

    Gérard Memmi

  2. ETH Zürich, 8092, Zürich, Switzerland

    Ulf Blanke

Rights and permissions

Reprints and permissions

Copyright information

© 2014 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Urien, P., Piramuthu, S. (2014). Securing NFC Mobile Services with Cloud of Secure Elements (CoSE). In: Memmi, G., Blanke, U. (eds) Mobile Computing, Applications, and Services. MobiCASE 2013. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 130. Springer, Cham. https://doi.org/10.1007/978-3-319-05452-0_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-05452-0_30

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-05451-3

  • Online ISBN: 978-3-319-05452-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation