Advertisement

Introduction

  • Michael RolandEmail author
Chapter
Part of the T-Labs Series in Telecommunication Services book series (TLABS)

Abstract

This book aims for assessing the actual state of Near Field Communication (NFC) security, for discovering new attack scenarios and for providing concepts and solutions to overcome any identified unresolved issues. This chapter gives an overview of the motivation, the objectives, the approach, the contributions and the outline of this work.

Keywords

Mobile Phone Smart Phone Near Field Communication Attack Scenario Secure Element 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Anderson, R.: Position statement in RFID S&P panel: RFID and the middleman. In: Financial Cryptography and Data Security. LNCS, vol. 4886/2007, pp. 46–49. Springer, Berlin (2007). doi: 10.1007/978-3-540-77366-5_6
  2. 2.
    Berger, P.: RIM adds two more NFC BlackBerrys. Near Field Communications World. http://www.nfcworld.com/2011/11/21/311404/ (2011)
  3. 3.
    Clark, M.: Virgin mobile adds gWallet phone. Near Field Communications World. http://www.nfcworld.com/2012/05/11/315619/ (2012)
  4. 4.
    Clark, S.: NFC Forum spec adds digital signatures to prevent tag tampering. Near Field Communications World. http://www.nfcworld.com/2010/02/11/32704/ (2010)
  5. 5.
    Clark, S.: 630m NFC phones in 2015. Near Field Communications World. http://www.nfcworld.com/2011/09/30/310342/ (2011)
  6. 6.
    Clark, S.: Acer to include NFC in all its Android phones. Near Field Communications World. http://www.nfcworld.com/2011/11/08/311164/ (2011)
  7. 7.
    Clark, S.: Nokia unveils N9 NFC phone. Near Field Communications World. http://www.nfcworld.com/2011/06/21/38138/ (2011)
  8. 8.
    Clark, S.: RIM unveils BlackBerry Bold 9900 and 9930 NFC phones. Near Field Communications World. http://www.nfcworld.com/2011/05/02/37197/ (2011)
  9. 9.
    Clark, S.: Samsung and Google unveil Galaxy Nexus NFC phone. Near Field Communications World. http://www.nfcworld.com/2011/10/19/310772/ (2011)
  10. 10.
    Clark, S.: 200m NFC phones in 2012. Near Field Communications World. http://www.nfcworld.com/2012/01/25/312711/ (2012)
  11. 11.
    Clark, S.: Samsung Galaxy S III expands NFC P2P capabilities with S Beam for faster file transfers. Near Field Communications World. http://www.nfcworld.com/2012/05/04/315501/ (2012)
  12. 12.
    Davies, J.: Hands on: The Lumia 610, Nokia’s first Windows NFC phone. Near Field Communications World. http://www.nfcworld.com/2012/04/11/315025/ (2012)
  13. 13.
    Die Presse: Linzer Forscher löst Sicherheitsproblem für Google. DiePresse.com. http://diepresse.com/home/techscience/mobil/android/1304511/ (2012)
  14. 14.
    Epstein, Z.: Berg: Smartphone shipments grew 74 % in 2010. BGR. http://www.bgr.com/2011/03/10/berg-smartphone-shipments-grew-74-in-2010/ (2011)
  15. 15.
    European Payments Council (EPC) and GSMA: Mobile contactless payments service management roles requirements and specifications, version 2.0. Technical report EPC 220–08. http://www.gsma.com/mobilenfc/mobile-contactless-payments-service-management-roles-requirements-and-specifications-october-2010/ (2010)
  16. 16.
    Francis, L., Hancke, G.P., Mayes, K.E., Markantonakis, K.: Practical NFC peer-to-peer relay attack using mobile phones. In: Radio Frequency Identification: Security and Privacy Issues. LNCS, vol. 6370/2010, pp. 35–49. Springer, Berlin (2010). doi: 10.1007/978-3-642-16822-2_4
  17. 17.
    Francis, L., Hancke, G.P., Mayes, K.E., Markantonakis, K.: Practical relay attack on contactless transactions by using NFC mobile phones. Cryptology ePrint Archive, Report 2011/618. http://eprint.iacr.org/2011/618 (2011)
  18. 18.
    GlobalPlatform: GlobalPlatform’s Proposition for NFC Mobile: Secure Element Management and Messaging. White paper. http://www.globalplatform.org/documents/GlobalPlatform_NFC_Mobile_White_Paper.pdf (2009)
  19. 19.
    GlobalPlatform Mobile Task Force: Requirements for NFC mobile: management of multiple secure elements, version 1.0. Technical report GP\_REQ\_004. http://www.globalplatform.org/documents/whitepapers/GlobalPlatform_Requirements_Secure_Elements.pdf (2010)
  20. 20.
    Google: Google—Application Security—Hall of Fame—Honorable Mention. http://www.google.com/about/appsecurity/hall-of-fame/distinction/ (2014). Accessed Dec 2014
  21. 21.
    GSMA: Mobile NFC services, version 1.0. White paper (2007)Google Scholar
  22. 22.
    GSMA: Mobile NFC technical guidelines, version 2.0. White paper (2007)Google Scholar
  23. 23.
    GSMA: Pay-Buy-Mobile–Business opportunity analysis, version 1.0. White paper. http://www.gsma.com/mobilenfc/pay-buy-mobile-business-opportunity-analysis-november-2007/ (2007)
  24. 24.
    Habringer, A.: Drei Buchstaben beherrschen seine Welt. Oberösterreichische Nachrichten. http://www.nachrichten.at/oberoesterreich/art4,996318 (2012)
  25. 25.
    Hancke, G.P.: A practical relay attack on ISO 14443 proximity cards. http://www.rfidblog.org.uk/hancke-rfidrelay.pdf (2005). Accessed Sept 2011
  26. 26.
    Hancke, G.P., Mayes, K.E., Markantonakis, K.: Confidence in smart token proximity: relay attacks revisited. Comput. Secur. 28(7), 615–627 (2009). doi: 10.1016/j.cose.2009.06.001 CrossRefGoogle Scholar
  27. 27.
    Haselsteiner, E., Breitfuß, K.: Security in Near Field Communication (NFC)–strengths and weaknesses. In: Workshop on RFID Security 2006 (RFIDsec 06). Graz, Austria. http://events.iaik.tugraz.at/RFIDSec06/Program/papers/002%20-%20Security%20in%20NFC.pdf (2006)
  28. 28.
    Kfir, Z., Wool, A.: Picking virtual pockets using relay attacks on contactless smartcard. In: Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm 2005), pp. 47–58. IEEE, Athens, Greece (2005). doi: 10.1109/SECURECOMM.2005.32
  29. 29.
    Langer, J., Roland, M.: Anwendungen und Technik von Near Field Communication (NFC). Springer, Berlin Heidelberg (2010)CrossRefGoogle Scholar
  30. 30.
    Madlmayr, G.: A mobile trusted computing architecture for a Near Field Communication ecosystem. In: Proceedings of the 10th International Conference on Information Integration and Web-based Applications and Services (iiWAS2008), pp. 563–566. ACM, Linz, Austria (2008). doi: 10.1145/1497308.1497411
  31. 31.
    Madlmayr, G.: Eine mobile Service Architektur für ein sicheres NFC Ökosystem. Ph.D. thesis, Johannes Kepler Universität Linz, Institut für Computational Perception (2009)Google Scholar
  32. 32.
    Madlmayr, G., Dillinger, O., Langer, J., Scharinger, J.: Management of multiple cards in NFC-Devices. In: Smart card research and advanced applications. LNCS, vol. 5189/2008, pp. 149–161. Springer, London (2008). doi: 10.1007/978-3-540-85893-5_11
  33. 33.
    Madlmayr, G., Langer, J., Kantner, C., Scharinger, J.: NFC devices: security and privacy. In: Proceedings of the Third International Conference on Availability, Reliability and Security (ARES ’08), pp. 642–647. IEEE, Barcelona, Spain (2008). doi: 10.1109/ARES.2008.105
  34. 34.
    Madlmayr, G., Langer, J., Kantner, C., Scharinger, J., Schaumüller-Bichl, I.: Risk analysis of over-the-air transactions in an NFC ecosystem. In: Proceedings of the First International Workshop on Near Field Communication (NFC ’09), pp. 87–92. IEEE, Hagenberg, Austria (2009). doi: 10.1109/NFC.2009.17
  35. 35.
    Madlmayr, G., Langer, J., Scharinger, J.: Managing an NFC ecosystem. In: Proceedings of the 7th International Conference on Mobile Business (ICMB 2008), pp. 95–101. IEEE, Barcelona, Spain (2008). doi: 10.1109/ICMB.2008.30
  36. 36.
    Miller, C.: Don’t stand so close to me: an analysis of the NFC attack surface. Briefing at BlackHat USA. Las Vegas, NV, USA (2012)Google Scholar
  37. 37.
    Mobey Forum, Mobile Financial Services Ltd.: Mobile device security element: key findings from technical analysis version 1.0. White paper. http://www.mobeyforum.org/content/download/344/2168/file/mobey%20forum%20security%20element%20analysis%20summary%202005.pdf (2005)
  38. 38.
    Mulliner, C.: Vulnerability analysis and attacks on NFC-enabled mobile phones. In: Proceedings of the International Conference on Availability, Reliability and Security (ARES ’09), pp. 695–700. IEEE, Fukuoka, Japan (2009). doi: 10.1109/ARES.2009.46
  39. 39.
    Mulliner, C.: Hacking NFC and NDEF: why I go and look at it again. Talk at NinjaCon. Vienna, Austria. http://www.mulliner.org/nfc/feed/nfc_ndef_security_ninjacon_2011.pdf (2011)
  40. 40.
    NFC Forum: Essentials for successful NFC mobile ecosystems. White paper. http://www.nfc-forum.org/resources/white_papers/NFC_Forum_Mobile_NFC_Ecosystem_White_Paper.pdf (2008)
  41. 41.
    Nielsen: Generation app: 62 % of mobile users 25–34 own smartphones. Nielsenwire. http://blog.nielsen.com/nielsenwire/?p=29786 (2011)
  42. 42.
    ORF: Sicherheitslücke beim Bezahlen per Handy. ORF.at. http://ooe.orf.at/news/stories/2555729/ (2012)
  43. 43.
    Pumhösel, A.: Googles Geldtasche gehackt. derStandard.at. http://derstandard.at/1350260526386/Googles-Geldtasche-gehackt (2012)
  44. 44.
    Reveilhac, M., Pasquet, M.: Promising secure element alternatives for NFC technology. In: Proceedings of the First International Workshop on Near Field Communication (NFC ’09), pp. 75–80. IEEE, Hagenberg, Austria (2009). doi: 10.1109/NFC.2009.14
  45. 45.
    Roland, M.: Applying recent secure element relay attack scenarios to the real world: Google Wallet relay attack. Computing Research Repository (CoRR). arXiv:1209.0875 (cs.CR) (2012). http://arxiv.org/abs/1209.0875
  46. 46.
    Roland, M.: Security and privacy issues of the signature RTD. In: Report to the NFC Forum Security Technical Working Group. http://www.mroland.at/fileadmin/mroland/papers/201202_SignatureRTD_Security_Issues.pdf (2012)
  47. 47.
    Roland, M.: Software card emulation in NFC-enabled mobile phones: great advantage or security nightmare? In: 4th International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use. Newcastle, UK. http://www.medien.ifi.lmu.de/iwssi2012/papers/iwssi-spmu2012-roland.pdf (2012)
  48. 48.
    Roland, M., Langer, J.: Digital signature records for the NFC data exchange format. In: Proceedings of the Second International Workshop on Near Field Communication (NFC 2010), pp. 71–76. IEEE, Monaco (2010). doi: 10.1109/NFC.2010.10
  49. 49.
    Roland, M., Langer, J., Bogner, M., Wiesinger, F.: NFC im Automobil: Software bringt Ökonomie und braucht Sicherheit. In: Höfler, L., Kastner, J., Kern, T., Zauner, G. (eds.) Energieeffiziente Mobilität, Informations- und Kommunikationstechnologie, pp. 112–119. Shaker, Aachen (2010)Google Scholar
  50. 50.
    Roland, M., Langer, J., Scharinger, J.: Security vulnerabilities of the NDEF signature record type. In: Proceedings of the Third International Workshop on Near Field Communication (NFC 2011), pp. 65–70. IEEE, Hagenberg, Austria (2011). doi: 10.1109/NFC.2011.9
  51. 51.
    Roland, M., Langer, J., Scharinger, J.: Practical attack scenarios on secure element-enabled mobile devices. In: Proceedings of the Fourth International Workshop on Near Field Communication (NFC 2012), pp. 19–24. IEEE, Helsinki, Finland (2012). doi: 10.1109/NFC.2012.10
  52. 52.
    Roland, M., Langer, J., Scharinger, J.: Relay attacks on secure element-enabled mobile devices: virtual pickpocketing revisited. In: Information Security and Privacy Research, IFIP AICT, vol. 376/2012, pp. 1–12. Springer, Heraklion, Creete, Greece (2012). doi: 10.1007/978-3-642-30436-1_1
  53. 53.
    Roland, M., Langer, J., Scharinger, J.: Applying relay attacks to Google Wallet. In: Proceedings of the Fifth International Workshop on Near Field Communication (NFC 2013). IEEE, Zurich, Switzerland (2013). doi: 10.1109/NFC.2013.6482441
  54. 54.
    Rubin, A.: Introducing Nexus S with Gingerbread. Official Google Blog. http://googleblog.blogspot.com/2010/12/introducing-nexus-s-with-gingerbread.html (2010)
  55. 55.
    Schoo, P., Paolucci, M.: Do you talk to each poster? Security and privacy for interactions with web service by means of contact free tag readings. In: Proceedings of the First International Workshop on Near Field Communication (NFC ’09), pp. 81–86. IEEE, Hagenberg, Austria (2009). doi: 10.1109/NFC.2009.20
  56. 56.
    Smart Card Alliance Contactless Payments Council: Proximity mobile payments: leveraging NFC and the contactless financial payments infrastructure. White paper. http://www.smartcardalliance.org/resources/lib/Proximity_Mobile_Payments_200709.pdf (2007)
  57. 57.
    StoLPaN: Dynamic management of multi-application secure elements. White paper. http://www.nfc-forum.org/resources/white_papers/Stolpan_White_Paper_08.pdf (2008)
  58. 58.
    Verdult, R., Kooman, F.: Practical attacks on NFC enabled cell phones. In: Proceedings of the Third International Workshop on Near Field Communication (NFC 2011), pp. 77–82. IEEE, Hagenberg, Austria (2011). doi: 10.1109/NFC.2011.16
  59. 59.
    Wimmer, B.: Österreicher deckt NFC-Lücke bei Google auf. Futurezone.at Technology News. http://futurezone.at/science/oesterreicher-deckt-nfc-luecke-bei-google-auf/24.586.384 (2012)

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.School of Informatics/Communications/MediaUniversity of Applied Sciences Upper AustriaHagenbergAustria

Personalised recommendations