Related Work

  • Michael RolandEmail author
Part of the T-Labs Series in Telecommunication Services book series (TLABS)


There have been several research activities focused on the security and privacy of Near Field Communication (NFC) and its underlying Radio Frequency Identification (RFID) technologies during the last couple of years. As a first step towards assessing the current status of NFC security and privacy, this chapter collects preceding research results and analyzes the issues and solutions identified in them.


Mobile Phone Near Field Communication Attack Scenario Uniform Resource Identifier Secure Element 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Allen, J., Umadas, R., Benninger, C.: Google Wallet PIN brute forcing. Intrepidus Group Insight. (2012)
  2. 2.
    Anderson, R.: Position statement in RFID S&P panel: RFID and the middleman. In: Financial Cryptography and Data Security. LNCS, vol. 4886/2007, pp. 46–49. Springer, Berlin (2007). doi: 10.1007/978-3-540-77366-5_6
  3. 3.
    Armando, A., Merlo, A., Migliardi, M., Verderame, L.: Would you mind forking this process? A denial of service attack on Android (and some countermeasures). In: Information Security and Privacy Research. IFIP AICT, vol. 376/2012, pp. 13–24. Springer, Heraklion (2012). doi: 10.1007/978-3-642-30436-1_2
  4. 4.
    Attard, A.: A novel card-present payment scheme using NFC technology. Technical Report MA-2012-07, Royal Holloway University of London, Department of Mathematics. (2012)
  5. 5.
    Avoine, G., Tchamkerten, A.: An efficient distance bounding RFID authentication protocol: balancing false-acceptance rate and memory requirement. In: Information Security. LNCS, vol. 5735/2009, pp. 250–261. Springer, Berlin (2009). doi: 10.1007/978-3-642-04474-8_21
  6. 6.
    Barbu, G., Giraud, C., Guerin, V.: Embedded eavesdropping on Java Card. In: Information Security and Privacy Research. IFIP AICT, vol. 376/2012, pp. 37–48. Springer, Heraklion (2012). doi: 10.1007/978-3-642-30436-1_4
  7. 7.
    Benninger, C.: Google Wallet—last four digits revealed to malware vulnerability. Intrepidus Group Insight. (2012)
  8. 8.
    Benninger, C.: Unlocking NFC deadbolts with Androids. Intrepidus Group Insight. (2012)
  9. 9.
    Benninger, C., Sobell, M.: Intro to Near Field Communication (NFC) mobile security. In: Presentation at ShmooCon 2012. Washington, DC, USA. (2012)
  10. 10.
    Benninger, C., Sobell, M.: NFC for free rides and rooms (on your phone). In: Presentation at EUSecWest 2012. Amsterdam, The Netherlands (2012)Google Scholar
  11. 11.
    Bond, M., Choudary, O., Murdoch, S.J., Skorobogatov, S., Anderson, R.: Chip and Skim: cloning EMV cards with the pre-play attack. Computing Research Repository (CoRR), arXiv:1209.2531 [cs.CY]. (2012)
  12. 12.
    Choudary, O., Stajano, F.: Make noise and whisper: a solution to relay attacks. In: Security Protocols XIX. LNCS, vol. 7114/2011, pp. 271–283. Springer, Berlin (2011). doi: 10.1007/978-3-642-25867-1_26
  13. 13.
    Clark, S.: NFC Forum spec adds digital signatures to prevent tag tampering. Near Field Communications World. (2010)
  14. 14.
    Conway, J.H.: On Numbers and Games. Academic Press, New York (1976)Google Scholar
  15. 15.
    Courtois, N.T.: The dark side of security by obscurity. Cryptology ePrint Archive, Report 2009/137. (2009)
  16. 16.
    Courtois, N.T., Nohl, K., O’Neil, S.: Algebraic attacks on the Crypto-1 stream cipher in MIFARE Classic and oyster cards. Cryptology ePrint Archive, Report 2008/166. (2008)
  17. 17.
    Davi, L., Dmitrienko, A., Sadeghi, A.R., Winandy, M.: Privilege escalation attacks on Android. In: Information Security. LNCS, vol. 6531/2011, pp. 346–360. Springer, Berlin (2011). doi: 10.1007/978-3-642-18178-8_30
  18. 18.
    Desmedt, Y., Goutier, C., Bengio, S.: Special uses and abuses of the Fiat-Shamir passport protocol (extended abstract). In: Advances in Cryptology—CRYPTO ’87. LNCS, vol. 293/2006, pp. 21–39. Springer, Berlin (1988). doi: 10.1007/3-540-48184-2_3
  19. 19.
    Dmitrienko, A., Sadeghi, A.R., Tamrakar, S., Wachsmann, C.: SmartTokens—delegable access control with NFC-enabled smartphones. Cryptology ePrint Archive, Report 2012/187. (2012)
  20. 20.
    Drimer, S., Murdoch, S.J.: Keep your enemies close: distance bounding against smartcard relay attacks. In: Proceedings of the 16th USENIX Security Symposium, pp. 87–102. USENIX, Boston, MA, USA (2007)Google Scholar
  21. 21.
    Ekberg, J.E., Asokan, N., Kostiainen, K., Rantala, A.: On-board credentials with open provisioning. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security (ASIACCS ’09), pp. 104–115. ACM, Sydney, Australia (2009). doi: 10.1145/1533057.1533074
  22. 22.
    Ekberg, J.E., Kylänpää, M.: Mobile Trusted Module (MTM)—an introduction. Technical Report NRC-TR-2007-015, Nokia Research Center. (2007)
  23. 23.
    EMVCo: EMV Contactless Specifications for Payment Systems—Book C-3: Kernel 3 Specification. Version 2.1 (2011)Google Scholar
  24. 24.
    EUROSMART: Common Criteria for Information Technology Security Evaluation—Protection Profile Smart Card IC with Multi-Application Secure Platform (PP/0010). Revision 2.0 (2000)Google Scholar
  25. 25.
    EUROSMART: Smartcard IC Platform Protection Profile (BSI-PP-0002). Revision 1.0 (2001)Google Scholar
  26. 26.
    Fannin, H.: Second major security flaw found in Google Wallet...rooted or not no one is safe. The Smartphone Champ. (2012)
  27. 27.
    Forristal, J.: Android fake ID vulnerability. Talk at BlackHat US. Las Vegas, NV, USA. (2014)
  28. 28.
    Francis, L., Hancke, G.P., Mayes, K.E., Markantonakis, K.: Potential misuse of NFC enabled mobile phones with embedded security elements as contactless attack platforms. In: Proceedings of the 1st International Workshop on RFID Security and Cryptography (RISC’09), pp. 1–8. IEEE, London, UK (2009). doi: 10.1109/ICITST.2009.5402513
  29. 29.
    Francis, L., Hancke, G.P., Mayes, K.E., Markantonakis, K.: On the security issues of NFC enabled mobile phones. Int. J. Internet Technol. Secured Trans. 2(3/4), 336–356 (2010). doi: 10.1504/IJITST.2010.037408 CrossRefGoogle Scholar
  30. 30.
    Francis, L., Hancke, G.P., Mayes, K.E., Markantonakis, K.: Practical NFC peer-to-peer relay attack using mobile phones. In: Radio Frequency Identification: Security and Privacy Issues. LNCS, vol. 6370/2010, pp. 35–49. Springer, Berlin (2010). doi: 10.1007/978-3-642-16822-2_4
  31. 31.
    Francis, L., Hancke, G.P., Mayes, K.E., Markantonakis, K.: Practical relay attack on contactless transactions by using NFC mobile phones. Cryptology ePrint Archive, Report 2011/618. (2011)
  32. 32.
    Garcia, F.D., de Koning Gans, G., Muijrers, R., van Rossum, R., Verdult, R., Wichers Schreur, R., Jacobs, B.: Dismantling MIFARE Classic. In: Computer Security—ESORICS 2008. LNCS, vol. 5283/2008, pp. 97–114. Springer, Berlin (2008). doi: 10.1007/978-3-540-88313-5_7
  33. 33.
    Garcia, F.D., de Koning Gans, G., Verdult, R.: Exposing iClass key diversification. In: Proceedings of the 5th USENIX Conference on Offensive Technologies (WOOT ’11). USENIX, San Francisco, CA, USA (2011)Google Scholar
  34. 34.
    Garcia, F.D., de Koning Gans, G., Verdult, R., Meriac, M.: Dismantling iClass and iClass elite. In: Computer Security—ESORICS 2012. LNCS, vol. 7459/2012, pp. 697–715. Springer, Berlin (2012). doi: 10.1007/978-3-642-33167-1_40
  35. 35.
    Garcia, F.D., van Rossum, P., Verdult, R., Wichers Schreur, R.: Wirelessly pickpocketing a Mifare Classic card. In: Proceedings of the 30th IEEE Symposium on Security and Privacy, pp. 3–15. IEEE, Oakland, CA, USA (2009). doi: 10.1109/SP.2009.6
  36. 36.
    Gowdiak, A.: Java 2 Micro Edition (J2ME) security vulnerabilities. In: Presentation at Hack in the Box Security Conference. Kuala Lumpur, Malaysia (2004)Google Scholar
  37. 37.
    GSMA: Mobile NFC technical guidelines, version 2.0. White paper (2007)Google Scholar
  38. 38.
    Hancke, G.P.: A practical relay attack on ISO 14443 proximity cards. (2005). Accessed Sept 2011
  39. 39.
    Hancke, G.P.: Practical attacks on proximity identification systems. In: Proceedings of the IEEE Symposium on Security and Privacy (S&P ’06), pp. 328–333. Oakland, CA, USA (2006). doi: 10.1109/SP.2006.30
  40. 40.
    Hancke, G.P.: Security of proximity identification systems. Technical Report UCAM-CL-TR-752, University of Cambridge, Computer Laboratory. (2009)
  41. 41.
    Hancke, G.P.: Design of a secure distance-bounding channel for RFID. J. Network Comput. Appl. 34(3), 877–887 (2011). doi: 10.1016/j.jnca.2010.04.014 CrossRefGoogle Scholar
  42. 42.
    Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm 2005), pp. 67–73. Athens, Greece (2005). doi: 10.1109/SECURECOMM.2005.56
  43. 43.
    Hancke, G.P., Kuhn, M.G.: Attacks on time-of-flight distance bounding channels. In: Proceedings of the First ACM Conference on Wireless Network Security (WiSec ’08), pp. 194–202. ACM, Alexandria, VA, USA (2008). doi: 10.1145/1352533.1352566
  44. 44.
    Hancke, G.P., Mayes, K.E., Markantonakis, K.: Confidence in smart token proximity: relay attacks revisited. Comput. Secur. 28(7), 615–627 (2009). doi: 10.1016/j.cose.2009.06.001 CrossRefGoogle Scholar
  45. 45.
    Haselsteiner, E., Breitfuß, K.: Security in Near Field Communication (NFC)—strengths and weaknesses. In: Workshop on RFID Security 2006 (RFIDsec 06). Graz, Austria. (2006)
  46. 46.
    Höbarth, S.: Android monkeys—get it, malware it, market it. In: Presentation at Hacking Night WS 2011. Hagenberg, Austria (2012)Google Scholar
  47. 47.
    Höbarth, S., Mayrhofer, R.: A framework for on-device privilege escalation exploit execution on Android. In: 3rd International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use. San Francisco, CA, USA. (2011)
  48. 48.
    Hoog, A.: Forensic security analysis of Google Wallet. viaForensics Mobile Security Blog. (2011)
  49. 49.
    Hu, Y.C., Perrig, A., Johnson, D.B.: Packet leashes: a defense against wormhole attacks in wireless ad hoc networks. Technical Report TR01-384, revised Sept 2002, Rice University, Department of Computer Science. (2001)
  50. 50.
    Hu, Y.C., Perrig, A., Johnson, D.B.: Wormhole attacks in wireless networks. IEEE J. Sel. Areas Commun. 24(2), 370–380 (2006). doi: 10.1109/JSAC.2005.861394 CrossRefGoogle Scholar
  51. 51.
    International Organization for Standardization: ISO/IEC 18092: Information technology—Telecommunications and information exchange between systems—Near Field Communication—Interface and Protocol (NFCIP-1) (2004)Google Scholar
  52. 52.
    International Organization for Standardization: ISO/IEC 13157: Information technology—Telecommunications and information exchange between systems—NFC Security (Parts 1–2) (2010)Google Scholar
  53. 53.
    Intrepidus Group: Remote enabling of verbose login can reveal last four digits of credit cards. Intrepidus Group Security Advisory. (2012)
  54. 54.
    ITU-T: X.509: Information technology—Open systems interconnection—The Directory: Public-key and attribute certificate frameworks (2008)Google Scholar
  55. 55.
    Jeon, W., Kim, J., Lee, Y., Won, D.: A practical analysis of smartphone security. In: Human Interface and the Management of Information. Interacting with Information. LNCS, vol. 6771/2011, pp. 311–320. Springer, Berlin (2011). doi: 10.1007/978-3-642-21793-7_35
  56. 56.
    Kfir, Z., Wool, A.: Picking virtual pockets using relay attacks on contactless smartcard. In: Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm 2005), pp. 47–58. IEEE, Athens, Greece (2005). doi: 10.1109/SECURECOMM.2005.32
  57. 57.
    Kilås, M.: nfcsigning—Java library for signing/validation of NDEF messages. (2012). Accessed Sept 2012
  58. 58.
    Kilås, M.: Digital Signatures on NFC Tags. Master’s thesis, Royal Institute of Technology (KTH), School of Information and Communication Technology, Stockholm, Sweden (2009)Google Scholar
  59. 59.
    Kim, C.H., Avoine, G.: RFID distance bounding protocol with mixed challenges to prevent relay attacks. In: Cryptology and Network Security. LNCS, vol. 5888/2009, pp. 119–133. Springer, Berlin (2009). doi: 10.1007/978-3-642-10433-6_9
  60. 60.
    Kim, C.H., Avoine, G., Koeune, F., Standaert, F.X., Pereira, O.: The Swiss-Knife RFID distance bounding protocol. In: Information Security and Cryptology—ICISC 2008. LNCS, vol. 5461/2009, pp. 98–115. Springer, Berlin (2009). doi: 10.1007/978-3-642-00730-9_7
  61. 61.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Advances in Cryptology—CRYPTO’ 99. LNCS, vol. 1666/1999, pp. 388–397. Springer, Berlin (1999). doi: 10.1007/3-540-48405-1_25
  62. 62.
    de Koning Gans, G., Hoepman, J.H., Garcia, F.D.: A practical attack on the MIFARE Classic. In: Proceedings of the 8th IFIP WG 8.8/11.2 International Conference on Smart Card Research and Advanced Applications (CARDIS). LNCS, vol. 5189/2008, pp. 267–282. Springer, London, UK (2008). doi: 10.1007/978-3-540-85893-5_20
  63. 63.
    Kooman, F.: Nokicert—Java X.509 certificate installation tool for Nokia phones. (2012). Accessed Sept 2012
  64. 64.
    Kooman, F.: Using Mobile Phones for Public Transport Payment. Master’s thesis, Radboud University Nijmegen, The Netherlands (2009)Google Scholar
  65. 65.
    Kostiainen, K.: On-board credentials: an open credential platform for mobile devices. Ph.D. thesis, Aalto University, School of Science, Department of Computer Science and Engineering (2012)Google Scholar
  66. 66.
    Kostiainen, K., Reshetova, E., Ekberg, J.E., Asokan, N.: Old, new, borrowed, blue—a perspective on the evolution of mobile platform security architectures. In: Proceedings of the First ACM Conference on Data and Application Security and Privacy (CODASPY ’11), pp. 13–24. ACM, Nuremberg, Germany (2011). doi: 10.1145/1943513.1943517
  67. 67.
    Langer, J., Roland, M.: Anwendungen und Technik von Near Field Communication (NFC). Springer, Berlin (2010)CrossRefGoogle Scholar
  68. 68.
    Madlmayr, G.: Eine mobile Service Architektur für ein sicheres NFC Ökosystem. Ph.D. thesis, Johannes Kepler Universität Linz, Institut für Computational Perception (2009)Google Scholar
  69. 69.
    Madlmayr, G., Langer, J., Kantner, C., Scharinger, J.: NFC devices: security and privacy. In: Proceedings of the Third International Conference on Availability, Reliability and Security (ARES ’08), pp. 642–647. IEEE, Barcelona, Spain (2008). doi: 10.1109/ARES.2008.105
  70. 70.
    McAfee Labs: McAfee threat report: third quarter 2011. (2011)
  71. 71.
    McAfee Labs: McAfee threat report: third quarter 2012. (2012)
  72. 72.
    Miller, C.: Don’t Stand So Close To Me: An Analysis of the NFC Attack Surface. Briefing at BlackHat USA, Las Vegas (2012)Google Scholar
  73. 73.
    Mulliner, C.: Attacking NFC mobile phones. In: Talk at 25th Chaos Communication Congress. Berlin, Germany. (2008)
  74. 74.
    Mulliner, C.: Vulnerability analysis and attacks on NFC-enabled mobile phones. In: Proceedings of the International Conference on Availability, Reliability and Security (ARES ’09), pp. 695–700. IEEE, Fukuoka, Japan (2009). doi: 10.1109/ARES.2009.46
  75. 75.
    Mulliner, C.: Hacking NFC and NDEF: why I go and look at it again. Talk at NinjaCon. Vienna, Austria. (2011)
  76. 76.
    Mulliner, C.: Binary instrumentation on Android. In: Talk at SummerCon. New York, NY, USA. (2012)
  77. 77.
    Murdoch, S.J., Drimer, S., Anderson, R., Bond, M.: Chip and PIN is broken. In: Proceedings of the IEEE Symposium on Security and Privacy (S&P), pp. 433–446. IEEE, Oakland, CA, USA (2010). doi: 10.1109/SP.2010.33
  78. 78.
    Nohl, K.: Cryptanalysis of Crypto-1. (2008)
  79. 79.
    Nohl, K., Evans, D., Starbug, Plötz, H.: Reverse-engineering a cryptographic RFID tag. In: USENIX Security Symposium. USENIX, San Jose, CA, USA (2008)Google Scholar
  80. 80.
    Nohl, K., Starbug, Plötz, H.: Mifare: little security, despite obscurity. In: Talk at 24th Chaos Communication Congress (24C3). Berlin, Germany (2007)Google Scholar
  81. 81.
    Oswald, D., Paar, C.: Breaking Mifare DESFire MF3ICD40: power analysis and templates in the real world. Cryptographic Hardware and Embedded Systems—CHES 2011. LNCS, vol. 6917/2011, pp. 207–222. Springer, Berlin (2011). doi: 10.1007/978-3-642-23951-9_14
  82. 82.
    Proxama: ARM ‘Click & Pay’: secure mobile wallet. In: Demo at Mobile World Congress 2012. Barcelona, Spain (2012)Google Scholar
  83. 83.
    Reid, J., Gonzalez Nieto, J.M., Tang, T., Senadji, B.: Detecting relay attacks with timing-based protocols. In: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, pp. 204–213. ACM, Singapore (2007). doi: 10.1145/1229285.1229314
  84. 84.
    Rosati, T.: Elliptic curve signatures and certificates for Near Field Communications. In: Presentation at NFC Congress 2011. Hagenberg, Austria (2011)Google Scholar
  85. 85.
    Rosati, T., Zaverucha, G.: Elliptic curve certificates and signatures for NFC signature records. NFC Forum member-contributed white paper, Research In Motion, Certicom Research. (2011)
  86. 86.
    Rubin, J.: Google Wallet security: about that rooted device requirement... zveloBLOG. (2012)
  87. 87.
    Rubin, J.: Google Wallet security: PIN exposure vulnerability. zveloBLOG. (2012)
  88. 88.
    Schoo, P., Paolucci, M.: Do you talk to each poster? Security and privacy for interactions with web service by means of contact free tag readings. In: Proceedings of the First International Workshop on Near Field Communication (NFC ’09), pp. 81–86. IEEE, Hagenberg, Austria (2009). doi: 10.1109/NFC.2009.20
  89. 89.
    Smart Card Alliance Contactless and Mobile Payments Council: Security of proximity mobile payments. White paper. (2009)
  90. 90.
    Sun Microsystems Inc.: Java Card\(^{\rm {TM}}\) System Protection Profile Collection. Revision 1.0b (2003)Google Scholar
  91. 91.
    Sun Microsystems Inc.: Java Card\(^{\rm {TM}}\) System Protection Profile—Open Configuration. Revision 2.6 (2010)Google Scholar
  92. 92.
    Teepe, W.: Making the best of Mifare Classic (Update). wouter/papers/2008-thebest-updated.pdf (2008)
  93. 93.
    Urien, P.: LLCPS. Internet Engineering Task Force, TLS Working Group. (2012)
  94. 94.
    Van Damme, G., Wouters, K.M., Karahan, H., Preneel, B.: Offline NFC payments with electronic vouchers. In: Proceedings of the 1st ACM Workshop on Networking, Systems, and Applications for Mobile Handhelds (MobiHeld ’09), pp. 25–30. ACM, Barcelona, Spain (2009). doi: 10.1145/1592606.1592613
  95. 95.
    Verdult, R., Kooman, F.: Practical attacks on NFC enabled cell phones. In: Proceedings of the Third International Workshop on Near Field Communication (NFC 2011), pp. 77–82. IEEE, Hagenberg, Austria (2011). doi: 10.1109/NFC.2011.16
  96. 96.
    Wu, J., Qi, L., Kumar, R.S.S., Kumar, N., Tague, P.: S-SPAN: secure smart posters in Android using NFC. In: Proceedings of the IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM 2012), pp. 1–3. IEEE, San Francisco, CA, USA (2012). doi: 10.1109/WoWMoM.2012.6263736
  97. 97.
    Zefferer, T.: Konzepte und Umsetzungen NFC-basierter Zahlungssysteme. A-SIT, Studie zur Technologiebeobachtung. (2012)
  98. 98.
    Zefferer, T.: Secure Elements am Beispiel Google Wallet. A-SIT, Studie zur Technologiebeobachtung. (2012)

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.School of Informatics/Communications/MediaUniversity of Applied Sciences Upper AustriaHagenbergAustria

Personalised recommendations