Advertisement

Tagging

  • Michael RolandEmail author
Chapter
Part of the T-Labs Series in Telecommunication Services book series (TLABS)

Abstract

One of the major application scenarios of Near Field Communication (NFC) is tagging, where simply tapping an object with an NFC device immediately triggers an action. In the case of out-of-band pairing, for example, after scanning a connection handover tag with an NFC-enabled mobile phone, the phone immediately establishes a link based on the information retrieved from that tag. Similarly, a smart poster tag may convey an Internet address that is automatically opened in the mobile phone web browser, a telephone number that automatically initiates a phone call, or a ready-made SMS message that is automatically sent. This chapter assesses the security issues of tagging and proposes a solution based on digital signatures to overcome these issues. Moreover, it evaluates the NFC Forum’s digital signature specification for NFC Data Exchange Format (NDEF) data and reveals possible attack scenarios.

Keywords

Near Field Communication Uniform Resource Identifier Content Issuer Length Field Certificate Chain 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Cardolution: Electronic business card. http://www.cardolution.com/en/products/electronic-business-card/ (2012). Accessed Nov 2012
  2. 2.
    Chen, E.: NFC: short range, long potential. Assa Abloy FutureLab News. http://www.assaabloyfuturelab.com/FutureLab/Templates/Page2Cols____1905.aspx (2007)
  3. 3.
    Clark, S.: NFC Forum spec adds digital signatures to prevent tag tampering. Near Field Communications World. http://www.nfcworld.com/2010/02/11/32704/ (2010)
  4. 4.
    Davis, J.: Application Guidelines on Digital Signature Practices for Common Criteria Security. MSDN Magazine (2009)Google Scholar
  5. 5.
    Gladman, B., Ellison, C., Bohm, N.: Digital signatures, certificates and electronic commerce. http://jya.com/bg/digsig.pdf (1999)
  6. 6.
    ITU-T: X.509: Information technology—Open systems interconnection—The Directory: Public-key and attribute certificate frameworks (2008)Google Scholar
  7. 7.
    Java Community Process: JSR 257: Contactless Communication API. Version 1.1 (2009)Google Scholar
  8. 8.
    Langer, J., Roland, M.: Anwendungen und Technik von Near Field Communication (NFC). Springer, Berlin (2010)Google Scholar
  9. 9.
    Madlmayr, G., Langer, J., Kantner, C., Scharinger, J.: NFC devices: security and privacy. In: Proceedings of the Third International Conference on Availability, Reliability and Security (ARES ’08), pp. 642–647. IEEE, Barcelona, Spain (2008). doi: 10.1109/ARES.2008.105
  10. 10.
    Martin, K.M.: Everyday Cryptography: Fundamental Principles and Applications. Oxford University Press, Oxford (2012)Google Scholar
  11. 11.
    Mulliner, C.: Vulnerability analysis and attacks on NFC-enabled mobile phones. In: Proceedings of the International Conference on Availability, Reliability and Security (ARES ’09), pp. 695–700. IEEE, Fukuoka, Japan (2009). doi: 10.1109/ARES.2009.46
  12. 12.
    NFC Forum: NFC Data Exchange Format (NDEF). Technical specification, version 1.0 (2006)Google Scholar
  13. 13.
    NFC Forum: Signature Record Type Definition. Technical specification, version 1.0 (2010)Google Scholar
  14. 14.
    NFC Forum: Type 1 Tag Operation Specification. Technical specification, version 1.1 (2011)Google Scholar
  15. 15.
    NFC Forum: Type 2 Tag Operation Specification. Technical specification, version 1.1 (2011)Google Scholar
  16. 16.
    NFC Forum: Type 3 Tag Operation Specification. Technical specification, version 1.1 (2011)Google Scholar
  17. 17.
    NFC Forum: Type 4 Tag Operation Specification. Technical specification, version 2.0 (2011)Google Scholar
  18. 18.
    nfc.at: ÖBB Handy-Ticket. http://www.nfc.at/cms/front_content.php?idart=113 (2009). Accessed Nov 2009
  19. 19.
    nfc.at: Wiener Linien HANDY Fahrschein. http://www.nfc.at/cms/front_content.php?idart=114 (2009). Accessed Nov 2009
  20. 20.
    nfc.at: Zahlen am Selecta Automaten. http://www.nfc.at/cms/front_content.php?idart=37 (2009). Accessed Nov 2009
  21. 21.
    Plank, H., Kolberger, A.: NDEF - Signature PKI: Möglichkeiten für PKI-Infrastruktur. Projektarbeit, FH Oberösterreich, Fakultät Hagenberg, Studiengang Sichere Informationssysteme (2012)Google Scholar
  22. 22.
    Plank, H., Kolberger, A.: NDEF - Signature PKI: Verifizierungsprozesse. Projektarbeit, FH Oberösterreich, Fakultät Hagenberg, Studiengang Sichere Informationssysteme (2012)Google Scholar
  23. 23.
    Plank, H., Kolberger, A.: NDEF - Signature PKI: Zertifikatsklassen und Gültigkeitsdauer. Projektarbeit, FH Oberösterreich, Fakultät Hagenberg, Studiengang Sichere Informationssysteme (2012)Google Scholar
  24. 24.
    Reischl, G.: Visitenkarte 2.0 aus Österreich. futurezone.at Technology News. http://futurezone.at/b2b/2832-visitenkarte-2-0-aus-oesterreich.php (2011)
  25. 25.
    Roland, M.: Security and privacy issues of the signature RTD. Report to the NFC Forum security technical working group. http://www.mroland.at/fileadmin/mroland/papers/201202_SignatureRTD_Security_Issues.pdf (2012)
  26. 26.
    Roland, M., Langer, J.: Digital signature records for the NFC data exchange format. In: Proceedings of the Second International Workshop on Near Field Communication (NFC 2010), pp. 71–76. IEEE, Monaco (2010). doi: 10.1109/NFC.2010.10
  27. 27.
    Roland, M., Langer, J., Scharinger, J.: Security vulnerabilities of the NDEF signature record type. In: Proceedings of the Third International Workshop on Near Field Communication (NFC 2011), pp. 65–70. IEEE, Hagenberg, Austria (2011). doi: 10.1109/NFC.2011.9
  28. 28.
    Saeed, M.Q., Walter, C.D.: A record composition/decomposition attack on the NDEF signature record type definition. In: Proceedings of the International Conference for Internet Technology and Secured Transactions (ICITST 2011), pp. 283–287. IEEE, Abu Dhabi, UAE (2011)Google Scholar
  29. 29.
    Samsung Electronics: A NFC device and method for selectively securing records in a near field communication data exchange format message. Patent WO 2010/005228 A2 (2010)Google Scholar
  30. 30.
    Schaar, P.: Datenschutz im Internet: Die Grundlagen. Verlag C.H. Beck, München (2002)Google Scholar
  31. 31.
    Schneier, B.: Angewandte Kryptographie. Addison-Wesley, Bonn (1996)Google Scholar
  32. 32.
    Schoo, P., Paolucci, M.: Do you talk to each poster? Security and privacy for interactions with web service by means of contact free tag readings. In: Proceedings of the First International Workshop on Near Field Communication (NFC ’09), pp. 81–86. IEEE, Hagenberg, Austria (2009). doi: 10.1109/NFC.2009.20
  33. 33.
    Sony: MDR-1RBT Prestige-Kopfhörer. http://www.sony.at/product/hps-prestige-headband/mdr-1rbt/ (2012). Accessed Nov 2012
  34. 34.
    Tagstand: NFC Task Launcher. http://launcher.tagstand.com/ (2012). Accessed Nov 2012
  35. 35.
    TeliaSonera Sverige AB: TeliaSonera and Västtrafik tests new mobile technology in Gothenburg. Press release. http://www.teliasonera.com/press/pressreleases/item.page?prs.itemId=304418 (2007)
  36. 36.
    Transport for London: Smart posters show passengers the way. Press release. http://www.tfl.gov.uk/corporate/media/newscentre/archive/5832.aspx (2007)
  37. 37.
    Wölfl, T.: Formale Modellierung von Authentifizierungs- und Authorisierungsinfrastrukturen. Deutscher Universitäts-Verlag (2006)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.School of Informatics/Communications/MediaUniversity of Applied Sciences Upper AustriaHagenbergAustria

Personalised recommendations